...I chose to group examples of network attacks in a way that made sense to me personally. These groups are not intended to be all inclusive or exclusive. This list is meant to be general in nature and give a broad overview of type and defenses. Malware – (Viruses, Worms, Trojan Horse) Description - This type of attack usually occurs by malicious software covertly disguising itself as known good software or by attaching itself to known good software although they can also do damage from a distance. The effects can range from a mere nuisance to complete system failure. Best Defense - Good Anti-Virus software is the best defense but it’s important to keep the software updated and configured properly. Firewalls and Proxy Services can also prove effective as a central point all Network traffic must pass through which can then be configured to filter, block or control destination of inbound/outbound traffic. External – (Denial of Service, Brute Force, Sniffing1, Spoofing, MITM) Description - This type of attack usually propagates from outside the confines of the Network itself and does not require internal control to do damage. Intended effects can range from flooding network traffic causing network degradation to attempted access of secure information. Best Defense - Encryption is the most effective...
Words: 384 - Pages: 2
...or a Panic Attack? This article asks the question in the minds of a psychologist. People who suffer from asthma are misdiagnosed with the wrong types of medication in order to get this problem under control. A patient would be given an asthma medication, when they are having a panic attack and not an asthma attack. There was a case study done on a sixteen year old boy in order to determine if he was having an asthma attack or a panic attack. Psychologist with the assistance of doctors has to get the right types of therapy and medication to someone, so they can become a better person within society. What is Asthma? It is a breathing condition caused from the lungs not being able to receive enough air to the lungs to produce carbon-dioxide. You cannot breathe and you feel like you are being checked out. When this happens, you must use an inhaler in order so you can breathe. If you cannot get the asthma attack under control, you usually have to go to the hospital. The hospital will give you a breathing treatment with oxygen. They will hook you up to an oxygen mask connected to a breathing machine. You will have a mask over your nose...
Words: 1051 - Pages: 5
...Denial of service attacks in Network security introduction and short history of DoS attacks: Denial of service attacks are one of the major threat to the modern computer networks.It has been said that first DDoS attack was launched in 1999 against the IRC server of university of minnesota which affected 227 systems and server was down for several days.Another DoS attack was documented in the week of feb 7 2000.A 15 year old canadian hacker named “mafiaboy” performed a series of DoS attack against some sites like ebay and amazon.Companies suffered from 1.7 billion of damage.After that it became the best way of hacking among cybercriminals. People used to perform these attacks for profits.Hackers will follow the procedures like mafiaboy and ask for the money.In 2005 ,it became more easy to implement those attacks ,a boy of 18-yr old named Farid Essabar developed a worm called MyTob which used to open a backdoor in Ms windows hosts and connect to the remote IRC server.The computer then used to wait for the commands from the servers.Farid was arrested for distributing the worm.This was surely not the last case.DDoS attacks were used to attack and money extortion. As name suggests Denial of Service aka DoS, it’s main objective is to make the system to deny the legitimate service requests. Basically DoS attacks are performed by exhausting the resources of the computer like processing power,network bandwidth,TCP connection and service buffers,CPU cycles and so on.Hackers actually...
Words: 2218 - Pages: 9
...Student’s Name: Date: ITS111 – Introduction to IS Security Seminar One – Security in the News Attack 1 Title: Home Depot Hit By Same Malware as Target Type of Attack Description: BlackPOS infects computers running Windows that are part of POS systems and have card readers attached to them. Once installed on a POS system, the malware identifies the running process associated with the credit card reader and steals payment card Track 1 and Track 2 data from its memory. This is the information stored on the magnetic strip of payment cards and can later be used to clone them. Attack Description: Its a new variant of “BlackPOS” (a.k.a. “Kaptoxa”), a malware strain designed to siphon data from cards when they are swiped at infected point-of-sale systems running Microsoft Windows. Attack 1 Reference(s) Constantin, L. (2013). Krebs on Security. Retrieved from http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/ Attack 2 Title: The Sony Pictures hack, explained Type of Attack Description: hackers implanted Wiper on Sony's computer infrastructure, a malware software program designed to erase data from the servers. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers Attack Description: It was an attack by North korea in response to the movie “The Interview” a comedy about a plot to assassinate North Korean leader. The attackers stole huge...
Words: 884 - Pages: 4
...Identifying Potential Malicious Attacks, Threats and Vulnerabilities Brian Cox Strayer Univerity Professor Leonard Roden Networking Security Fundamentals May 03, 2016 Have you ever thought about the measures that you need to go through when protecting yourself from online threats and attacks? There are many different types of attacks and threats that can be carried out against networks and organizations. The attacks that could be carried out can cause serious damage to the company and range on a scale from very minimal to very severe data loss and data theft. It is important for companies to take every precaution available and have not only the best software for prevention of these attacks but stay on top of what the intruders, hackers, attackers are learning and how the technology is forming when they are deploying these systems on their servers, networks, and office computers that employees will use on a day to day basis. The computers each employee is using should come with a User Agreement and the do’s and do not’s when it comes to daily computer usage. This will enhance the security as each employee will understand what is acceptable and how to obtain maximum security of their signed computer. It is also advisable within the User Agreement to list out the things that are unacceptable such as plugging in your phone, downloading things from the internet, and other things that may seem harmless but could hurt the company if it was exploited by accident...
Words: 1622 - Pages: 7
...Attack Prevention Nicole Stone University of Phoenix Introduction to Information Systems Security Management CMGT/441 Anthony Seymour March 03, 2012 Attack Prevention The article that will be reviewed is entitled “Help Combat Cyber Attacks with These Steps” written by Chris Mead. This article covers many topics on how a business or government agency can be damaged by a cyber-attack and what should be done to prevent this from happening. Cyber-attacks can “inflict economic damage, disrupt a company’s operation and harm to its reputation” (Mead, 2011, para. 1). The different types of attacks are discussed such as; intellectual property theft, fraud, attacks upon infrastructure, and telecommunications. This article also stresses the importance of getting employees involved in the fight against these types of attacks by keeping all employees trained in information security policies and procedures. Some businesses may even require the assistance of the government in fighting off these attacks, and getting them involved if an attack does occur. Intellectual property theft is “robbing people of their ideas, inventions, and creative expressions—what’s called intellectual property—everything from trade secrets and proprietary products and parts to movies and music and software” (FBI, n.d., para. 1). The U.S is known for having cutting edge ideas, therefore making them vulnerable to these types of threats. That is why the FBI has made it a top priority to fight against...
Words: 998 - Pages: 4
...a better understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists. The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is difficult because our video game company has a large list of customers and suppliers that are in constant change. The best option is to alert users about the security measures and company policies regarding private and unknown emails. The Web and FTP server can be a not very alarming vulnerability. Because it is located in the DMZ and after the Intrusion Detection System (IDS), is unlikely to be corrupted without being detected. The location of the file servers in the network is totally unprotected against internal attacks. Any successful attack in the LAN would leave the data servers exposed. The establishment of a demilitarized zone with a completely different set of log on names and password than any other machines would give these servers better...
Words: 1141 - Pages: 5
...Types of System Attacks Bryan Francia Coleman University Abstract This paper is a brief overview of different types of Information Security System attacks. Without Security measures or system controls, your data could be stolen, your computer hijacked or corrupted, or your network destroyed. There are so many different methods attackers use, attempting to cover down on all of them in a two page paper would be pointless, but will briefly cover some of the more common types of network attacks. Without a security plan, your data is vulnerable to any of the following types of attacks. There are active attacks and there are passive attacks. An active attack means the information is changed with intent to corrupt or destroy the data or network, while a passive attack generally means your information is being monitored. Eavesdropping is when an attacker who has gained access to data paths in your network listens or reads the traffic. It is known as sniffing or snooping. Eavesdroppers have the ability to monitor networks because the majority of network communications occur in an unsecured format and is generally the biggest problem that administrators face in an enterprise. After an attacker has accessed your data, he or she may alter it. This is referred to as Data modification. It is possible for an attacker to modify the data in a packet while in transit without the knowledge of the sender or receiver. This is especially important in business, as you would not want...
Words: 486 - Pages: 2
...basing on the information received from the sensors about the surrounding environment. These sensor networks are sometimes referred to as wireless sensor and actuator networks. They monitor physical or environmental conditions such as sound, pressure, temperature among others and send the collected data to the required location. Effective sensing and acting requires a distributed local coordination methods and mechanism among the sensors and the actors in addition to this, sensor data should be valid in order for right and timely actions to be performed. This paper describes secure routing in wireless sensor networks and outlines its threats on security. Keywords: Wireless sensor and actor networks; Actuators; Ad hoc networks; Sybil attack; Real-time communication; Sinkhole; Routing; MAC; adversary. Introduction With the recent rapid improvement on technology, many networking technologies have been created to make communication easy. One such technology is distributed wireless sensor network which has a capability of observing the physical world and process the data and in addition make decisions basing on the collected data and perform actions basing on this. Wireless sensor networks (WSNs) are rapidly growing and have emerged as one of the important area in mobile computing. Its applications of WSNs are...
Words: 5106 - Pages: 21
...internet has grown technologically faster and with more capabilities than any other type of technology in the world, leaving the United State with a sense of fear with this type of network being a risk to our national security. While most of us find the internet to be a great tool of information, and unlimited capabilities, it can devastate us personally and financially. The internet can increase the risk of theft, fraud and even the possibility to suffer from a cyber-attack or even worse a cyber-terrorism, leaving our country at risk especially for those who work in the government defense agencies and private corporations. In 2003, the conflict with Iraq created a round of speculations that the United States was going to experience cyber-attacks in revenge (Clarke). But, since 1995 there haven’t been any reports of cyber-attacks that would produce panic or damage to U.S. infrastructure or that affects our military operations. By any means this is not a result of idleness by terrorist groups. Between 1996 and the end of 2001 there was 1,813 international terrorist attacks performed. To mention a few that involved citizen targets, there is the Khobar Tower Bombing in June 1996, the Embassy Bombing in East Africa in August 1998, and the USS Cole attack in October 2000. Between 1996 and 2003, to compare between terrorist attacks around 1,813, computer security incidents around 217,394 and cyber-attacks on infrastructure which they were 0, reporters have noted that the cyber terror on...
Words: 2224 - Pages: 9
...The easiest way for them to gain access to the confidential data on the network is by bluffing a person , making him to handover the secret keys and it is not just by writing a clever piece of code. The phishing attacks are increasing these days, as fake official messages and websites, or communications would appear just like coming from the trusted sources on the network. The hackers are trained experts who will gain access to the destination servers. Most of the time hackers target very high level executives in order to steal and utilize their data for various malicious activities on the network. If the data is related to CEO of an XYZ company, it can be easily hacked, whereas it is still easier to hack data related to other people on the network. In order to avoid these types of attacks we need a security product which is capable of performing real-time monitoring of malicious data with the feature of preventive blocking capabilities of these malicious traffic on the...
Words: 2324 - Pages: 10
...Reverse engineering is basically going to previous files directory or parent file directory. The attacker will be able to develop a tool which will direct him to source files of webpage. Hence source code can be retrieved from server because of poor designing of application. 3) By knowing the software used by server from response packet, the attacker can launch different types of attack like denial of service, penetration of worm, etc. Attacker can also successfully access data from any file directory in server’s system. 4) HTTP request smuggling attack is used to bypass firewall or other gateways using proxies. In this attack the attacker parses the malicious data, URL or code with the legitimate HTTP packet so that this packet gets access like legitimate packets. 5) HTTP response splitting is an attack in which attacker sends request to server when user sends the request to the server so that server will transmit two response to the user. In this case attacker has control of second response and hence can exploit various attacks like cross-site scripting, web cache poisoning,...
Words: 1279 - Pages: 6
...Risk, Response and Recovery Karen Raglin Professor West Networking Security Fundamentals March 3, 2013 I previously identified several types of attacks, threats and vulnerabilities that exist with your multilayered network. You have requested that I develop a strategy to deal with these risks as well as a plan to mitigate each risk to reduce the impact that each will have on your organization. With any network organization you want to make sure that you keep on top of vulnerabilities of anything that reaches out to the internet. Computers and servers that touch the internet are ones that must be scanned. As a company you have to make sure that you configure the security settings for the operating system, internet browser and security software. As a company you also want to set personal security policies for online behavior. There also needs to be an antivirus installed on the network like Norton or Symantec which blocks threats targeting the vulnerabilities. Your firewall, which is your first line of defense, is susceptible to two common types of attacks. First there are attacks against the firewall itself with the purpose of the attacker being to take control of the firewalls functionality and then launching a DoS attack. The second type of attack against firewalls is an attack on the LAN side of the firewall. These attacks circumvent the rules and policies of the firewall to gain access to the devices that are supposed to be protected by the firewall. The largest...
Words: 1277 - Pages: 6
...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute commands...
Words: 1620 - Pages: 7
...Student Instructor: IT 294 January 10, 2014 IT 294 - WINTER 2014 - HOMEWORK WEEK 1 / CHAPTER 1 Table of Contents Chapter 1 Objectives 2 Objective 1: Describe the challenges of securing information 2 Objective 2: Define information security and explain why it is important 3 Objective 3: Identify the types of attackers that are common today 5 Hackers 5 Script Kiddies 5 Spies 5 Insiders 5 Cybercriminals 6 Cyberterrorists 6 Objective 4: List the basic steps of an attack 6 Objective 5: Describe the five basic principles of defense 7 Layering 7 Limiting 7 Diversity 7 Obscurity 8 Simplicity 8 Works Cited 8 Chapter 1 Objectives To accomplish the learning objectives for Chapter 1: • I have read all of Chapter 1 in the course textbook (pages 1-39); including understanding the key terms on (pages 28-29). • I have read and answered all of the review questions on (pages 29-32), then compared my decisions with the solutions posted on Canvas, any incorrect answers I corrected and confirmed in the chapter. • I have read and worked through Hands-On Projects 1-1 through 1-4 to facilitate in achieving each of the stated learning objectives. • I have read, worked through and evaluated Case Projects 1-1 through 1-8 on (pages 36-38). • I have participated in all class presentations and discussions about Chapter 1 • I have read through and examined Chapter1 slide presentations. The learning objectives for this chapter are as follows: Objective...
Words: 3169 - Pages: 13