1.4 - Network Security
Forms of attack
- There are many forms of attack on networks, but the most common (and the ones you need to know about) are:
- Malware
- Denial of service attacks
- Brute force attacks
- Social engineering attacks
- SQL injection attacks
- Data interception attacks
Malware
- Malware is malicious software that is designed to damage or
disrupt a computer system, or to gain unauthorised access to a
computer system.
- It can be spread through a variety of methods, including
email attachments, infected websites, and infected software.
- Oftentimes if you are being careless and, for example, running random
scripts without precautions, you are more likely to be infected with
malware.
- Malware tends to delete, corrupt, or modify files and data,
and can also be used to gain unauthorised access to a computer
system (or make it part of a botnet, which is a network of infected
computers often used to carry out DDoS attacks).
| Malware | Description |
|---|---|
| Trojan horse | A Trojan horse (or simply trojan) is a piece of malware that looks like a legitimate program, but is actually a program that has been designed to do malicious things. |
| Virus | A virus is a piece of malware that can replicate itself within the hosts's computer. |
| Worm | A worm is like a virus, but it can spread to other computers without the user having to do anything. |
| Botnet | A botnet is a network of infected computers that are used to carry out DDoS or other attacks. |
| Rootkit | A rootkit is a piece of malware that can hide itself from the operating system and can be used to gain unauthorised access to a computer system. |
| Spyware | Spyware is a piece of malware that can monitor and record the activities of a user's computer. |
| Ransomware | Ransomware is a piece of malware that encrypts a user's files and demands payment in exchange for the decryption key. |
Denial of Service Attacks
- A Denial of Service (DoS) attack is a type of attack that
disrupts a computer system by flooding it with requests,
causing it to become unresponsive or crash.
- The distributed (DDoS) version of this attack is where instead of just using
one or a few computers to carry out the attack, which is easier to block, the
attackers use a large number of computers (oftentimes on a botnet) to
carry out the attack.
- The attackers sometimes request payment to stop the attack.
Brute Force Attacks
- A Brute Force attack is a type of attack that
tries to guess a password by trying every possible combination
until it finds the correct one.
- Oftentimes this is done by using a dictionary of common passwords
first, and then using a brute force attack to try to guess the remaining
passwords (or just password if you're targeting someone specifically).
- Longer passwords and passwords with more types of characters take a lot
longer to iterate over than shorter ones, which is why many places will
force you to use a longer password with more types of characters.
Social Engineering Attacks
- A Social Engineering attack is a type of attack that
attempts to trick a person into divulging confidential information
or performing actions that they wouldn't normally do.
- Oftentimes this is done by pretending to be someone else, or by making it seem like
something has happened that hasn't (for example, a website pretending to be an official
warning from a company like Microsoft telling you you have a virus).
- The most common forms of social engineering are:
- Phishing - where you pretend to be a reputable entity, and trick the user into giving you their details.
- Pretexting - where you get sent a message pretending to be from a government or a company you worth for/with, and then tricks you into giving confidential information.
- It can be very effective because no matter how much you try to protect your computers, you are always susceptible to human error.
SQL Injection Attacks
- A SQL Injection attack is a type of attack that attempts to insert malicious SQL code into a frontend (like a website) to gain unauthorised access to the database.
uhh... but what is SQL?
- SQL stands for Structured Query Language, and is a language used to interact with
databases. It is a very powerful language, and is used to create, update, and delete
data in a database. It is also used to query the data in the database, and to perform
other tasks such as creating views and stored procedures.
- There are many types of SQL commands, such as SELECT, INSERT, UPDATE, DELETE,
CREATE, ALTER, and DROP. If a database input (such as on a login page) is not
'sanitised' properly, it can be used to perform SQL injection attacks.
SQL is either pronounced 'sequel' or ess queue ell. Under NO circumstances
is it 'squeal'.
Data Interception Attacks
- A Data Interception attack is a type of attack that attempts to steal data from a
system by intercepting and reading the data being sent between the system and the user.
- Oftentimes this is done by using a tool called a sniffer, which is a piece of software
that captures all the data being sent between the system and the user, and then displays
it to the attacker.
Methods of preventing attacks
- There are many methods of preventing attacks, but some common ones are:
- Firewalls
- Passwords
- Encryption
- User access levels
- Penetration testing
- Physical security
- Antimalware/antivirus software
Firewalls
- A firewall is a piece of software that allows you to control what traffic
can pass through it, and what it can block. It blocks unwanted traffic by
filtering requests and responses.
- Often both your router and your computer will have firewalls, sometimes
even your DNS has a firewall.
Passwords
- Passwords are a way of protecting your data, and are used to prevent
unauthorised access to your computer. They are usually stored in a database,
and are hashed using a one-way function (such as SHA-256) to make them
difficult to reverse engineer.
- These help prevent data theft and brute force attacks.
Encryption
- Encryption is a way of protecting your data, and is used to prevent unauthorised access to your computer. It is done by using a one-way function (such as AES) to encrypt your data, and then decrypting it using a key.
User access levels
- User access levels ensure that no one has higher access than they absolutely need.
- For example, in a company, an IT administrator account might have access to everything, but
a sales account might only have access to sales data.
- This prevents data theft, and can lessen the impact of a social engineering attack.
Penetration testing
- Penetration testing is a way of testing your computer for vulnerabilities.
- It is carried out by using both a tool called a vulnerability scanner, which
scans your computer for known vulnerabilities.
- Penetration testing is also done by people (sometimes known as 'ethical hackers')
who act like malicious hackers, and when they find a vulnerability,
they report it to you. Sometimes these people are employed by companies, and sometimes
bugs are reported through a 'bug bounty' program.
- This can prevent SQL injection, make social engineering attacks harder, and lets
attack vectors be found and fixed before they are exploited.
Physical security
- Physical security is simply preventing physical access to a part of a network.
- For example, having a keycard system for access to a server room, CCTV, or simply
security by obscurity.
- This prevents data interception and theft, and can prevent social engineering attacks.
Antimalware/antivirus software
- Antimalware/antivirus software is a way of protecting your data, and is used to prevent
unauthorised access to your computer. It is done by using a tool called a
antivirus software, which scans for malware and then reports it to you.
- Antimalware software can be used to scan emails, files, websites etc.
- It works because it has a list of known malware signatures, and if even
if a program is not on the list, if it behaves suspiciously it can be flagged
(hence false positives).
- Antimalware software is used to stop... well, malware.