GoCertify Logo
Today's Deal
Which IT career is right for you? Take the free career exploration quiz.
You are here:
/
Home
/
Articles About Certification
/
Common Network Attacks and How to Defend Against Them

Common Network Attacks and How to Defend Against Them

Burning keyboard security concept

A stable and secure IT infrastructure is one of the most important features for a successful business today. Of course, successful businesses make tempting targets for competitors and black hat hackers. Cyberattacks are evolving by the day. According to a new study by Juniper Research, the cost to businesses and governments worldwide of defending and cleaning up from data breaches is $455 billion (U.S.) annually, and expected to climb to $2.1 trillion (U.S.) over the next four years.

 

It's important to know how to classify and prevent cyberattacks. Below are some of the more common types and simple ways to stop them.

 

Reconnaissance attacks

This is most often the initial attack an infrastructure will encounter. Before attacking a network directly, hackers will try familiarize themselves with a network's characteristics and vulnerabilities.

 

Reconnaissance attacks are usually done using information gathering tools and techniques starting from the simple whois.com (to look up domain names and contact information) and nslookup (translates the domain name to its IP hosting address), to more functional tools such as nmap (port-scanning and analyzing machine fingerprints) and FOCA (a security audit tool that examines metadata from domains).

 

There are two subtypes of reconnaissance attacks — active and passive.

 

Passive reconnaissance is gathering information during normal interaction with a server. While browsing a webpage, for example. If you do a packet analysis on the data received, you can actually discover which web service software the server is using (apache or nginx).

 

Active reconnaissance is using a script, or software, to send a specially constructed packet with the purpose of receiving the response you need. Examples of these are the numerous port-scanning tools you can find on the internet, or simply build yourself.

 

Reconnaissance attacks are commonly used by penetration testers. This is a great way for companies concerned about network security to see just what they expose to the "enemy" and then to take further steps to protect their network infrastructure.

 

How to react:

Unfortunately, in an infrastructure that needs to be accessed by the outside world (the internet), the information gathering process cannot be limited completely, as its proper functioning requires some server-side data to be shared. There are, however, a couple of simple things you can do to defend yourself from the inevitable black hats:

� Use IPS/IDS in your network — they can detect the patterns and packets that port scanners use, and eventually block them and generate an alarm.

� Patch your servers to the most current version and get yourself informed about the latest exploits about the server operating systems you use.

 

Identity spoofing

These attacks occur when an attacker fakes their identity, or assumes another machine's identity.  A common example is the IP address spoofing attack — the sender alters the IP source field in the IP packet, so that it will not represent his own IP, but a randomly chosen one. Doing this, the hacker can provoke thousands of TCP acknowledgements to be redirected to an IP that did not send the SYN packet in the first place (DDoS), or simply to flood a network using random and invalid source addresses.

 

Another identity spoofing attack is the ARP spoofing — the attacker sends spoofed ARP packets with an IP address already in the network ( commonly the default gateway's address) and inserts his own MAC address, so all the traffic designated for that IP will instead go to the attacker's machine. This is also often referred to as a man-in-the-middle attack.

 

How to react:

� With an IP spoofing attack, where the network receive packets with random source addresses, we can enable the unicast reverse path forwarding (uRPF) strict mode mechanism on our routing devices. This enables the router to check if the source IP address is found in the routing table, in order to determine whether it is from the same interface we receive the packets from. If not, the packets will be dropped far before reaching key points in our network. The uRPF should be placed at the entrance to the company's network.

� A Statefull firewall can help us in case we receive multiple SYN-ACK packets from unknown destinations. By tracking the connection state of TCP sessions, it will drop everything that does not belong to an existing entry in the connections table. This defense should also be placed at the entrance of a company's network

� An IP source guard mechanism verifies that packets received on a port contain valid IP-MAC pairs. If a hacker tries to play the ARP spoofing or IP spoofing game, he will be blocked. An IP source guard should be placed in the LAN environment the attacker has accessed.

 

Packet sniffing and Man-in-the-middle attack

The name says it all. This is when an attacker succeeds in placing himself between communicating devices. Its main purpose is packet sniffing and stealing of sensitive data. An attack can be done on all of the OSI layers — someone can simply cut your UTP cable and plug himself between you and your ISP switch. Or somebody can fake being your wireless AP and default gateway, so all your data is sent to him first. If this happens in your corporate network, things can quickly become serious.

 

How to react:

� From the edge to the core, maintain strict control on who and what is plugged into your physical network. Also, implement mechanisms limiting network access to allow only recognized MAC addresses.

� Implement DHCP snooping. If someone unauthorized tries to send DHCP offers, this mechanism will prevent him of doing it.

� Secure your wireless network. Wireless networks are very vulnerable to both packet sniffing and man-in-the-middle. A strong authentication and encryption can prevent unauthorized actions.

 

Denial-of-Service (DoS) and Distributed (DDoS)

Computer tech support concept

This is the type of attack that severely affects a single or multiple service in a network. It can be directed to each device on a network, filling its bandwidth, memory and connections' capacity, making its CPU hit 100 percent and preventing its normal functionality. The most common targets usually are: the web service, as the company website is its face towards the internet world; or the DNS. Disrupting the DNS service causes loss of everything that uses domain name–to–IP resolving, including mail service and users or simply filling the bandwidth available.

 

How to react:

� Since every DoS attack has different characteristics, you first have to determine what service has been attacked and how.

� Try to do packet-filtering on your firewall, if the type of attack allows it.

� If suffering from bandwidth exhaustion, call your service provider and have them block all traffic towards the affected IP addresses.

 

Password-based attacks

The most common password-based attacks are the dictionary attack, using password dictionaries and brute force to guess and execute a valid login to a system.

 

How to react:

� Have a company-wide policy for strong passwords: more than 8 characters, mixing numbers, capital letters and special symbols.

� Change passwords on a regular basis. On most of the systems you can actually configure your password validity.

� Do not allow more than a given number of attempts per second and minute, and block accounts after several consecutive invalid attempts.

� Use password encryption and hashing.

 

Social engineering, phishing, Trojans, viruses

Last, but certainly not least, we come to probably the weakest point in any network: users. Hackers know this and are extremely creative in trying to trick users into providing sensitive information and login data. They can call on the phone, pretending they are calling from the bank and request credit cards numbers; spoof an e-mail from a colleague to request a password; or send the very well known �You have won� e-mails that contain malicious attachments. Probably 5,000 of your company's employees won't be caught by this trick — but it only takes one to infect the network.

 

How to react:

� Educate employees and colleagues about the security threats they'll encounter on the internet, and explain how hackers try to manipulate them to obtain confidential data. Then, provide regular trainings of both new and old employees.

 

MORE HISTORIC HACKS
Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
Historic Hacks 1990s-Part 1
Historic Hacks 1990s-Part 2
Historic Hacks 2000s-Part 1
Historic Hacks 2000s-Part 2
Historic Hacks 2010s-Part 1
Historic Hacks 2010s-Part 2
"Who Invented the Computer?" Articles
Want more insight into the history of the computer? Check out Calvin's other articles in this series:
WItC? Series Introduction
WItC? Charles Babbage
WItC? Ada Lovelace
WItC? Lord Kelvin
WItC? Differential Analyzer
WItC? Vannevar Bush
WItC? Alan Turing
WItC? Tommy Flowers
WItC? John Atanasoff
WItC? The ENIAC Six
WItC? Torpedo Data
WItC? Grandma COBOL
WItC? The Transistor
WItC? TRADIC
WItC? John Backus
WItC? SAGE
WItC? The PDQ Posse
WItC? Thomas Watson Jr.
WItC? SABRE
WItC? Ben Gurley
WItC? Spacewar!
WItC? Ivan Sutherland
WItC? John G. Kemeny
WItC? Joseph Weizenbaum
WItC? Star Trek
WItC? The Rise of ATMs
WItC? Mouse Men
WItC? HAL 9000
WItC? Douglas Engelbart
WItC? DARPA
WItC? ARPANET
WItC? Unix
WItC? Floppy Disks
WItC? Gary Starkweather
WItC? Microprocessors
WItC? Dennis Ritchie and C
WItC? Norman Abramson
WItC? Nolan Bushnell
WItC? Ralph Baer
WItC? Seymour Cray
WItC? The Altair 8800
WItC? Gary Thuerk
WItC? Print Magazines
WItC? Apple II
WItC? France Telecom
WItC? Dan Bricklin
WItC? The IBM 5150
"Work on Your Wellness" Articles
Want to improve your health and live a better life? Check out Reena's other articles in this series:
WOYW: Get Enough Sleep
WOYW: Exercise
WOYW: Eat Right
WOYW: Socializing
WOYW: What's Your Hobby?
WOYW: Take a Vacation
WOYW: Setting Boundaries
WOYW: Therapy & Counseling
WOYW: Social Media
WOYW: Screen Time
WOYW: Vitamins
WOYW: Community Service
WOYW: Continuing Education
WOYW: Organization
WOYW: Reading
WOYW: Setting Goals
WOYW: Mindfulness
WOYW: Work from Home
WOYW: Walking
About the Author
Privacy Policy Update
We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)
CompTIA IT Project Management - Project+ - Advance Your IT Career by adding IT project management skills to your resume - Learn More
What Others are Reading
Entry-Level Certified in Cybersecurity (CC) Credential Is Catching on Fast
Gigging for a Living: The Six Best Places to Look for Freelance IT Work
Work On Your Wellness: Setting Goals
Who Invented the Computer? Norman Abramson and ALOHAnet
The ChatGPT Gold Rush Is On: Training and Certificate Options Abound
More in 
Articles
Popular Quizzes
A+ Practice Quiz: 220-1102 Quiz 20
Microsoft Office Specialist Practice Quiz: Excel Expert Quiz 1
Microsoft Certified Practice Quiz: Windows Server Hybrid Administrator Associate (Core: AZ-800) Quiz 12
Linux+ Practice Quiz: XK0-005 Quiz 10
Tableau Quiz 1
More in 
Quizzes
Sign up for Certification Magazine's Newsletter...and receive a free subscription to the digital magazine.
Advertise
|
Contact Us
|
Terms
|
Privacy

Copyright © 2023 TestOut Corp. Copyright © CompTIA, Inc. All Rights Reserved.
Use of this web site constitutes acceptance of the GoCertify Terms of Use and Privacy Policy.