TYPE OF BREACHS, ATTACKS AND
INCIDENTS
There are several types of internet security breach or attacks.
Expert has identify 9 common type of internet security intrusion which consist
of Probe, Scan, Account Compromise, Root
Compromise, Packet Sniffer, Denial of Service, Exploitation of
Trust, Malicious
Code and Internet Infrastructure Attacks
1. Probes
A
probe is characterized by unusual attempts to gain access to a system or to
discover information about the system. One example is an attempt to log in to
an unused account. Probing is the electronic equivalent of testing doorknobs to
find an unlocked door for easy entry. Probes are sometimes followed by a more
serious security event, but they are often the result of curiosity or
confusion.
A
scan is simply a large number of probes done using an automated tool. Scans can
sometimes be the result of a misconfiguration or other error, but they are
often a prelude to a more directed attack on systems that the intruder has
found to be vulnerable.
An
account compromise is the unauthorized use of a computer account by someone
other than the account owner, without involving system-level or root-level
privileges (privileges a system administrator or network manager has). An
account compromise might expose the victim to serious data loss, data theft, or
theft of services. The lack of root-level access means that the damage can
usually be contained, but a user-level account is often an entry point for
greater access to the system.
A
root compromise is similar to an account compromise, except that the account
that has been compromised has special privileges on the system. The term root is derived from an account on
UNIX systems that typically has unlimited, or "superuser",
privileges. Intruders who succeed in a root compromise can do just about
anything on the victim's system, including run their own programs, change how
the system works, and hide traces of their intrusion.
A
packet sniffer is a program that captures data from information packets as they
travel over the network. That data may include user names, passwords, and
proprietary information that travel over the network in clear text. With
perhaps hundreds or thousands of passwords captured by the sniffer, intruders
can launch widespread attacks on systems. Installing a packet sniffer does not
necessarily require privileged access. For most multi-user systems, however,
the presence of a packet sniffer implies there has been a root compromise.
The
goal of denial-of-service attacks is not to gain unauthorized access to
machines or data, but to prevent legitimate users of a service from using it. A
denial-of-service attack can come in many forms. Attackers may
"flood" a network with large volumes of data or deliberately consume
a scarce or limited resource, such as process control blocks or pending network
connections. They may also disrupt physical components of the network or
manipulate data in transit, including encrypted data.
Computers
on networks often have trust relationships with one another. For example, before
executing some commands, the computer checks a set of files that specify which
other computers on the network are permitted to use those commands. If
attackers can forge their identity, appearing to be using the trusted computer,
they may be able to gain unauthorized access to other computers.
Malicious
code is a general term for programs that, when executed, would cause undesired
results on a system. Users of the system usually are not aware of the program
until they discover the damage. Malicious code includes Trojan horses, viruses,
and worms. Trojan horses and viruses are usually hidden in legitimate programs
or files that attackers have altered to do more than what is expected. Worms
are self-replicating programs that spread with no human intervention after they
are started. Viruses are also self-replicating programs, but usually require
some action on the part of the user to spread inadvertently to other programs
or systems. These sorts of programs can lead to serious data loss, downtime,
denial of service, and other types of security incidents.
These
rare but serious attacks involve key components of the Internet infrastructure
rather than specific systems on the Internet. Examples are network name
servers, network access providers, and large archive sites on which many users
depend. Widespread automated attacks can also threaten the infrastructure.
Infrastructure attacks affect a large portion of the Internet and can seriously
hinder the day-to-day operation of many sites.
INTERNET SECURITY
TYPE OF PREVENTIONS
There are no such things
as one technique can protect us from being attack; internet security required a
combination of several technologies to minimize the potential of being breach. The
technologies that can help us in preventing the attacker consist of One-Time
Passwords technologies, Firewalls technologies and Monitoring Tools
technologies.
1.
One-Time Passwords technologies
Intruders
often install packet sniffers to capture passwords as they traverse networks
during remote log-in processes. Therefore, all passwords should at least be
encrypted as they traverse networks. A better solution is to use one-time
passwords because there are times when a password is required to initiate a
connection before confidentiality can be protected.
One common example occurs in
remote dial-up connections. Remote users, such as those traveling on business,
dial in to their organization's modem pool to access network and data
resources. To identify and authenticate themselves to the dial-up server, they
must enter a user ID and password. Because this initial exchange between the
user and server may be monitored by intruders, it is essential that the
passwords are not reusable. In other words, intruders should not be able to
gain access by masquerading as a legitimate user using a password they have
captured.
One-time password technologies address
this problem. Remote users carry a device synchronized with software and
hardware on the dial-up server. The device displays random passwords, each of
which remains in effect for a limited time period (typically 60 seconds). These
passwords are never repeated and are valid only for a specific user during the
period that each is displayed. In addition, users are often limited to one
successful use of any given password. One-time password technologies
significantly reduce unauthorized entry at gateways requiring an initial
password.
Intruders
often attempt to gain access to networked systems by pretending to initiate
connections from trusted hosts. They squash the emissions of the genuine host
using a denial-of-service attack and then attempt to connect to a target system
using the address of the genuine host. To counter these address-spoofing
attacks and enforce limitations on authorized connections into the organization
Is network, it is necessary to filter all incoming and outgoing network
traffic.
A firewall is a collection of
hardware and software designed to examine a stream of network traffic and
service requests. Its purpose is to eliminate from the stream those packets or
requests that fail to meet the security criteria established by the
organization. A simple firewall may consist of a filtering router, configured
to discard packets that arrive from unauthorized addresses or that represent
attempts to connect to unauthorized service ports. More sophisticated
implementations may include bastion hosts, on which proxy mechanisms operate on
behalf of services. These mechanisms authenticate requests, verify their form
and content, and relay approved service requests to the appropriate service
hosts. Because firewalls are typically the first line of defence against
intruders, their configuration must be carefully implemented and tested before
connections are established between internal networks and the Internet.
Continuous
monitoring of network activity is required if a site is to maintain confidence
in the security of its network and data resources. Network monitors may be
installed at strategic locations to collect and examine information
continuously that may indicate suspicious activity. It is possible to have
automatic notifications alert system administrators when the monitor detects
anomalous readings, such as a burst of activity that may indicate a
denial-of-service attempt. Such notifications may use a variety of channels,
including electronic mail and mobile paging. Sophisticated systems capable of
reacting to questionable network activity may be implemented to disconnect and
block suspect connections, limit or disable affected services, isolate affected
systems, and collect evidence for subsequent analysis.
Tools to scan, monitor, and eradicate viruses can identify and destroy malicious programs that may have inadvertently been transmitted onto host systems. The damage potential of viruses ranges from mere annoyance (e.g., an unexpected "Happy Holidays" jingle without further effect) to the obliteration of critical data resources. To ensure continued protection, the virus identification data on which such tools depend must be kept up to date. Most virus tool vendors provide subscription services or other distribution facilities to help customers keep up to date with the latest viral strains.
Article by
Heywood Jehia
2010175753
REFERENCES
Himma, K. E. (2007). Internet
Security: Hacking, Counterhacking, And Society. Burlington, MA: Jones &
Bartlett Learning.
Rhee, M. Y. (2003). Internet Security: Cryptographic
Principles, Algorithms and Protocols. New York: John Wiley & Sons.
Tim Speed, J. E. (2003). Internet Security: A Jumpstart
for Systems Administrators and IT Managers. Maynard, MA: Digital Press.
William R. Cheswick, S. M. (2003). Firewalls and Internet
Security: Repelling the Wily Hacker. Boston, MA: Addison-Wesley Professional.
Comer, D. (2007). The Internet Book: Everything You Need to Know
about Computer Networking and How the Internet Works. United State:
Prentice Hall.
Gary B. Shelly, H. A. (2009). Discovering the Internet:
Complete Concepts and Techniques. Stamford, Connecticut: Cengage Learning.
0 comments:
Post a Comment