Question 2 The followings are the most common security threats in networks a. TC
ID: 3707543 • Letter: Q
Question
Question 2 The followings are the most common security threats in networks a. TCP/IP Hijacking b. Network Sniffer c. Password Hackers d. Server Hijacking e. DoS Attack [5 marks] [5 marks] [5 marks] [5 marks] [5 marks] You are expected to carry out an analysis and discuss on the nature of each threats by addressing the following element like; i. What it is all about? ii. How can such attack/threats take place in the network:? iii. Why they do it? iv. When normally such attack take place (i.e. any specific time of the year, time of the day) Where is such attack targeted? v.Explanation / Answer
1) TCP/IP Hijacking
1.1) what is it all about?
TCP/IP Hijacking is when an authorized user gains access to a genuine network connection of another user. It is done in order to bypass the password authentication which is normally the start of a session.
1.2) how can such attack/threats take place in the network?
To hijack a connection/network, there are two possibilities or two ways to go about it ?
Find the sequence (which is a number sent from one node to another for authentication) that increases by '1' every iteration, but there can be also be no chance to predict it.
The second option is to use the Man-in-the-Middle attacks which, in simple words, is a type of network sniffing. For sniffing, we use tools like Ethercap or WireShark.
1.3) why they do it?
TCP/IP hijacking is done mainly to steal confidential data from a secured, restricted network.
Hackers often try to mimick/impersonate real users of that network to provide cover and access protection.
Once password authentication is successful for the hacker he/she has the capability to steal/read confidential data.
1.4) when normally such attack take place?
An attacker monitors the data transmission over a network and discovers the IP’s of two devices that participate in a connection.
When the hacker discovers the IP of one of the users, he can put down the connection of the other user by DoS attack and then resume communication by spoofing the IP of the disconnected user.
Therefore TCP/IP attacks are done typically in ' broad daylight ' situations, when most of the actual users of that network are active.
1.5) where is such attack targeted?
All unencrypted sessions are vulnerable to TCP/IP session hijacking, so one should be using encrypted protocols as much as possible. Or, you should use double authentication techniques to keep the session secured.
2) Network Sniffer
2.1) what is it all about?
A network sniffer is just as it sounds; a software tool that monitors, or sniffs out the data flowing over computer network links in real time. It can be a self-contained software program or a hardware device with the appropriate software or firmware.
Network sniffers can take snapshot copies of the data without redirecting or altering it. Some sniffers work only with TCP/IP packets, but the more sophisticated tools can work with many other network protocols and at lower levels, including Ethernet frames.
Years ago, sniffers were tools used exclusively by professional network engineers. Nowadays, however, with software applications available for free on the web, they are also popular with internet hackers and people just curious about networking.
Note: Network sniffers are sometimes referred to as network probes, wireless sniffers, Ethernet sniffers, packet sniffers, packet analyzers, or simply snoops.
2.2) how can such attack/threats take place in the network?
Wireshark (formerly known as Ethereal) is widely recognized as the world's most popular network sniffer. It's a free, open source application that displays traffic data with color coding to indicate which protocol was used to transmit it.
On Ethernet networks, its user interface displays individual frames in a numbered list and highlights by separate colors whether they are sent through TCP, UDP, or other protocols. It also helps group together message streams being sent back and forth between a source and destination (which are normally intermixed over time with traffic from other conversations).
Wireshark supports traffic captures through a start/stop push button interface. The tool also contains various filtering options that limit what data is displayed and included in captures - a critical feature since traffic on most networks contain many different kinds of routine control messages that are usually not of interest.
2.3) why they do it?
There's a wide range of applications for packet sniffers but most data probing tools do not differentiate between a nefarious reason and a harmless, normal one. In other words, most packet sniffers can be used inappropriately by one person and for legitimate reasons by another.
A program that can capture passwords, for example, could be used by a hacker but the same tool might be used by a network administrator for finding network statistics like available bandwidth.
A sniffer might also be useful for testing firewall or web filters, or troubleshooting client/server relationships.
2.4) when normally such attack take place?
Network sniffing can only take place when actual data/packets are being transmitted, therefore is only useful/viable in situations of high network traffic.
2.5) where is such attack targeted?
Complete networks are attacked for stress testing.
Sniffer tools offer a great way to learn how protocols work.
However, they also give easy access to some private information such as network passwords. Check with the owners to get permission before using a sniffer on someone else's network.
Network probes can only intercept data from networks their host computer is attached to. On some connections, sniffers only capture the traffic addressed to that particular network interface. Many Ethernet network interfaces support so-called promiscuous mode that allows a sniffer to pick up all traffic passing through that network link (even if not addressed directly to the host.)
3) Password Hackers
3.1) what is it all about?
Password hackers are hackers who have the sole purpose of gaining access to secure systems/accounts.
3.2) how can such attack/threats take place in the network?
In general, people tend to set passwords that are easy to remember, such as their date of birth, names of family members, mobile numbers, etc. This is what makes the passwords weak and prone to easy hacking.
There are mainly 2 types of password hacking attacks:
3.2.1) Dictionary attack
In a dictionary attack, the hacker uses a predefined list of words from a dictionary to try and guess the password. If the set password is weak, then a dictionary attack can decode it quite fast.
3.2.2) Brute-force attack
In a brute-force attack, the hacker uses all possible combinations of letters, numbers, special characters, and small and capital letters to break the password. This type of attack has a high probability of success, but it requires an enormous amount of time to process all the combinations. A brute-force attack is slow and the hacker might require a system with high processing power to perform all those permutations and combinations faster.
3.3) why they do it?
To gain access to secure systems.
3.4) when normally such attack take place?
Typically at low traffic situations, to prevent having multiple access to the same system, account which can be easily detected.
3.5) where is such attack targeted?
Typically unencrypted devices, systems that mostly have one - level of authentication that is text-based authentication.
4) Server Hijacking
4.1) what is it all about?
Server hijacking or DNS hijacking (or DNS redirection) is the practice of subverting the resolution of Domain Name System (DNS) queries.
4.2) how can such attack/threats take place in the network?
This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.
4.3) why they do it?
These modifications may be made for malicious purposes such as phishing, or for self-serving purposes by Internet service providers (ISPs) and public/router-based online DNS server providers to direct users' web traffic to the ISP's own web servers where advertisements can be served, statistics collected, or other purposes of the ISP; and by DNS service providers to block access to selected domains as a form of censorship.
4.4) when normally such attack take place?
Under high traffic conditions.
4.5) where is such attack targeted?
Right at the Server level.
5) DOS Attack
5.1) what is it all about?
In computing, a DoS (denial-of-service) attack is a cyber-attack in which the perpetrator seeks to make a machine or network resources unavailable/unaccessible to its genuine, intended users by indefinitely or temporarily disrupting services of a host connected to the Internet by making frivolous or false requests..
5.2) how can such attack/threats take place in the network?
Denial of service is typically accomplished by flooding the resource or machine in target with superfluous /fake requests in an genuine attempt to overload systems and prevent some or all legitimate requests from being fulfilled
5.3) why they do it?
A DoS or DDoS attack is similar/analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade and other activities such as scattering security detail of the shop , making it easy for other illegal activities to take place by the perpetrators such as theft. Activism, revenge or blackmail can motivate these type of attacks.
5.4) when normally such attack take place?
In High traffic situations, for example, in festive seasons for e-commerce websites.
5.5) where is such attack targeted?
Criminal perpetrators of DoS/DDos attacks often target services or sites hosted/running on high-profile web servers such as e-commerce websites, banks or credit card payment gateways.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.