Risks and Resolutions
Introduction
A Computer Network has many benefits to a company. However, it also puts a company at security and privacy risks if they are not tackled with a profound technical know-how. When a computer on a network is hacked, there is a possible threat to other systems getting effected as well. These security breaches can be severe to the organization information and privacy and resolve into a loss of information, leak of confidential data such as bank accounts, and loss of goodwill and trust.
Ping Sweeps and Port Scans Intro
Ping sweeps and port scans are two methods commonly used by hackers to detect vulnerabilities on computer networks (InfoSoc, 2014). Hackers use ping sweeps to check on which computers are active and being used; while they use port scan to find open ports which can be used to breach a network. If these two methods are used by knowledgeable hackers, they can jeopardize personal data and cause severe effects on the entire computer network.
Ping Sweep Ping is the abbreviation for Packet Internet Groper. It is a service to check if a machine on the network is up and running. In ping sweep, an Internet Control Message Protocol (ICMP) echo request is sent to a machine to see if it responds. If a machine is live, it will send an echo ICMP response. Hackers use this facility to seek targets in large networks. They use ping sweeps to continuously ping addresses, leading to a slowdown in the network. “It’s a bit like knocking on your neighbors’ door at 3 a.m. to see who’s sleeping and who’s not” (Lawrence, 2001).
Fping is a utility that is used for ping sweeps and unlike normal ping it sends one ping packet to one IP address, and then proceeds immediately to the next IP address. Fping navigates through the IP addresses from the top to the bottom, then back to the top and so on. This tool was actually made so that system administrators can use it in scripts for checking network issues among other issues. However, hackers can take advantage of Fping to hijack a machine on the network. NMAP is also another tool that does ping sweeps.
Port Scan If an IP address is live and responds to a ping sweep, the hacker uses port scan method to check for open ports. This process involves probing each port on a host to determine which ports are open. Once an open port is found, then usually it is a matter of breaking the username and password to get it.
Intruders or hackers can connect to a series of ports on the target server or machine and find out what services are running. The target here is a service that is less secure: easy to hack. According to Lawrence Teo, in another type of port scan, the hacker can connect to the port and immediately close the connection. Since a full connection does not happen, the transaction is not logged in the target machine. If the hacker gets an open port in the scan, he will be able to get into the network and steal or create havoc. Financial information and customer information can be compromised and the hacker can illegally transfer money from the financial system to his accounts. To protect a company from these threats, a company must have a robust security system for its network. Preemptive measures should be established and tools should be in place to ward off malicious attacks. There should be guidelines on what to do in the event of a successful attack. There should also be tools configured to recover from attacks and minimize the losses that arise from attacks like port scans and ping sweeps. Preemptive measures include having an established written security policy. There should be a robust authentication and authorization system. The network should also have a properly configured firewall to help block these attacks by preventing any outside IP addresses from accessing the network. The firewall performs SYN flood protection that drops SYN packets, which resemble denial of service attacks. Network and Host IDs should be configured appropriately as well.
“However, due to the way that port-scanning tools send thousands of SYN packets are very high speeds, these packets are often dropped by SYN flood-protection mechanisms…Attackers can still port-scan and map your network and its services, but tools such as nmap and SuperScan must be reconfigured to increase the delay between sending SYN packets” (Chris, 2004). In addition, the publicly accessible servers must be kept in a (Demilitarized) DMZ zone where very few services can be accessed by the general public. This means that users can get into the network only by using a secure VPN connection. For the networks that mainly use IIS webservers (Microsoft), Microsoft provides a tool called URLScan, which filters all URLs that are known to attack IIS web servers. The ISP allows limited ICMP messages into the company's network so that ping sweep attacks can be contained. There are also open source tools that the company can take advantage of their services. According to RedHat, article Securing your system with Snort, Snort is a powerful network-intrusion prevention and detection system. Snort works by utilizing a rule-based language that combines the benefits of signature inspection, protocol inspection, and anomaly-based inspection. You can configure Snort to run in a few different modes Sniffer mode, Packet Logger mode, Network Intrusion Detection (NIDS) mode. It monitors and analyzes network traffic in real time and sends and logs alerts for suspicious packets.
As well, ping sweep detectable tools should be configured in the firewall. For example, ippl is an Internet protocol logger that logs packets that enter the network and logs them accordingly.
If there is a threat of attack, ICMP packets can be disabled temporarily. Once the attack phase is over, they can re-enabled again.
Conclusion
In conclusion, computer networks of companies have to face the threat of network attacks and cyber attacks by devious people. Our network may not be as secure as we need it to be. Therefore, we need to look into threats like ping sweeps and port scans with serious intention to improve network security.
The company must have a robust security system in place that is constantly monitored and make sure that latest technology is used to protect the network. The company cannot rely on existing security mechanisms. There are newer and more dangerous ways of attacking the network. As such, security is an ongoing activity. Companies have to be on top of these changes by visiting mainstream security related websites. It is also important to update firewalls. The company should ensure that the security policy is adopted and adhered to by all employees. This helps in making the network and the company secure and in ensuring that critical and vital information to the companies and their clients is safe and secured.
"Yes, this is something we should be concerned about."
References
InfoSoc (2014, July). Ping Sweeps and Port Scans; Analysis https://richyrich7573.wordpress.com/2014/07/13/ping-sweeps-and-port-scans-analysis/ RedHat, (2005, November). Securing your system with Snort https://www.redhat.com/magazine/013nov05/features/snort/ Pillai, Sarath. (2013, March). What is ping sweep and how to do a ping sweep. Retrieved from http://www.slashroot.in/what-ping-sweep-and-how-do-ping-sweep
Teo, Lawrence. (2000, December). Network probes explained: understanding port scans and ping sweeps. Retrieved from http://www.linuxjo
McNab, Chris (2004, March). Top ten tips to make attackers’ lives hell. Retrieved from http://www.onlamp.com/pub/a/security/2004/03/25/ntwksecurityassess.html