There are two types of threats: Intentional and Accidental.
Network security threats have
- three main weakness: technology weakness, configuration weakness, and policy weakness.
- four types of security threats are: unstructured threats,structured threats, external threats, and internal threats.
- four classes of network attacks : reconnaissance attacks, access attacks, denial of service attacks, and worms, viruses and Trojan horses.
Reconnaissance attack
This attack refers to the gathering of information on a target network, enabling the hacker to be able to find the vulnerability of the network. Ping sweeps, port scans, packet sniffers, and internet information lookup, are ways of reconnaissance attack.
Reconnaissance attack can only be mitigated and not prevented. One way of mitigating it is when a reconnaissance attack occurs IDSs at the network and host level can inform the administrator.
Access attack
This attack refers to unauthorized personals gaining access into the network. There are different types of access attacks, like password attack, trust exploitation, port redirection, and man-in-the middle attack.
One type of password attack is through the use of rainbow table.
Some ways to mitigate password attacks is having a more complicated password and having a certain number of login failure attempts.
Denial Of Service attack (DoS)
This attack prevents authorized personals from using the service. DoS is easy to execute but hard to eliminate. There are different types of DoS attacks, like ping of death, and SYN flood.
Most easiest way to control DoS is through the implementation of anti-spoof and anti-DoS.
Worms,Viruses & Trojan horses (Malicious Code Attack)
Worms not only executes codes but also in it's CPU's memory install copies of itself which can also cause other CPUs in the network to get infected.
Virus are spread from one computer to another through program files. A way to prevent is through anti-virus software.
Trojan horses is a virus that is programmed to look like a software and when the user download it, the virus will attack the CPU. One way to prevent is anti-virus and remember to keep the anti-virus up-to-date.
http://www.orbit-computer-solutions.com/Network-Access-Attacks.php
http://www.orbit-computer-solutions.com/Denial-of-Service-%28DoS%29-Attacks.php
http://www.orbit-computer-solutions.com/Malicious-Code-Attacks.php
Personally I think that reconnaissance is not an attack, but part of any attacks. Reconnaissance is the preparatory phase in the hacking cycle whereby attackers scan and collect information on the systems he wanted to attack on.
ReplyDeleteAccess attack is one of the phrases, also part of any attacks. It is when the attacker gained enough information to launch the attack, gaining access to the system.
Network threats should include threats that results from connection to any network such as the Internet. The DNS poisoning, SQL injection are examples of such threats.