Types of Attack

Introduction

Without security measures and protocols that have been set in place, certain data can be exposed to attack. Certain attacks are “passive”, which translates to the data being observed; other attacks can be active, implying that the data is changed with the intention of corrupting or destroying the information or actual network itself.

Every network is vulnerable to any of the listed forms of attacks if the correct security procedures and defenses have not been put into place. Eavesdropping Typically, nearly all of network communications take place in an unsecured or "clear text" configuration, this means it’s possible for an attacker who has gotten through certain defense measures and has access to the network to “data paths” in the network to "listen in" or decipher (or in other words “read”) the information/traffic. When this happens and an attacker is spying/listening in on certain communications, it is often called snooping/ sniffing.

The threat of an attacker eavesdropping to observe a network is regarded as one of the main security problems that administrators are challenged with in a company/business. Without reliable encryption services mainly based on cryptography, company/business information can be intercepted and interpreted by other users such as attackers whilst it goes around the network.

Types of attacks

Data Modification

After an attacker has interpreted and intercepted any information, the next stage would be to modify it. An attacker can alter the intercepted information in the data packet without the sender or receiver even knowing about it. Even if confidentiality is not required for all communication between users, any enterprise would not want any of their employee’s communications to be altered in transit. For example, if a company is switching purchase requests, neither of the companies would want any of the data which could include number of items, billing information, amounts or other data to be altered by an attacker.

Identity Spoofing (IP Address Spoofing)

The majority of networks and OS’s utilize the IP address of a device to identify a valid entity. In some scenarios, it is feasible for an IP address to be falsely assumed – this is what is known as “identity spoofing”. An attacker could also utilize exclusive programs/applications which sole purpose is to create IP packets that seem to derive from valid addresses inside a corporate/business intranet.

When an attacker has gained access to a network with a legitimate IP address (constructed from special software/applications), they can alter, delete or reroute information. The attacker can also direct other sorts of attacks from this list alongside Spoofing.

Password-Based Attacks

A very common feature to most OS and network security plans is password-based access control. Meaning a user’s access rights to a device and resources on the network is limited to each user, meaning the user name and password used to log on.

Older applications don’t always guard identity data as it is transmitted around the network for authentication. This could allow an attacker/eavesdropper to gain unlawful access to a network by impersonating a valid user.

When an attacker obtains a valid account, they then have the same privileges as the user they are impersonating. Consequently, if the users account that they have got access to happen to be an admin with administrator level privileges, the attacker is also able to create accounts that he/she could utilize at a different time.

If an attacker is able to gain access to a network even through a normal user account without admin rights then they are able to perform the following:

1. Attain lists of authorized users and device names along with network information.
2. Change, reroute, or delete user data.
3. Is able to alter server and network settings, such as access controls and routing tables.

Denial-of-Service Attack

A denial-of-service attack stops valid users from utilizing any device or network of which users would normally be able to access.

If an attacker is able to gain access to a network, they can perform any of the following;

1. Is able to randomize the attention of internal Information Systems staff so that staff will not be aware of the intrusion instantly, thus further a allowing more attacks to take place during this confusion which can cause chaos internally for a company being targeted.
2. Forward void information to network services or applications, which in turn triggers irregular termination or performance of targeted services or applications.
3. Bombard a complete network or device with traffic until it causes the targeted device or network to trigger a shutdown due to the surplus of traffic.
4. Hinder traffic flow, which in turn causes access to network resources to be completely blocked even by authorized users.

Man-in-the-Middle Attack

A man-in-the-middle attack transpires when a person between two users who are communicating is vigorously monitoring, seizing, and managing the communication without either of the two individuals communicating knowing that their information is being intercepted. When computers are exchanging information at low levels of the network layer, it can be difficult to determine who they are actually exchanging data with.

Man-in-the-middle attacks can be thought as somebody impersonating you and your identity so that they are able to read your message. The person who the attacker is communication with, whilst impersonating another user, may believe the attacker is genuinely someone else as the attacker could be actively replying whilst impersonating as someone else in order to ensure that the exchange continues so that they may be able to ascertain more information.

Compromised-Key Attack

A key is a secret number or code required to decode secured/encrypted data. Whilst getting hold of a key is a challenging and uses a lot of resources from an attacker’s point of view, it is still achievable. After an attacker has got a key, it is then known as a “compromised key”.

An attacker can then use the compromised key to unlawfully gain access to a secured communication without either the sender or receiver knowing their communication is under attack. A compromised key also allows an attacker to decrypt or modify data, and attempt to utilize the key to compute more keys, potentially allowing the attacker to access other secured communications.

Sniffer Attack

A “sniffer” is a device or application that can interpreted, monitor, and apprehend network information exchanges and read network packets. If network packets are not encrypted, the sniffer application/device offers a full view of the information inside the data packet. Encapsulated packets are not immune to this type of attack and can be cracked and read unless they are encrypted and the attacker hasn’t got access to the key.

If an attacker is using a sniffer then they are able to perform any of the following actions:

1. Examine a network and acquire data to eventually cause the network to crash or ultimately become corrupted.
2. If an attacker is using a sniffer then they are also capable of reading user’s communications.

Application-Layer Attack

This form of attack targets application servers by intentionally instigating an error in a server's OS or applications. This consequently provides the attacker with the ability to bypass normal access controls. Thus, meaning that the attacker exploits the situation, acquiring control of the system, application or network, and is capable of performing any of the following: Alter, add, Read or delete company/enterprise data or operating system. Introduce a virus program that utilizes company devices and software applications to duplicate viruses throughout the network.

Introduce a sniffer program to analyze the network and gather valuable data that could ultimately be utilized to corrupt or crash any systems and the entire network. Irregularly close operating systems or data applications. Deactivate additional security protocols to allow attacks in the future.