By Kailin Acheson
If you are a network administrator, you might be familiar with various types of attacks that malicious users might launch against the network in an attempt to destroy it. These attacks, described in Network Security Part 1: Attacks, include passive, active, close-in, insider, and distribution attacks. As a network administrator, you should also be familiar with possible threats to the network. These include physical threats, reconnaissance attacks, and access attacks.
Physical threats, which are active attacks, fall into four main categories:
- Electrical threats – include inadequate power, unconditioned power, and the total loss of power to a network device; these can disable and potentially change affected systems.
- Hardware threats – include accidental or malicious physical damage to devices; these can cause component failure.
- Environmental threats – include tampering with climate control systems to affect temperature and humidity conditions; these can cause devices to fail or shut down.
- Administrative threats – include poorly labeled devices and components, improper handling of electrical components, inadequate supplies of spare parts, and incorrectly handled procedures; these can lead to the disconnection of the wrong device during a network upgrade or unavailability of a new, necessary device, among other issues.
To help protect a network from physical threats, you should ensure that network devices reside in a physically secure location that provides adequate electrical and environmental conditions as specified by the device manufacturers. Additionally, you should ensure that administrative staff is properly trained in the safe operation of all network hardware, and you should maintain a sufficient store of readily available replacement hardware in case anything happens to your original devices.
Reconnaissance attacks, which are typically passive attacks, fall into three main categories:
- Packet sniffing attacks – enable access, through the use of packet sniffers, to otherwise inaccessible data; these are commonly used to extract clear-text passwords from network traffic.
- Ping sweeps – rely on the transmission of Internet Control Message Protocol (ICMP) packets between devices; these use Internet Protocol (IP) addresses to generate a list of potential targets.
- Port scans – probe Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports on network devices; these are used to discover information such as operating system (OS) revision and configured network services.
To help protect a network from reconnaissance attacks, you should ensure that the network is a switched network and that its communications are encrypted. If possible, you should disable ICMP Echo Replies to mitigate ping sweeps. You should also consider installing Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) on the network to detect port scans.
Access attacks, which are typically used to gain unauthorized access to network systems and the information they contain, include the following:
- Password attacks – include packet sniffing attacks, brute-force attacks, and Trojan horse attacks; these attempt to discover the password to a particular device.
- Buffer overflow attacks – are typically a result of poorly written software code or a bug in a particular software implementation; these exploit software vulnerabilities to execute malicious code.
To help protect a network from access attacks, you should implement strong password requirements, account-locking requirements, and encrypted passwords. You should also implement a Host-based IPS (HIPS), executable space protection, and safe programming libraries, all of which can help mitigate buffer overflow attacks.
For a few practical steps to help you fix some network problems, check out Tim's blog, An Administrator's Guide to Popularity. To see a few additional ways to help protect your network from these threats and other attacks, see Network Security Part 1: Attacks.