The OSI security architecture focuses mainly on security attacks, security mechanisms and security services. Security attack is the act of denying the security or stealing the information of any organization. Security mechanism is the technique used to recover, protect or detect the attack caused to the information of the organization. Security services are the services used by the organization to enhance the data processing systems, these services are mainly intended to counter the attacks.
Network Attack may be defined as a method, means or process used to attempt maliciously to compromise network security. There many different reasons for performing network attacks. Some of the major reasons are to get the financial information of the individual user or the organization, to gain the confidential information of the firm or the organization with the intension of misusing.
The two major types of network attacks are the passive attacks and the active attacks. Passive attacks mainly intend to monitor, interpret or read the data or information in the network whereas active attack tries to alter the information in the network.
There are many different types of passive attacks and active attacks. Two different types of passive attacks are release of message contents and traffic analysis. In both types of attacks the attacker will not try to modify the data he got, but the attacker will monitor the data. Finding this types of attacks are difficult because the attacker will not modify the data so that the sender or the receiver never know that their data was hacked. Four different types of active attacks are masquerade, replay, modification of messages and denial of services. In all these attacks the attacker tries to monitor and modify the data in different ways. Opposite to passive attacks these active attacks are easy to detect because the attacker here modifies the data. As these attacks are easily detectable they can be prevented in early phases.
Apart from these above mentioned attacks there are different kinds of attacks which lead to many kinds of damages to the organization. Therefore these network attacks are considered as a serious problem or a serious threat the organizations using networks.
The concept networking systems or computer network has many real time applications, which allows us to make many things simpler. But these networks have disadvantages too. One of these disadvantages is these networks are prone to attacks called network attacks. We can protect networks from this kind of network attacks by using some security mechanisms. To maintain or to give security to a network we should know about these attacks and the methods or the procedures used by the attackers .
A network consists of two or more computers that are linked together to share resources (such as CDs and printers), allow electronic communication, exchange files. The computers on a network are linked through infrared light beams, telephone lines, cables, satellites, radio waves.
AÂ computer network, often simply referred to as a network, is a collection ofÂ computersÂ and devices interconnected by communications channels that facilitate communications among users and allows users to share resources. Networks may be classified according to a wide variety of characteristics. A computer network allows sharing of resources and information among interconnected devices.
4. Why do we need a network?
If a business has two or more computers, one can benefit by networking them. A local arae networks (LAN) connects company's computers together. This networking allow to share & exchange different types of information. If we have a single computer it is useful, and if you have many computers in network then they will be much useful.
Networking of computers is useful in many different ways. Some of them are:
Sharing a Printer
Organizing data and many more.
5. Network attack
Network Attack may be defined as a method, means or process used to attempt maliciously to compromise network security.
6. Reasons for network attacks:
There are many reasons why any individual would try to attack the corporate networking systems. The individuals who try to perform network attack are generally known as network crackers or attackers or hackers. These attackers try to attack networked systems in many different ways.
Different kinds of network attack performed by attackers, crackers or hackers are:
To illegally use others accounts and privileges.
Illegally using others privileges and accounts.
To steal software or to steal hardware.
Trying to modify data.
Running code for corrupting others data or damaging systems.
Capturing data and misusing it for financial gain.
Performing actions for depleting network bandwidth and resources.
7. Some Common Network Attacks
Any network has to be protected with some kind of security otherwise the network may be attacked by the network hackers. There are two types of attacks: Active and passive.
Active attacks are the attacks in which the data is altered or changed by the attacker to misuse the data. Whereas passive attacks are the attacks in which the information is captutured by attacker but is not altered by them.
Some of the common attacks networks encounter if they do not have a good security are:
Identity or IP Address Spoofing
Many network communications take place in an unsecured passion. Of which most of them are in clear text format. Which allows the cracker to gain access or read and interpret the data in the communication, this is called evesdropping. This kind of attack is the major attack our networks are encountering. Unless one use good cryptographic techniques this problem cannot be solved.
9. Data Modification
Through eavesdropping the cracker can read the data and after reading the data now the cracker wants to change or alter the data which he have . A cracker can change the data in the network without the permission of either sender or the receiver. Even in our day-to-day activities also sometimes we need security while transferring money or while dealing some financial issues. No one wants there data to be altered and sent to the receiver.
By considering above issues even this type of attack can also seriously effect network issues.
Fig2: Data Modification
10. Identity or IP Address Spoofing
Many networking system and other companies use IP address as the main criteria to identify the authenticated user or the entity. But the cracker can run a malicious code and generate the same IP address, this is called Identity spoofing.
By this kind of attack the victim may never know that they are sharing the confidential information with the false entity.
After gaining the IP address of the target system the cracker can do many thing like modifying data or sending false information to the network and receiving the confidential information from the network.
11. Password-Based Attacks
In many organizations and companies people are categorized into different section like administrator, upper level and lower level .According to their level they access different things on the network. But everyone are authenticated by using proper user name and password.
By eavesdropping the cracker can monitor the information on the network and can have the passwords and usernames .With this a cracker can do many things, like the lower level people can access the information of the upper level or the administrator level files if the username and password are known
Cracker can do many things once he gets the access like:
Get the network related information and the IP address of all the computers in particular network.
Alter network and server configuration, access controls and information related to routing tables.
Modify, delete, or reroute data.
12. Denial-of-Service Attack (DOS)
This attack is a step ahead from other kind of attacks performed by crackers. DOS does not allow the actual legitimate user to use their network functions normally.
By using this attack cracker can do the following things:
Increase the traffic in network and make the resources unavailable for the authentic users of the network.
Using DOS cracker can flood the network completely and can make the system of the network go down.
As the cracker has the complete access through DOS, cracker divert all other users of the network and can make many more attacks in the network.
Attacker can send wrong information and pass it through the network system and can make the network behave abnormally or can make the system go down without saving the data, leading to loss of information.
Fig2: Denial of Service
13. Man-in-the-Middle Attack
As name says Man-in-the-middle attack is like there will be some man in the middle of the conversation or some information exchange and interpret and control the information from sender to receiver and from receiver to sender.
This attack is like someone taking your identity and pretending as if he was the actual legitimate user, and perform all the action and access all the rights of the actual entity and control the information in the network.
For example, the middle man can alter the data and send it to the receiver or send it to the fake receiver. And either the sender or the receiver knows that there was a man in the middle and altering all the information between them, and they will continue the conversation.
This attack cause more or less same damage as the application layer attack makes.
Fig3: Man-in-the-Middle Attack
14. Compromised-Key Attack
Key is the code or the secret number which is used to make secured data conversation between the two parties. There are many different algorithms used to generate the key in general. But crackers can even get this key and get the information decode, this key used by the hackers is known as the compromised key.
The cracker can use this compromised key in many ways, by using this key he can decode the information between the two parties. Hacker can modify the data by decrypting the data which of encrypted by the main user.
And by using this duplicate key, cracker can make many more keys by getting the algorithm from the obtained key and can decrypt many other conversations in the network.
Fig4: Compromised Key Attack
15. Sniffer Attack
A "sniffer" is the device or application that can capture, read and monitor network data exchange and can monitor network packets. If this data in the network was not encrypted then the sniffer can get all the information which was in the network.
And sometimes tunneled data packets can also be broken and the data inside the packet can be read unless the packets are encrypted and cracker does not have the compromised key.
Using the sniffer, cracker may perform some of these activities mentioned below:
Gain access of the network and alter the information or can terminate the session. Get the data from the network and misuse the information which was expected to be confidential.
Monitor all your network communications.
Fig5: Sniffer Attack
16. Application-Layer Attack
An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following:
This type of attack mainly targets the application level servers, which leads to fault in application level or the user applications. This attack gives complete access to the attacker to change all the regular access controls.
With this attack cracker can gain complete control of the network, system or the application and can perform any of the activities mentioned below:
Monitor, add, remove or alter the information in the network or the entire operating system.
Allow the sniffer program into the network and know all the information.
Disconnect all the security applications and give chance to the future attacks.
Make the application get down or terminated. Make operating systems run against the user requirements.
Abnormally terminate your data applications or operating systems.
Install software in the network and let that software allow all other viruses and worms into the network and replicate.
There are many different kinds of attacks. Some of them are mentioned below:
Phishing Attacks, Phone SMS and E-mail
XSS - Cross-Site-Scripting Attack
SQL Insertion Attack
PHP File Include Attack
P2P File Sharing Attack
SPAM Mail Relay
In general computer networks have wide variety of applications, but at the same time it has many threats known as attacks. So every network should have its own security plan which can protect it from network attacks. On the other hand, it is very difficult to protect data on the networks. Therefore a trusted third party is necessary to get the secure transmission of data. And it must be responsible for transferring the secret data over the network.
In order to protect our data over the networks from network attacks, first we must be aware of different types of network attacks and how they gain access of information over networks.