This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Security issues had never escaped its roles in internetworking field. Attack on confidentiality, integrity and availability of an organization network are always troubling the managerial and operational users. Do a research and write a report to summarize you findings on 3 major network threats that maybe happened in your company network se. E.g. Intrusion, Denial of Services (DoS) attack, Phishing attack, adware and spyware, as well as human factor etc. You are also required to explain the possible preventions for the attacks you have found.
Network threats are continue to increase in number and sophistication. Therefore, security and networking personnel must not only work harder but also smarter to stay ahead of network threats attacks. Sophisticated scanning, penetrating and obfuscating tools and techniques are more widely available now more than ever before. (TechTarget, 2010)
Fortunately, you can take step to prevent the network threats, but you must first understand what the network threats are and how to prevent it. The cost of security is high, including expenses for system and tools, people and resources to configure and monitor the security systems and the time and material to develop the appropriate processes to ensure everyone adheres to policies. (Qwest, 2009)
There are many network threats in an internetworking field. Below are three types of network threats which are Denial of Services (DoS), Phishing attack and adware and spyware. Due to the research, DoS attack is most costly
Denial of Services (DoS) attack
A Denial of Service (DoS) attack is an attack which attempts to prevent the victim from being able to use all or part of their network connection. DoS may target a user, to prevent them from making outgoing connections on the network and target an entire organization, to either prevent outgoing traffic or to prevent incoming traffic to certain network services, such as the organizations web page. DoS are much easier to accomplish than remotely gaining administrative access to a target system. Because of this, DoS have become very common on the Internet. (TopBits, 2010)
These are a few of the classic denial of service attacks. Most of these rely upon weaknesses in the TCP/IP protocol. Vendor patches and proper network configuration have made most of these denials of service attacks difficult or impossible to accomplish. (TopBits, 2010)
The earliest form of denial of service attack was the flood attack. The attacker simply sends more traffic than the victim could handle. This requires the attacker to have a faster network connection than the victim. This is the lowest-tech of the denial of service attacks, and also the most difficult to completely prevent.
Ping of Death Attack
The Ping of Death attack relied on a bug in the Berkeley TCP/IP stack which also existed on most systems which copied the Berkeley network code. The ping of death was simply sending ping packets larger than 65,535 bytes to the victim. This denial of service attack was as simple as:
ping -l 86600 victim.org
In the TCP protocol, handshaking of network connections is done with SYN and ACK messages. The system that wishes to communicate sends a SYN message to the target system. The target system then responds with an ACK message. In a SYN attack, the attacker floods the target with SYN messages spoofed to appear to be from unreachable Internet. This fills up the buffer space for SYN messages on the target machine, preventing other systems on the network from communicating with the target machine.
Prevention of Denial of Services (DoS) Attack
Unfortunately, there are no effective ways to prevent being the victim of a DoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:
Install and maintain anti-virus software
Install a firewall, and configure it to restrict traffic coming into and leaving your computer
Follow good security practices for distributing your email address. Applying email filters may help you manage unwanted traffic.
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
Have you received email with a similar message? It's a scam called "phishing" - and it involves internet fraudsters who send spam or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims. (OnGuardOnline, 2008)
According to OnGuard Online, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with - for example, an Internet Service Provider (ISP), bank, online payment service, or even a government agency. The message may ask you to "update," "validate," or "confirm" your account information. Some phishing emails threaten a dire consequence if you don't respond. The messages direct you to a website that looks just like a legitimate organization's site. But it isn't. It's a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. (OnGuardOnline, 2008)
Prevention of Phishing Attack
To avoid getting Phishing attack: (OnGuardOnline, 2008)
If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either.
Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files
Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure").
Be cautious about opening any attachment or downloading any files from emails you receives, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.
Adware and Spyware
Adware is software that displays advertisements on your computer. These are ads that inexplicably pop up on your display screen, even if you're not browsing the Internet. Some companies provide "free" software in exchange for advertising on your display. It's how they make their money. (Jerry Honeycutt, 2004)
Spyware is software that sends your personal information to a third party without your permission or knowledge. This can include information about Web sites you visit or something more sensitive like your user name and password. Unscrupulous companies often use this data to send you unsolicited targeted advertisements. (Jerry Honeycutt, 2004)
Adware isn't necessarily spyware. Registered shareware without ads may be spyware. Purchased out-of-the-box software may contain adware and may also be spyware. Updates may change a previously ad-free version into an adware product. All this makes for a confusing mess and users need to be on guard when installing any type of software. (PrivacyPower, 2000)
Prevention of Adware and Spyware
Take steps to lower risk of spyware infections¼š (OnGuardOnline, 2008)
Update your operating system and Web browser software. Set your operating system and security software to update automatically to be sure you have the latest protections.
Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Download this software from ISPs or software companies or buy it in retail stores. Look for anti-virus and anti-spyware software that removes or quarantines viruses and that updates automatically on a daily basis.
Download free software only from sites you know and trust. Be aware, however, that some of these free software applications bundle other software, including spyware.
Don't install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software.
Don't click on any links within pop-ups. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the "X" icon in the title bar.
Don't click on links in spam or pop-ups that claim to offer anti-spyware software. Some software offered in spam or pop-ups actually installs spyware. In fact, ads that claim to have scanned your computer and detected malware are a tactic scammers have used to spread malware, so resist the urge to respond to or click on those messages.
"Education is critical. People need to know what they should be defending against."
(Jay Liew, Websense Security Researcher, 2010)
It is very important to plan the network security strategy because network threats won't take a break in an internetworking field. The Web has transformed into a business and application platform.
Hackers will continue to mix social engineering tricks with modern blended threats making the Web more complicated than ever before. The blended nature of today's threats means that all security measures must integrate email, Web, and data technologies.
Organizations can evaluate the attack services in their network and determine what areas are critical to your business. And then choose the appropriate security tools and methods to prevent and protect the threat attack your organization's network.
Protect the network before the network threats attack your organization's network. Don't let the network threats easily to attack your organization's network!