At the end of February, a new session of the Tech-Byte program, titled "Networking Attacks," was prepared and presented by our colleagues, George and Florin.
During the workshop, we learned more about networks and the OSI model, about types of network attacks as well as the different methods that can be used to repel them.
Given the current situation, more and more companies employ remote work; as a result, networks have become increasingly vulnerable to data theft and loss.
Your company's network is likely to be huge and sophisticated, with many linked endpoints. While this is beneficial to your business operations and makes your workflow more manageable, it also poses a security risk. The concern is that, because of the freedom of mobility inside your network, if a hostile entity obtains access, they are free to roam about and cause damage without you even knowing. Because of these network security vulnerabilities, your company may be extremely vulnerable to a data breach.
Thus, it is important to understand the security challenges, how potential attackers operate, and the characteristics that make a network vulnerable to attacks.
What is a network attack?
Unauthorized acts on digital assets within an organization's network are known as network attacks.
In-network attacks malicious code is used to alter computer code, logic, or data, resulting in destructive outcomes that might jeopardize information security.
What are the common types of network attacks?
- IP Spoofing
- DoS Attack and DDoS
- Man-in-the-middle attack
IP Spoofing
Spoofing is a common type of cyberattack in which hackers impersonate another device, client, or user, typically to obscure the attack source.
The disguise allows hackers to obtain access to systems to engage in harmful activities such as data interception or launch DDoS attacks to disrupt normal traffic.
Three types of spoofing attacks exist:
- DNS server spoofing: Alters a DNS server to point a domain name to a different IP address, usually with the intent of spreading a virus.
- ARP Spoofing: Connects hackers to an IP address through a spoofed address resolution protocol (ARP) message, usually to enable denial of service and man-in-the-middle attacks.
- IP spoofing: Disguises one IP address to gain access as a trusted system, usually to enable a DDoS attack or redirect communications.
How does IP spoofing work?
IP spoofing occurs when a hacker tampers with their packet to change their IP source address.
This alteration can go unreported if done correctly because it occurs before a hacker interacts with a controlled system or network.
Consider IP spoofing to be a sort of disguise since it allows hackers to impersonate someone else.
DoS Attack
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
DoS assaults frequently target high-profile corporations such as banks, commerce, and media companies, as well as government and trade organizations' web servers. A DDoS attack occurs when multiple systems launch DoS attacks on a single system.
There are two types of DoS attacks:
- Buffer overflow attacks: An attack type in which a memory buffer overflow can cause a machine to consume all available hard disk space, memory, or CPU time. This type of exploit frequently causes sluggishness, system crashes, or other damaging server behaviors, resulting in a denial-of-service attack.
- Flood attacks: A hostile actor can oversaturate server capacity by flooding a targeted server with an excessive volume of packets, resulting in denial-of-service. The attacking actor must have more available bandwidth than the victim for most DoS flood assaults to succeed.
How do DoS and DDoS work?
• Smurf attack - a previously exploited DoS attack in which a malicious actor uses the vulnerable network's broadcast address to transmit spoofed packets, flooding a targeted IP address.
• Ping flood - this simple denial-of-service attack is based on overwhelming a target with ICMP (ping) packets. By inundating a target with more pings than it can respond to efficiently, denial-of-service can occur. This method may also be used to conduct a distributed DDoS attack.
• Ping of Death - a ping of death attack, which is commonly confused with a ping flood attack, involves delivering a malformed packet to a targeted machine, causing harmful behavior such as system crashes.
Man-in-the-middle attack
A man-in-the-middle attack is a form of eavesdropping attack in which an attacker intercepts a conversation or data transfer in progress. The attackers pose as both genuine parties after placing themselves in the "middle" of the transfer. This allows an attacker to intercept data and information from both parties while also providing malicious links or other information to both legitimate participants in a way that may not be discovered until it is too late.
This form of assault is comparable to the game of telephone, in which one person's remarks are passed from one person to the next until they have altered by the time they reach the last person.
How does a Man-in-the-middle attack work?
Assume the Client wants to speak with the Server. Meanwhile, MITM wants to listen in on the dialogue and, if necessary, send a false message to Server. The client requests the server's public key. The attack can begin if the server sends his public key to the Client, but MITM can intercept it. MITM sends a fake message to the Client that looks to come from Server but contains MITM's public key.
The client encrypts his message using MITM's key and transmits it back to Server, assuming this public key to be Server's. MITM intercepts the message once again, decrypts it using his private key, perhaps modifies it if he wishes, then re-encrypts it with the public key he intercepted from Server while attempting to transmit it to the Client. The server believes the freshly enciphered message originated from the Client when he gets it.
How can you avoid network attacks?
1) Packet Filtering
Packet filtering is a firewall technique that monitors outgoing and incoming packets and allows them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols, and ports.
Packet filtering rule sets are defined by network layer firewalls, which provide very efficient security measures.
Static filtering is another name for packet filtering.
In most cases, packet filtering is an effective protection against attacks from computers outside of a local area network (LAN). Packet filtering is considered a standard and cost-effective method of security since most routing devices have incorporated filtering capabilities.
2) Authentication via Public Key Infrastructure
The use of a public and private key pair to authenticate people and devices is known as public key infrastructure (PKI). The private key can encrypt messages and authenticate the validity of a user/device, while the public key can decode them.
Importantly, these authentication techniques employ asymmetric encryption, which means that each key in a pair is distinct from the other. This strategy makes finding the private key extremely difficult for hackers and is very successful at blocking typical forms of attacks.
3) Upstream filtering
All traffic destined to the victim is diverted to pass through a "cleaning center" or a "scrubbing center" via various methods such as: changing the victim's IP address in the DNS system, tunneling methods (MPLS, SDN), proxies, and digital cross-connects, or even direct circuits, which separates "bad" traffic and only sends good legitimate traffic to the victim server.
Unless they are located within the same building as the "cleaning center" or "scrubbing center," the supplier will require central Internet access to handle this type of service.
4) VPN
A VPN links your PC, smartphone, or tablet to another computer (called a server) on the internet, allowing you to access the internet via that device’s Internet connection. So, if that server is in another region, it will look as if you are from that country, and you may be able to access things you wouldn't ordinarily be able to.
A reliable anti-attack option is a VPN subscription from a trusted VPN provider. A virtual tunnel protected by a cloud or on premise VPN server safeguards internet activities.
When workers work remotely, the tunnel keeps unauthorized people out and encrypts data. Business VPNs provide a dedicated IP address and dedicated server designed specifically for business users. Cybercriminals can't discover your network since your encrypted data is secured behind the VPN tunnel and you're utilizing the VPN IP address.
Conclusion
A company is continually at risk if it does not have adequate network security and disaster recovery policies and procedures.
That’s why network security is equally as important as computer security and message encryption.
Therefore, an effective network security strategy should be established with an understanding of security challenges, potential attackers, the required level of security, and the elements that make a network vulnerable to attack.
Do you want to discover how professional hackers conduct their attacks?
Netsim is a simulation game that teaches you the fundamentals of how computer networks work, with a focus on security.
In this simulator, you'll learn how to carry out these attacks and observe how they function.