Network Security Threats
Trojan horses, worms and DoS (denial of service) attacks are often maliciously used to consume and destroy the resources of a network. Sometimes, misconfigured servers and hosts can serve as network security threats as they unnecessarily consume resources. In order to properly identify and deal with probable threats, one must be equipped with the right tools and security mechanisms. In this article we will discuss some of the best practices for identifying and dealing with such threats.
Types of Network Threats
Most experts classify network security threats in two major categories: logic attacks and resource attacks. Logic attacks are known to exploit existing software bugs and vulnerabilities with the intent of crashing a system. Some use this attack to purposely degrade network performance or grant an intruder access to a system.
One such exploit is the Microsoft PnP MS05-039 overflow vulnerability. This attack involves an intruder exploiting a stack overflow in the Windows PnP (plug and play) service and can be executed on the Windows 2000 system without a valid user account. Another example of this network security threat is the infamous ping of death where an attacker sends ICMP packets to a system that exceeds the maximum capacity. Most of these attacks can be prevented by upgrading vulnerable software or filtering specific packet sequences.
Resource attacks are the second category of network security threats. These types of attacks are intended to overwhelm critical system resources such as CPU and RAM. This is usually done by sending multiple IP packets or forged requests. An attacker can launch a more powerful attack by compromising numerous hosts and installing malicious software. The result of this kind of exploit is often referred to zombies or botnet. The attacker can then launch subsequent attacks from thousands of zombie machines to compromise a single victim. The malicious software normally contains code for sourcing numerous attacks and a standard communications infrastructure to enable remote control.
Seek and Destroy
The first step in training your staff to identify network security threats is achieving network visibility. This concept is all rather simple as you cannot defend against or eradicate what you can't see. This level of network visibility can be achieved with existing features found in devices you already have. Additionally, you can create strategic diagrams to fully illustrate packet flows and where exactly within the network you may be able to implement security mechanisms to properly identify and mitigate potential threats.
You must establish a baseline of normal network activity and patterns in order to detect abnormal activity and potential network security threats. Mechanisms like NetFlow can be integrated within your infrastructure to help effectively identify and classify problems. Prior to implementing such a system, you should perform some sort of traffic analysis to fully comprehend the rates and patterns of general traffic. In a successful detection system, learning is achieved over a huge interval which includes the peaks and valleys of network activity.
The best defense against common network security threats involves devising a system that is adhered to by everyone in the network. Furthermore, you can strengthen your level of security with reliable software that makes this process much easier.