By Kailin Acheson
First, it's helpful to know who might attack the network; because if you don't know who the threat is coming from, how can you stop them and prevent the attacks?
Malicious users, or adversaries according to the Information Assurance Technical Framework (IATF), are potential attackers. These adversaries could be individuals, business rivals, script kiddies, black hat hackers, disgruntled employees, or others. But potential adversaries might also be nonmalicious users — such as poorly trained employees — who might present a threat to a network.
The IATF defines and discusses the following types of attacks: passive, active, close-in, insider, and distribution (relevant to the CCENT certification exam).
Passive attacks do not modify data and typically involve the monitoring of data flows between systems. Using a network sniffer to extract passwords is an example of a passive attack. By contrast, active attacks typically modify or disrupt the flow of data between systems. A Denial of Service (DoS) attack, which is a flood of Transmission Control Protocol (TCP) packets to a server that causes the server to stop accepting connections, is an example of an active attack. Passive attacks are typically used to improve the success of active attacks.
Close-in attacks are those that rely on the close physical proximity of the attacker to the target system. An attacker who is watching users type in their user names and passwords is performing a close-in attack.
Insider attacks involve a user who normally has some form of access to the target system. For example, an employee transferring confidential information to an unauthorized site is considered an insider attack.
Distribution attacks occur when malicious users modify hardware or software prior to its installation. This modification can occur at the source or while the hardware or software is in transit. A software back door created by the software vendor is an example of a distribution attack.
Specific threats from these types of attacks will be discussed in my upcoming Network Security Part 2: Threats blog.
Goals and motivation can vary among the attackers. For example, malicious users could be motivated by financial gain, information theft, curiosity, or pride; they purposely attack the network with the goals of accessing proprietary information, modifying information, and denying access to information. Nonmalicious users, on the other hand, typically have no motivation to negatively affect the network; however, they might inadvertently compromise the security of the network by choosing weak passwords or installing unauthorized software. So their motivation might be to use something that will make their access easier, but the result might be an exposed network.
There are multiple ways to mitigate the attacks on a network. To help prevent threats from nonmalicious users, such as uninformed employees, you could ensure that all employees are taught the benefit of strong passwords and informed of the reasons behind installing only authorized hardware. To help prevent attacks from malicious users, you should consider the following:
These mitigation techniques work best on specific types of threats. A discussion of those threats will be coming in Network Security Part 2: Threats.
Photo by zeevveez