Premium Essay

Network Eavesdropping

In:

Submitted By Undertow
Words 387
Pages 2
Network Eavesdropping
Description
Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information.
The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling.
Depending on the network context, for the sniffing to be the effective, some conditions must be met:
• LAN environment with HUBs
This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met.
• LAN environment with switches
To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port, a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch is necessary. To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack. In this attack, the evil system acts like a router between the victim’s communication, making it possible to sniff the exchanged packets.
• WAN environment
In this case, to make a network sniff it's necessary that the evil system becomes a router between the client server communications. One way to implement this exploit is with a DNS spoof attack to the client system.
Network Eavesdropping is a passive attack which is very difficult to discover. It could be identified by the effect of the

Similar Documents

Premium Essay

Eavesdropping Detection

...by local state and federal law enforcement. With the way that technology has continued to evolve, listening in on someone’s privacy has become easier than ever. There are digital eavesdropping devices that are no bigger than an AA battery and can record over thousands of hours of your private conversations. Also, in some cases, can even be used to record land line telephones and can even eavesdrop on cell phones. The need for a bulky cassette recorder is history. These new digital audio recording and eavesdropping devices are small, sleek, covert, and can be hidden almost anywhere. You never know who could be listening in on your conversations or activities, or how easy it can be for the eavesdropper to record everything you say and do. With these devices in play, electronic harassment has been taken to a whole new level. If you are a spouse going through a messy divorce, it would only be too simple for your soon to be ex-spouse to hide one of these covert devices in your home to pick up any indiscretions that could be used against you. Your spouse could easily gather evidence against you that would have otherwise been left out of the case entirely. Or what if you are a high powered business executive? One of your rival companies could plant a digital eavesdropping device in your office to gather all of your trade secrets, financial plans, and business strategies. Suddenly, your rival company is applying your business strategy to their base and earning what...

Words: 646 - Pages: 3

Premium Essay

Malicious Attacks and Threats

...Malicious Attacks and Threats Malicious Attacks and Threats As the lead Information Systems Security Engineer it is my job to ensure that the ongoing threat of malicious attacks and vulnerabilities to the organizations computer network are kept to a minimum so that highly sensitive data will continue to remain protected. However, recent reports from the CIO suggest that there has been a small amount of malicious activity reported on the network. The CIO is requesting I look into the current network infrastructure and make necessary changes to the network so that the system remains free from the threat and vulnerability of future malicious activity that would impact the organizations network. Attacks on computer systems and networks occur by the billions every year and are on a dramatic increase. Many organizations have invested vast amounts of money in computer networks, only to find out that although it is providing means of improving the efficiency and productivity of the organization it also exposes the organization to possible malicious attacks and threats. Such attacks have been the most challenging issue for a majority of Information System Security Engineers where they utilize the necessary resources to protect the network from these vulnerabilities. The greatest overall threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or goal is generally...

Words: 1172 - Pages: 5

Premium Essay

Case Study - Securing the Network

...Case Study Strayer University SEC 305 It is vital to ensure the safety of a central computer system that is accessed by multiple branches, staff members and remote users. The diversity of an enterprise environment dictates the need to consider multiple aspects when planning for access. Normally, an internal LAN is considered a secure network. Due to its broadcast nature, wireless communications are not considered as secure. Such networks are vulnerable to eavesdropping, rogue access points, and other cracking methods. For remote access, VPN solutions such as dial-up, IPSec VPN, and SSL VPN are commonly used and any access to data center devices must be protected and secured. In the data center, access lists are used to prevent unauthorized access, and reverse-proxy servers use authentication mechanisms to provide a higher degree of security for applications. The need for security is constantly evolving. Maintaining individual security methods for each access scenario can be expensive. There are better alternatives for securing enterprise access. Some that is cost-effective, easy to manage and secure, while addressing performance and scalability requirements. Basic security requirements consist of: • Verification of user credentials and services to define user access. • Client integrity checks that consists of endpoint security verification and of redirecting users to predefined subnets to download compliant anti-virus software...

Words: 612 - Pages: 3

Premium Essay

Computer

...in researching   1) Developing a search strategy showed me how to organize my material and stay on topic. It also introduce me to key concepts which I have been using in my classes when studying and taking notes. Ironically I found using this method at work as well. Recently I found a solution to an ongoing network problem and my manager approached me asking me to fully research the resolution draft an email and send it out to the entire team.By using the search strategy I was able to gather the correct information that was needed to draft the email and send it to my team. 2)The Boolean operator AND OR NOT stuck in my head the most. I learned that this method is the main component to an effective statement and to broaden or narrow your search. When I use to search google without using the Boolean operator I always wondered why the search engine always gave me along list of searchs that didnt really relate to what I was looking up. By using this method I was able to get the exact results that I wanted and as I mention above this method was also used when I did my initial search statement for the email I sent to my colleagues on how to properly resolve the network issue. 3)Lastly the most important component of a research project is to cite the resources appropiately. In this course i was introduce to several styles of citing. There are different citing styles for different  documentation styles. I had to go back and really study this method thoroughly as suggested by...

Words: 337 - Pages: 2

Free Essay

There After

...How would one counter an active attack? b) Give examples of two possible scenarios when one cannot be absolutely certain that an adversary is launching a modification-of-message attack or denial-of-service attack, even when the proper security protections are in place. Explain your answer. c) How could traffic analysis jeopardize security? Give an example to illustrate your answer. Question 2 (a) Is it likely to achieve perfect security for a network (i.e. to have a network that will never fail in terms of security) in the real business world? Give three possible reasons to substantiate your answer. (b) The computing speed is much faster these days compared to that some years back. On the other hand, old algorithms and systems are still in use. Give three reasons to explain this situation. Question 3 a) (i) Explain Security Services and Security Mechanisms. (ii) Suppose the main threat of a network is replay attack. Does the use of confidentiality services protect the network against such attack? Explain your answer. (iii) Is it always the case that only one mechanism can be used to achieve the provision of a particular service? Give an example to illustrate and explain the answer. (b) Explain how the following services ensure security of the systems or of data transfers and give possible example or scenario for each: i) Message authentication ii) Non- repudiation iii) Confidentiality ...

Words: 284 - Pages: 2

Premium Essay

Harriet's Chocolate Factory

...Case Study 1: Harriet’s Fruit and Chocolate Company Daniel Michovich Dr. Otto CIS532: Network Architecture and Analysis January 26, 2013 Mission Statement: Striving to be number one fruit and chocolate industry area wide. Introduction “Harriet’s Fruit and Chocolate Company was established in 1935 in the Pacific Northwest of the United States to ship gift baskets of locally grown peaches and pears to customers in the United States (Oppenheimer, 2011)” In regards to the physical infrastructure of Harriet’s Fruit and Chocolate Company, my investigation will reveal many important aspects to aid in the planning of the network design. First, I will determine the number of buildings to be used, as well as the distance between them and what equipment they will contain such as wiring closets or computer rooms and the current network devices. Determining the distance will help in the cabling design and wiring as well as the selection of technologies and devices to meet the design goals. My investigation will further reveal any architectural or environmental constraints, such as tall trees within the path that power lines may travel, that will assist in decisions such as whether wireless technologies are feasible as well as if there are any impediments to communications or installation, to include all hazards. Infrastructure architecture consists of the hardware, software, and telecommunications equipment that, when...

Words: 1326 - Pages: 6

Free Essay

Ecss Practice Exams

...| | |The most damaging of the denial of service attacks can be a _______________ attacks, where an attacker uses zombie software distributed | |over several machines | | | | | |[pic] | |Bot | | | | | |[pic] | |Distributed denial of service ...

Words: 2882 - Pages: 12

Premium Essay

Ipremier Case Study

...customer an opportunity to decide if they want the products or not. iPremier Company iPremier is one of the top retail business that sell the luxury items, profiting $2.1 million on sales $32millions in 2006. Since then sale has grown over 20% annually. There was a decrease, but everything works itself out. Upper management describes working at iPremier as intense. .Qdata is the company that host iPremier computer equipment and provided connectivity to the internet (Austin and Murray, 2007). Although Qdata offers monitoring of website for customer and network operation, they had not invested in advanced technology and was not able to keep staff. During 75-minute attack how well did they iPremier perform. What would you have done differently if you was Bob Turley Bob Turley is new Chief Information Officer and is currently in New York on business. AT 4.31 am he received a call, from the network been hack and wired email received with just the word “Ha”. The site was a DoS attack coming from about 30 locations, the purpose of the attack was an attempt to make the computer unavailable. iPremier was not ready for such an attached and didn’t have anything in order which would help them with such an attacked. The situation was poorly handled, and Bob did not contact anyone higher up to let them know what was going on. He didn’t know who to contact, whether to call police or FBI or who to contact at...

Words: 967 - Pages: 4

Free Essay

Trending & Aggregation

... | |*Document Date: |[2013-05-20] | | T&A Handbook [pic] Update Notes |Date |Version |Description |Author | |2013-05-20 |V1 |T&A Handbook |Elham Kalantari | Contents 1 Introduction 3 2 T&A Interfaces 3 2-1 Source Availability 3 2-2 Dashboards 4 2-2-1 General Information 4 2-2-2 Over Time Mode 5 2-2-3 Over Network Elements Mode 9 2-2-4 Dashboards Contextual Menu 9 3 Examples 10 Introduction This document will guide you through the Trending&Aggregation (T&A) user interfaces. Some examples are available at the end. T& A Interfaces 2-1 Source Availability [pic] : This icon allows the visualization of source file availability. By clicking on it, below window appears. [pic] :...

Words: 1080 - Pages: 5

Premium Essay

Computer

...afford to spend and if anyone is technical in the company or are they going to need some outside help to keep up maintenance after the system is in place. (this can add to the cost of the system) My next step would be to start asking some questions about the law firm. I would like to know what the law firm is in charge of doing. Criminal, civil, family or so on; I think this would give me a better understanding of some of the information I may be working with along the way. As a law firm I am sure they spend a lot of time in the courtrooms and in their home offices so other questions I would ask is if they have cell phones and laptops that will need to access information on the network; this will help in a couple of areas, firstly in deciding if we should consider cloud computing or a private network and secondly, how to set up files access and permissions by departments and depending on size of company, maybe servers. Being a law firm a big consideration would have to be security of the information they access and ways of accessing this information. I would like to talk with the employees also, just to get an idea...

Words: 500 - Pages: 2

Free Essay

Paper

...Ruben Quinones IT245 - Introduction to Network Management Colorado Technical University Online Professor: Dr. Shawn P. Murray Phase 1 Individual Project Due January 13, 2013 Table of Contents Section 1: Target Organization - Identifying the Network 3 Section 2: Diagramming the Network - Network Architecture 4 Section 3: Network Models 5 Section 4: Network Protocols and Agents 6 Section 5: Network Security 7 Section 6: Network Management 8 References 9 Section 1: Target Organization - Identifying the Network * My organization is located in Pompano Beach, FL with a secondary warehouse location at Sunrise, FL. The company employs around 1,400 to 1,500 employees which 300-400 are computer and mobile device network user. * All of our users must use password protected sign on to access the network which gives access to our main software systems. * The company uses to Dell servers, one for back up and one for daily accessing. * The IT department consists of 5 employees; * IT manager – Supervises all IT technicians and Help desk operators. * Network I technician – overviews and maintains network protocols, ensures regular server maintenance is executed. * Network II Technician – gives back up to Network I and provides different analytical services to users. * Help desk technicians I and II – Executes more regular tasks, such as user maintenance, printer set up, workstation access and set up, and mobile devices...

Words: 269 - Pages: 2

Premium Essay

Case 2.1 Server Downtime

...TO: FROM: DATE: February 15, SUBJECT: Server Downtime Problem Statement: This report contains my findings and recommendations as a result of my research. This is a look into the server downtime and problems with the primary network servers here at Widget Company. First we will be looking into the numbers and statistical results I have found. Statistical Results: Based on the data I was given during the month of April the network experienced 5 different problems, they are lockups, memory errors, weekly virus scan, slow startup, and manual restart. The results of these issues are. 22 times the server was down 735 Minutes of total time server was down * * Of those 22 times the server was down the breakdown of how frequently each one occurred is as follows. * * * * This shows that memory errors were the most frequent reason the server was down. Memory errors were also responsible for the most time at 34% or 250 Minutes. What is interesting is that while there were only 4 times the server was down for its weekly virus scan it was responsible for about 33% or 240 minutes of the server downtime. * * * * Aside for the 4 planned weekly virus scans of 60 minutes each. The server was down 18 times for 495 Minutes. Memory errors contributed to over half of this downtime. Next we will take a look at my recommendations based on the data. * * Conclusion * * The server was down for a total of 735 Minutes during...

Words: 323 - Pages: 2

Premium Essay

Unit 8 Assignment 1

...institutions, and a number of private security firms — all working to study and combat data breaches. Analysis With 47,000+ Security incidents analyzed, 621 confirmed data breaches studied, and 19 international contributors, Verizon has ample amounts of data to compile and use to better their network. This data can also be analyzed to see what types of people are making these breaches and what motives they may have for doing so. In the 2013 DBIR, 69% of breaches were spotted by an external party and 76% of the network intrusions were due too weak or stolen passwords. Some of the other factors that have been realized was that 75% of the attacks are opportunistic and 19% of attacks are some form of espionage. There is also much evidence that many of these breaches could be tied to organized crime and gathering financial information. On a very basic level, just looking at the history of organized crime, money has always been in the center in one form or another. The money can be in the form of an exchange for a good or service, or it could be, knowing the financial information of someone for future business proposals or some other malicious intent. Recommendations - Tighter security on the networks. - Since some data breaches are done by resigned employees, instant account closing of all resources to...

Words: 344 - Pages: 2

Free Essay

Help

...encompass many components that focus on efficient and effective programs, providing services and benefits to the most vulnerable individuals in the state. One of Hawaii’s most profound agencies known in the State of Hawaii that is correlated with human services is “Helping Hands Hawaii.” Although there are many agencies that have different approaches, human services rely on agencies that are most cost-efficient yet effective. Interoperability plays a major role in the future of human services. It is the “ability of two or more systems to exchange information and to use the information that has been exchanged” (Schoech, 2010). The three possible models for approaching interoperability in the human services are Loosely Linked Network Model, Network Model, and Top-Down Model. Human services emphasize in the importance of interoperability, as agencies collaborate with the same identified need to help others. Helping Hands Helping Hands Hawai’i manages numerous programs that benefit the people of Hawaii; this includes Behavioral Health Programs, Ready to Learn, Emergency Assistance Program and many more. Their mission is to support the community by improving the quality of people’s lives through the delivery of goods and services to those who are in need. For families and individuals, Helping Hands Hawaii is a new quality of life that overcomes the obstacles that block the way of meeting their full potential. This non-profit organization revenue from State agencies, grants...

Words: 869 - Pages: 4

Premium Essay

Aljazeera

...Content: The page complete and functioning very well, all the aliments of the page are ready to be used as soon as entering the website, the content is included in each link in the page. The title of the page is Aljazeera and the logo of the network is at the left side of the word, it's noticeable because it's written in a big font size and a special font style. A big network like Aljazeera need for sure to be updated frequently add on the argent news happening must be included in the website, the website has allot of parts and each part talks about a special kind of news for example the wither, sports, and watch live, those areas are a sensitive information's and must be updated as soon as an information is received to the network responsible employees, looking at the website Aljazeera didn’t miss that point at all, the information's are being updated frequently. At first the audience of Aljazeera was just Arab world, but at November 2006 Aljazeera English has been lunched the target audience after that is all the world with its deferent Taste and backgrounds Aljazeera nowadays gives almost all the news that each one around the world would need, it's almost nothing there you are not interested in. Aljazeera has no any obvious bias or slant to the information it has been always with the truth and human rights and it's taking it as a lead to its perfection, actually Aljazeera has an awards proofing that, and it's giving both sides Opinions which is fair enough. There are allot...

Words: 357 - Pages: 2