This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Affected area: Availability. A denial-of-service (DoS) attack is when an attacker attempts to disrupt the network by flooding it with messages so that the network cannot process messages from normal users (Dennis, 2010) or deny the use of resources to legitimate users of the systems, information, or capabilities (Maiwald, 2002). The DoS attacks are mainly towards on electronic stuff such as computer systems and networks (Maiwald, 2002). In most of the cases, the DoS carrying out by the hackers have different motives. Most common is that a person wish to prevent an Internet site or service from functioning properly.
According to Maiwald (Maiwald, 2002) The DoS methods of attack can be categorized into different type as shown below:
Denial of Access to Information - Causes information to be unavailable, by destructing the information or changing the information. Without the information, the organization's daily operation might not able to perform properly.
Denial of Access to Applications - Target the applications that manipulates or displays information. The prevention of access to application might cause the organization unable to perform certain task that requires the particular applications.
Denial of Access to Systems - Bring down a computer system which running different applications and contain a lot of stored information. Although the term of DoS is regards to computer network, it also able to interfere the computational resource management, by consuming the processor time, bandwidth, RAM, disk space (Wikipedia, 2010). These could cause the system crash
Denial of Access to Communications - The most common attacks in DoS and had been performed for many years. These can be easily done by disruption the physical network component such as cutting wire, jamming communications. Flooding networks server such as Web server and mail server with excessive traffic. These cause the server attempts to respond to these, but end the end failed. Besides that, the most recently technique used in denying service to Internet Service Provider servers by using a TCP SYN flood attack (Min, 2004), and other common TCP/IP protocols DoS attack such as ICMP Attacks or UDP Attacks.
DDoS agent (Zombie)
Figure 1.1 A distributed denial-of-service attack
Another most commonly seen DoS attack is distributed denial-of-service attack (DDoS) which is even more disruptive (Dennis, 2010) such as MyDoom.A. The figure 1.1 shown above is an example of a DDoS tool. The hacker uses a client computer and connects to the DDoS handler (also known as botnet) that able to control the compromised computer, the DDoS agent (also known as zombie or a bot). These DDoS agent are controlled via the handler by the hacker's control, the handler issues commands and instructions which is normally automated routines and will start to exploit the vulnerabilities of the targeted server. As a result the DDoS attack consists of multiple machines that can generate more traffic attack on a single machine.
The Stacheldraht uses classic attack method such as IP spoofing, smurf attacks and fraggle attacks, which cause the maximum consumption of bandwidth attacks (Wikipedia, 2010). The Smurf attack able to floods a target system with spoofed source of IP address and ping messages and the server has no clues to reply the flooded IP packets. SYN floods as mentioned may use in the DDoS as well. As simple, the agent send messages to the target site which come from different sources which make it harder to identify the DoS message and increase the changes of DoS message hitting the target (Dennis, 2010).
There are several prevention and response that can be to the DoS and DDoS attacks from affecting the network. The first method is to configure the main router/firewall that is connect to the Internet. The technique Traffic filtering can be used to validate the incoming messages are in the valid protocols, ports, IP addresses range, these can ensure the only valid addresses only permitted to the network. Secondly, the main router/firewall's Traffic limiting able to be configure to limit the number of incoming packets that might potentially to be DoS/DDoS attack packets to enter the network. Thirdly, a special-purpose security device, called traffic anomaly detector that perform traffic analysis by learning the normal traffic pattern and will able to detect abnormal IP traffic that suddenly that destined to a specific address and device, these IP packets will be quarantined for further analyzing. Although these method might slow down the incoming IP packets, but it can greatly reduce the chances of DoS/DDoS attack.
Affected area: Confidentiality
Trojans are remote access management consoles (also known as rootkits) that enable the hacker to remote access to a computer system and perform various operations it at from anywhere. The Trojan need to be installed by the user of the targeted system so that the Trojan can be triggered and start the operation.
The Trojan Horses can be installed in many types of methods, such as free software download which often the Trojans are concealed in the software and able to download over internet, also known as Bundling in some cases that a Trojan is a part of software application and can be downloaded P2P file sharing network (e.g. torrent). Downloaded Email attachments, Website that contain ActiveX control which is Trojan in disguise, Application exploits such as flaws in Web browser, Adobe Flash player, IM client which allow the installation of a Trojan horse (Wikipedia, 2010). Most of the time, the Trojan horses are silently install software at background without the user's awareness, and at the most of the time many Trojans are stealth and undetectable by antivirus software if is not up to date. Example, even viewing a suspicious web page, a Trojan will automatically install the malware silently without the user doing anything on the web page. The Trojan Horses have self-replication ability to send Email attachment or URL link through IM Client to other peer of users. When the user click the link and redirect to the web page and the device will be affected by Trojans Horses. Furthermore,
Once the Trojan horses had been installed, these are the operations that can be performed by a hacker on a targeted computer system through opening backdoors: Disabled firewalls, anti-virus software and any other defensive software on the targeted system. Perform keystroke logging, crashing the computer, downloading and uploading files, perform modification and deletion of the files, stealing private data (e.g. passwords, credit card numbers), and installation of third-party malware. The hacker can even monitor the user desktop screen; trace the camera and microphone activity. The figure 1.2 shows that some of the "Fun Stuff:" that a hacker able to perform, disable mouse, opening and closing CD tray and so on.
Figure 1.2 Menu on the control console for Optix Pro Trojan
The Trojan Horses even have defensive measurement to protect the hackers themselves. The Trojans can be schedule when it will be open a random port that allows the hacker to step in and control the targeted computer (Dennis, 2010). Besides, the hackers also need to take up the responsibility to trace their own Trojans horse by using port scanner on the network to find the one with the Trojan horse successfully installed (Wikipedia, 2010).
Spyware, adware, and DDoS agents are the three commons types of Trojans can be found. DDoS as explained in previous. Spyware able to capture and spy the victim's private information by recording keystroke in order to gain access to the user's password and any sensitive information. Adware able to displays pop-up advertisements on the user's desktop screen by monitoring the user actions, e.g. when you wish to enter a desire web site, but the Adware able to redirect to another web site for instance (Dennis, 2010).
The possible solution of preventing Trojan Horses is to install latest Antivirus software and the version must be constantly updated so that able to detect and delete Trojan horses and prevent it being installed all over again. Specialize antispyware tool can be found such as Spybot and NinjaPendisk (USB Flash drive viruses removal tool). User have to be cautious about opening any attachment or downloading any files received via Email. Avoid clicking any suspicious pop up message. For organization level, implement strict policies and procedures for installing new software, and end users should be forbidden from installing unauthorized programs. In some case, new programs and tools should be installed in a test environment before putting them into a production environment. In the worst case, the Trojan horses have corrupted the PC system, antivirus software had been disabled, and the Trojan Horses cannot be manually remove, the best way is to backup important data, erase potentially affected hard disk, and reinstall the operating system.
Social Engineering - Phishing Attack
IT staff tend to concentrate on technical side of network security such as firewalls, antivirus software, encryption and so on. However, the real problem of network security is the humans who use them. The social engineering technique tricking individual users into providing information, it preys on an individual's desire to help, an individual's fear of getting into trouble, or the general trust among individuals. This is the most common ways for attackers to break into a system, by simply asking (Turban, 2006, p.458).
Phishing is a very common type of social engineering. Phishing attack can be define as a high-tech scam that uses e-mail, pop-up messages, or Web pages to trick a user into disclosing sensitive information such as credit card numbers, bank account numbers, and passwords (Turban, 2006, p.458). The attacker simply sends email to millions of users that might gain the user attention and that email contains a link that directs the user to a phishing web site.
Figure 1.3 Phishing Email
Take a look of the example of phishing email at the figure 1.3, is about telling the email receiver's bank account has been shut down and require them to reactivate it by logging in. The URL address seem to be correct but it will redirect to a fake website and it appear as a bank's Web site, the red line box shown that the URL actually pointed to unknown web site. When after the user try to login to the fake web site, the attacker will able to track down their bank account user ID and password, therefore the attacker can hack into the victim's account at ease.
Figure 1.4 Example Phishing attack on IM Client
Over the past few years, Internet chat rooms and instant messaging also has been used by the hackers to perpetrate social engineering attacks or phishing attack. At the figure 1.4, one victim of the PC and IM client has been affected by Trojan, and it start to send phishing URL link to all other recipient in the IM client contact list without the approval of the IM account's owner. The person who receive it, and click on the link and it will redirect to a phishing site and probably start to download Trojans and perform the same thing over and over again in a circulate form. A twitter post shown at Figure 1.5 can contain phishing site that other reader might fall into the trap.
Figure 1.5 Example of Phishing attack on Twitter
Rather than rely on the security tool that able to detect phishing web site as shown at Figure 1.6, the Firefox browser able to detect the fake web site as a phishing site and will block the web page for loading and give an appropriate phishing warning to the user. The best way to protect yourself from phishing attack and combat the social engineering by learn the knowledge of phishing and how to avoid them.
User must stay vigilant, alert and cautious with e-mail that you received from other user.
Try not to redirect the URL link that can be found in the Email, unless is highly trustable.
Try not to disclose sensitive information to the third party such as user ID and password, as most of the organization never request sensitive data from a user.
Provide education and training to the user; let them to be educated about social engineering and phishing attack used by the hackers.
When visiting a web site, make sure the URL address is correct and same as usual. While when sensitive information need to be submit to the host, make sure the web site is truly secure, such as Hypertext Transfer Protocol Secure (HTTPS)Â that contain SSL/TLS protocol which provide encrypted communication between host and client.