Attacks On systems And Networks
Download
Report
Transcript Attacks On systems And Networks
Attacks On systems And Networks
To understand how we can protect our system and network we need to know about
what kind of attacks a hacker/cracker would use.
Its important to understand that there is different kinds of attacks, and that a attack
can either concentrated on you / your system, or a wide range attacks, that scans
for weak systems to attack.
Attacks On systems And Nettwoks
We have 5 kinds of attacks:
Basic Attack
Identity Attack
Denial of Service Attack
Malicious Code Attack
Attacks On systems And Nettwoks
Basic Attacks
Basic attacks are attacks that not always require a high degree of technical
skill, but sometimes rely more on guesswork and cunning than anything else.
We divide Basic Attacks into subcategories:
Social engineering
Tricks people to give you information
Phissing attempts
Dumpster diving
Password guessing
Brute force attacks
Dictionary attacks
Weak keys
Exploits weak encryption keys with a known hack
Mathematical and birthday attacks
Identity Attacks
Identity attack, is an attack where the attacker tries to take over, modify or
sniff your network traffic.
We have three types of Identity attacks:
Man-in-the middle
Passive attack, just captures the data traffic
Active attack, captures and modify the data before sending it to the
receiver
Replay attack
Captures data sent between a user and a server, then sends a fragment
of the captured data back to the server to obtain access without user
name and password.
Tcp/ip hijacking
ARP Spoofing, edits the ARP table to send a packet to another
destination then targeted.
Denial Of Service Attack
A DOS attack tries to take down your system by flooding it with request such
as SYN request or ping request
Denial of service(Dos)
Requests contact with a server(SYN), and does not answer to the AKC
reply from the server, this causes the server to wait for an answer for
several minutes, and this use a lot of resources.
Smurf Attack. The attacker sends a ping request to a victim with a
spoofed senders address, causing the victim to answer to the spoofed
address.
Distributed Denial of service(DDos)
Uses hundreds or thousands of computers to attack a system.
A hacker breaks into a high performance computer and installs a special
software. The software scans for other vulnerability on them, if found,
installs a software. These computers are called zombies. Attacker only
sends a attack commando to the handler. The handler spreads the
message to all the zombies and the attack launches.
.
Malicious Code
Malicious code, also called malware, consist of computer programs design to
break into computers or to destroy data.
These are the most common types of malware:
Virus
A small program secretly attached to another file, executes when file is
opened.
Worms
Self-executing program, that often are attached to e-mail.
Logic bombs
A small program that gets executed by a special event such as a date or a
change in a program/file.
Trojan Horses
A program that hides its true intent and then reveal itself when activated.
Might be a screen saver that sends information back to a hacker.
Back doors
A secret entrance into a computer of which the user is unaware of.
A back door can be created by the software designer for testing purposes,
or by a hacker how creates a virus / Trojan horse, and distributes it.
.
How perform these attacks?
People how perform these kinds of attacks usually do it for a reason. It can
either be motivated by money or it can be done to earn respect among a
special group of people.
Hackers
A hacker hacks your system to find a problem, and let you know, so that
crackers wont exploit it.
Crackers
Have intent to harm or take over your system.
Script kiddies
A unskilled user how downloads a software to perform an attack
Spies
A person who has been hired to break into the the system to get
information
Employees
Might insert a virus to the system if they feel overlooked....
Cyberterrosists
Defacing, ddos attacks
.
How can we protect our self against attacks from hackers and crackers?
Update Operating system
Update network services
Update software
Have good procedures among employees
Educate your users
Source::
Security + guide to Network Security fundamentals (second edition)