Network Security tutorials

  • Network security involves securing the network from external and internal threats. External threats are threats external to the company or network. Internal threats are threats that originate from within the company network and might be inten­tional or unintentional.

  • Network security involves finding a balance between open and evolving networks and protecting company and private data.


Classes of Attacks

  • The following five classes of network attacks exist:

  • Passive: Attacks that include capturing and monitoring unprotected communication and capturing passwords. The attacker gains access to information or data without the consent or knowledge of users.

  • Active: Attacks that actively try to break or bypass security devices, introduce malicious code, and steal and modify data.

  • Close-in: Attacks attempted by an individual in close physical proximity to networks or facilities, with the intent of gathering or changing data.

  • Insider: Attacks that occur from authorized users inside a network. It can be either malicious or non-malicious.

  • Distribution: Attacks that focus on malicious changes to hardware or software at the factory or during distribution to introduce malicious code to unsuspecting users.


Access Attacks

  • Access attacks exploit known web services, databases, operating systems, and authentication services. The five types of access attacks are as follows:

  • Password attacks: Attacks that try to compromise passwords. These include brute-force attacks, Trojan horse programs, IP spoofing, and packet sniffers. Mitigation of these attacks includes disabling accounts after a specific number of unsuccessful login attempts, having complex password requirements, and not using plain-text passwords.

  • Trust exploitation: Attacks that occur when a trusted source on a network takes advantage of its trust. For example, if a trusted system on a network is compromised, it can lead to other systems being compromised on the same network.

  • Port redirection: Attacks that use a compromised host to pass traffic through a firewall that would otherwise be dropped.

  • Man-in-the-middle attacks: Attacks that occur when an attacker, using sniffers, captures and modifies information as it is transmitted from one network to another. These attacks require access to the network media or devices between the source and destination.

  • Buffer overflow: These attacks exploit programming errors that can result in a memory-access exception and program termination or a breach of system security.

  • Application Layer Attacks

  • Application layer attacks try to exploit well-known vulnerabilities and passwords. They have the following characteristics:

  • Exploiting well-known weaknesses in software found on servers such as send mail, HTTP, and FTP to gain elevated access rights to the computer running the software.

  • Trojan horse: programs that monitor login attempts and capture account information. These programs then send the information to the attacker.

  • Password stealing: by prompting the user to enter the system password to gain access to the user's system or accounts.

  • Java and ActiveX: attacks that pass malicious programs to users through a web browser. Application Layer Attacks and Mitigation several ways to mitigate application layer attacks are as follows: