What Types of Network Security Attacks are Perpetrated?

An investigation into the broad types of network security attacks that network managers need to be aware of.

With any network it is essential to sit down and work out what threats you are likely to come across. Plainly, you are in the best position to weigh the likelihood of facing a given threat. The broad types of threats are outlined below.

Email Based Network Security Attacks

Email has been broken pretty much from the beginning of the commercial Internet. That we have gone for more than a decade with such a broken system at the core of the Internet I find quite baffling. But, whatever the whys and wherefores, it is a fact.

As a network manager you’ve got to deal with the world as it exists now, not how it should be. Of all the network security attacks I deal with, email is by far the biggest time waster. I suspect that I am far from alone.

The main network security attack that can be perpetrated via email is to use email as a vehicle by which worms can be carried into the very heart of your network. How else can a cracker have their software executed on, potentially, thousands of machines behind all of the perimeter defences erected by a company?

The fact that email is used as a means to access the very heart of a network explains why it is so popular as a means for network security attacks.

Denial of Service (DoS) Network Security Attacks

Denial of Service (DoS) type attacks, like the one currently underway against SCO, have a number of different forms and targets.

Any system out in the wilds of the Internet is exposed to DoS attacks. The intent of a DoS attack is to render your systems inoperative for the duration of the attack. Attacks range in sophistication from a single disgruntled person to a massive, worldwide, cooperative attempt to disrupt a large corporation.

In the old days, all that was necessary to bring down a whole corporation’s email was to send them a large file as an email attachment. The speed of the Internet links were sufficiently slow so as to saturate the link for an extended period. Things have moved on from this. Even the smallest companies can afford to have their systems hosted on infrastructure supplied by Tier-1 backbone providers. Consequently, it takes more than a single large file to take most systems down.

Unfortunately the world of DoS attacks have moved on too. Now, the power of the Internet can be used to power todays network security attacks. There are tens of millions of machines now connected to the Internet. Many of them are managed by people who are not as concerned about network security attacks as you are. Indeed many are completely ignorant of the dangers. This problem has been exacerbated by the wide adoption of always on broadband. When people connected to the Internet via dialup, their ignorance only gave a very narrow pipe to the DoS attacker. Now, much greater damage can be wreaked on the Internet by a poorly defended broadband PC.

Unauthorized Access

The ultimate aim of any network security attack is to either deprive you of use of your system or more commonly to give at least partial control of your system to the cracker.

Most systems rely on a very simple mechanism to keep intruders at bay. The good old username & password are used very widely. The main problem with passwords is that we’re only human. We like nice, easy to understand passwords we won’t forget. As the number of passwords we are expected to remember rises (I’ve never counted, but I bet I need to remember at least 30 passwords) the human desire to have memorable passwords becomes even more imperative. That’s all well and good except for the fact that what is easy to remember for us is also easy to crack.

There are loads of programs that have been produced to crack passwords using the ’brute force’ method. A bad password on a Microsoft Windows system can be cracked in less than a second. Worse still, some systems send passwords over the network as clear text. There are plenty of tools available to collect those too.

Once a user name & password have been obtained the system treats the cracker just like an authorized user would be.

Worms & Trojans

One of the main aims of an unauthorized access attack is to install a software program on the target system. The worm will then hide its presence from the administrator of the system for as long as possible. The worm will perform whatever instructions given to it by the cracker. Some worms can even be connected to after installation and given new instructions. Generally, a worm is used during DoS attacks targeting a system of the crackers choosing. Sometimes groups of crackers will cooperate to target a common enemy.

A colleague at OPENXTRA found a worm on his machine at home. He had a firewall installed and anti-virus software and yet the worm somehow went undetected. For a less technical user the worm may well have gone undetected for some time.

A common method of infection is visiting websites that are, how can I put this subtly, places you wouldn’t care to show your mother. Another common method is via an infected email. There are vast databases of email addresses shared by crackers, many are scraped from websites. Others are generated by sending semi-random emails to services like hotmail. When an email hits a real inbox the spammers or crackers can detect it and add it to their email list.

Wireless Specific Network Security Attacks

Wireless networks differ from fixed networks in many ways. From a security perspective the biggest difference is that a fixed network has a well defined boundary. If you mount a good defence on the boundary of your network, the chances are you are going to be OK.

A wireless network doesn’t provide such an easily defined boundary. The boundary of your wireless network could be miles away from where you think it is. There are techniques for reducing the size of your boundary, but it will be time consuming and expensive to guarantee that the boundary stays within your office.

So, for most installations, it is a given that the boundary of your network is not inside your building. It is the external boundary problem that makes wireless security more problematic than wired security.

With modern directional aerials it is possible to pick up wireless networks from as far away as four miles.