Certified Basic Network Support Professional Sources and Types of Threats

Sources and Types of Threats
 


Types And Sources Of Network Threats


Denial-of-Service:
DoS (Denial-of-Service) attacks are the most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service.

The premise of a DoS attack is simple: it sends more requests to the machine than it can handle. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection.

Some things that can be done to reduce the risk of being stung by a denial of service attack include:
1.Not running visible-to-the-world servers at a level too close to capacity.
2.Using packet filtering to prevent obviously forged packets from entering into network.
3.Keeping up-to-date on security-related patches for our hosts' operating systems.

Unauthorized Access:
``Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that our machine should not provide the attacker. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.

1.Executing Commands Illicitly
There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do.  This might, then, be all the access that an attacker needs. On the other hand, an attacker might wish to make configuration changes to a host. In this case, the attacker will need to gain administrator privileges on the host.

2.Confidentiality Breaches
We need to examine the threat model: what is it that we are trying to protect ourselves against? There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public. In these cases, it's possible that compromise of a normal user's account on the machine can be enough to cause damage (perhaps in the form of PR, or obtaining information that can be used against the company, etc.)

While many of the perpetrators of these sorts of break-ins are merely thrill-seekers interested in nothing more than to see a shell prompt for our computer on their screen, there are those who are more malicious.

3.Destructive Behavior
Among the destructive sorts of break-ins and attacks, there are two major categories.

a. Data Diddling:
This type of attack is likely the worst sort, since the fact of a break-in might not be immediately obvious. Perhaps the numbers in our spreadsheets or the dates in our projections and plans might be changed.

b. Data Destruction:
Some of those perpetrate attacks are simply twisted jerks who like to delete things. In these cases, the impact on our computing capability -- and consequently our business -- can be nothing less than if a fire or other disaster caused our computing equipment to be completely destroyed.

 For Support