Network security: Common threats, vulnerabilities, and mitigation techniques
It will be good if the networks are built and managed by understanding everything. The problem is that there are users who are familiar and who stole the data, embarrass the company and will confuse everything. It needs little effort to fight against with the threats on the computers and networks. The vulnerability will make the threat as reality and helps to mitigate that threats are discussed below. It includes wireless network security, threats and mitigation techniques which helps perform better.
Nowadays, due to its popularity and wide range of advantage the wireless plays important role everywhere from large organizations to individual personal use computer and networks. Here listed below are some of the threats which are specific to the wireless networks to recognize and to mitigate the threats.
The war driving is an act of searching for the wireless network in the moving vehicles with the help of the PDA or portable computer. It introduce with the earliest of the wireless network because it was more popular among many organizations are also setting this wireless network that they really did not know to secure it. To keep the wireless network more secure, implement the measures which needed for the wireless network.
In the year 2002, a group of people developed the series of symbol which indicates that a network was nearby as well as whether it was unsecure, secure, protected by the WEP. They marked the symbols onto the street sign or wall to indicate the network location. This method has gone away and the people started using Wi-Fi when it need and various cell phones are looking for it.
The wireless network, which is protected by the WEP is not secure as per today's technology. All the attackers have to determine a WEP key and it can be done in a fraction of a second. Once the attacker determined the key, then he can get into the system and also monitor the traffic or can take the administrator's role and change the settings.
The WPA is the one which uses the security mechanism is known as temporal key integrity protocol. There are ways that the experienced and determined attacker can also decrypt the incoming traffic to the computers using WPA with the TKIP. It is not a secure option anymore and make use of the WPA2 with the AES for the secure network.
An evil twin is the bogus type Wi-Fi connection which fools users that believing that it is the legitimate connections to phishing attacks as well as exploitation of the data transaction purposes. These kinds of attacks are more common, it is necessary to aware of it and guard against it. It will affect it professionally and personally. Protect computer or network against the evil twin attacks by learning about such attacks. Make use of the VPN with TLS or SSL to ensure that the all passwords, emails and all sensitive information are encrypted while transmission. It is better to avoid sending highly sensitive and important information through wireless networks, which is not 100 % safe.
Rogue access point
The rogue access point is the wireless access point which installed without explicit permission of a network administration team. It creates the potential for the man in the middle attack where the security of a network has breached. To avoid the installation of the rogue access points, monitors the network for the newly installed access point with the help of wireless intrusion prevention system that will detect changes in a radio spectrum which indicate the new access point is operational and installed. Most of these systems will take automatic countermeasures by identifying a rogue and redirecting the traffic away from that.
The security threat to the network can be the attacker who attempts to grasp information to exploit the network vulnerability. This kind of attack is also known as passive attack. On the other hand, the attacker is attempting to disrupt the network communication and also affect the user productivity of a network. It is also known as an active attack. Here listed below are some of the most common types of the security threats.
The DOS- denial of service attack overwhelms the network host with the stream of bogus data which keep it to process the designed data. The DoS attacks will be launched against the computers and against the network devices. The DoS attack is the security threat which implies that the larger attacks are in progress. Then the DoS attack is a part of the attack that the hijacks communication from the user who already authenticated to the resource. When the users computers are blocked by a DoS attack, then the attacker access the resource and receive the needed information and returns the control to a user who does not know what occurred in it.
The distributed denial of service is the attack occurs when the multiple system is used to flood the resources or bandwidth of a group of servers or one server. The main purpose of this attack is to saturate a resource so that it is not available longer for the legitimate use. It is used as the decoy to hide more malicious attack which attempts to steal sensitive information or other data. The specialized software called DDS can able to block the traffic that has a legitimate content but the bad intent.
Man in the middle
The man in the middle attack occurs when the person keep a logical connection or equipment between 2 communicating parties. These 2 communicating parties assume they are directly communicating with each other, but the information is being sent to a man in the middle who forwards it to the proposed recipient. This attack is very harmful to the organizations. Most of the organizations will adopt measures such as strong authentication as well as latest protocols, including IPSec/L2TP with the tunnel endpoint authentications.
A social engineering attacks are not relying on technology or protocols to succeed, but instead it relies on the human nature. Users generally trust each other and where the this type of attacks start. It may comprise of false sites that ask for the information from the unsuspecting web surfers. And this type of attack is known as phishing. A social engineering attacks might be prevented by just training the users not to provide their credentials who asks for the information on the web page.
The computer virus is the program which can infect the computer and copy itself without user knowledge. These viruses started infecting the computers in 1980 itself and also continued to evolve till date. Some of the viruses are able to change after it infects the computers to try to hide from the antivirus software. As the viruses changed over the years and years, companies like McAfee and Symantec have specialized in the software, which can eradicate and detect viruses from the computer system. There are nearly more than 76,000 known viruses and users can eradicate it by updating the antivirus software up to date on all the clients and servers.
The worm is the something different from the viruses, it is just a program and just not an infestation. These worms will use a computer network to send worm copies to the other computers without the user's knowledge. They are proposed to cause network problem such as resource utilization and bandwidth issues. The most famous worms such as sobig and mydoom worms have affected more thousands of servers and computers in the past. You can prevent the spread by maintaining the servers and clients up to date with latest security patches.
The buffer overflow is the attack created anomaly by the rogue program when writing data to the buffer intentionally overwrite the buffer memories and the adjacent memory. It may result in memory errors and erratic behavior and a crash or breach of the system security. Make use of the products like ProPolice and Stackguard to prevent the buffer overflow attack from succeeding.
The attacker can use the protocol analyzer to launch the attack by the packet sniffing. This is the process in which an attacker gathers the data sample with a software or hardware device which allows data inspection at a packet level. The attacker may see the IP addresses, unencrypted passwords, sensitive data and MAC addresses. After a vulnerability is discovered, the attacker will begin an active attack. The perfect method to prevent this attack is to forbid anything except the trusted network administrators from placing the packet analyzer on a network. Most of the packet analyzers can identify the presence of the packet analyzer, unless an attacker uses software to make the attack invisible.
An FTP bounce attack is the legacy attack that will not work well on the FTP software. It uses the port command to indirectly request access through a victim machine. At once in a a port, an attacker can gain information or else disrupt network communication.
The smurf attack exploits the common network toll such as ping. To prevent this smurf attack, just install the recent security patches. This patch will avoid any network host to ping the own broadcast addresses. It will stop the smurf attack.
Take a deep look to protect against the threats. The mitigate techniques and methods are mainly depends upon the type of threats. Listed below are some of the mitigation techniques:
Training and awareness
It is considered as the most convenient and comfortable form of security. User training is considered as the least expensive and most effective mitigation techniques. It is the best way to keep the users from making mistakes that will lead to a success of the social engineering attack is educating how to handle them. It is important to know the procedures, protocols and policies for the security of a network. Or else training users give a real advantage of the relatively low cost.
When an application or an operating system is released, it is not perfect from the security perspective. Then after the release, updates and security patches are released on the ongoing basis, which can add to a software to make them more secure or provide it more functionality. The windows update systems which are installed in the latest servers and clients can be configured to install as well as download the patches automatically from the site. The windows server update services to download the patches to servers and then test it before applying to the bulk of the clients on the network.
Policies and procedures
The security procedures and policies must be outlined clearly in writing in the organization. It should define acceptable behaviors on networks and organization computers. Who uses the computers has to read the procedures and policies and also sign the form for agreeing it.
When the intruder has enacted an attack on the network, then the first instinct gets the user back to work regardless of what that takes. It makes a more sense in the short run, but in case of long run it might be a wrong move. The reinstall software which is damaged by the attack, then this re-installation may cover the track of an attacker and prevent it from prosecuting and finding it.
It is essential to understand the security threats which affect the networks. And be familiar with the affecting networks like DoS attacks, worms, viruses, smurf, social engineering and man in the middle attacks. It is necessary to learn each type of these attacks operates and how to secure it. Additionally, understand the mitigation techniques such as incident response, procedure and policies, patch management and training and awareness. Understand efficient and effective method of protecting against the social engineering threats and also other network weaknesses. Understand the security patches must be used to update the applications and operating systems.