Networks provide access or entry points to organizational systems and applications. It is emphatically crucial that gatekeepers be installed to help in controlling unauthorized access to several servers within the networked environment. While operating system's gatekeepers within servers provide a good source of protection to servers, it's important that servers are protected from other external attacks. Reconfiguration and replacement of gatekeepers by imposters should also be protected. Computer networks act as important channels for sharing resources, data, and other communication functions. To avoid cases of downtime, which affects critical business applications, it is important to implement network maintenance and data protection mechanisms that will not only improve the security and reliability of the network but also help in optimizing network performance. Many a times, poorly configured network devices are major targets for attackers. A network is susceptible to external attacks if it has wide-open access controls, weak default installation settings, and unpatched devices.
Before protecting any network, it is fundamental that one understands the different types of threats in order to assist in developing strong countermeasures. The major types of threats that pose high risks to the network include information gathering, session hijacking, spoofing, denial of service, and sniffing. By obtaining a clear understanding of these threats and their effects to the network, it becomes possible to implement countermeasures to overcome the effects of these threats.
Information Gathering
An attacker can use information gathered to reveal confidential information regarding the configuration of the network system, understand the network typology, and as well, gather details concerning the connected network devices. With the gathered information, the attacker is capable of mounting attacks that target the specific areas of vulnerabilities revealed from the information gathered. Insecure nature of IP/TCP protocols, exposed services, and accessible configuration information are areas of vulnerabilities that might give a chance to an attacker (Papaj, Doboš, & Čižmár, 2012). The possible types of network attacks based on information gathering include the use of port scans, Telnets, Tracerts, and broadcast requests. Preventing such attacks involves the implementation of countermeasures such as the installation of firewalls to cover hidden services and the use of generic service banners that help in hiding configuration information.
Session Hijacking
This network threat involves the use of a network application that acts as either the server or the client. One of the two parties will be tricked into thinking that the attacker is a legit host. Attackers, to obtain the logon information used to access vital or confidential information from the system, commonly use this strategy. Networks prone to such attacks have unencrypted communication and poor physical security. Packet manipulation, hidden identity, and routing changes are examples of strategies used by attackers to attack such networks (Min-Wei, Xing-Cheng, and Guang-Zhao, 2004). Countermeasures to prevent such type of attacks include frequent inspection of network firewalls and encryption of network sessions.
Spoofing/identity obfuscation
This entails a situation where an attacker does not reveal his/her real identity on a computer network. This involves the use of fake source addresses that does not provide a representation of the real packet address from the originator. Such attacks limit the ability of the host to access the network because the attacker operates around the access control lists. A network is vulnerable to spoofing if its the nature of the IP/TCP protocol is insecure and as well, if the network does not have egress and ingress filtering. To attack a network using spoofing, a number of tools can be used to alter outgoing data packets to imitate the source (Sahare, Joshi, & Gehlot, 2012). Countermeasures for protecting a network from such attacks involves the installation of egress and ingress filters.
Denial of Service
Simply, this network threat involves denying access to the rightful users using strategies such as flooding the server with unnecessary traffic. Increased traffic leads to the consumption of the available bandwidth hence causing network downtimes. A network that is susceptible to this kind of attack have weaker configurations in the switches and router, allow unencrypted information, and are subject to service software bugs (Min-Wei, Xing-Cheng, and Guang-Zhao, 2004). Attackers use buffer overflows, flood attacks, and broadcast attacks to the jam the system and deny users access to the system. To overcome the threats of denial of service, system administrators should patch and update their software, filter broadcast requests, and control, messages that pass through the server protocol.
Sniffing/eavesdropping
This threat involves the activity of secretly monitoring the network for data to obtain information such as configuration information and clear-text passwords using simple packet sniffers. Supriyanto, Hasbullah, Murugesan, & Ramadass (2013) argue that it is also possible to crack network algorithms and read the network codes. Vulnerabilities of a network to sniffing is possible because of weaker physical securities, failure to encrypt sensitive information, and plain-text communication between servers. Attackers find it easier to use packet-sniffing tools to capture traffic on the network.
Conclusion and recommendation
Based on the analysis of the above threats, reasons for susceptibility to attacks, and possible strategies for countermeasures, it is possible to adopt and implement certain policies, practices, and applications to strengthen the security of the network. These protection strategies include:
- Strengthening administrative access to the network by controlling the ports and interfaces administrative connections are allowed to connect. This will help in restricting access from unauthorized persons and applications and as well, in preventing network hijacking
- Installation of firewalls to control points where untrusted networks interact. This can be achieved by installing filters, patches and updates, intrusion detectors, and perimeter networks
- Using switches to forward packet data to the other network segment without having to share it on the network. This reduces chances of traffic being shared among segments, which are switched.
References
Min-Wei H., Xing-Cheng, L, and Guang-Zhao Z., (2004). The open router of active network and security. Kybernetes, 33(2):268 - 272
Papaj, J., Doboš, L., & Čižmár, A. (2012). Opportunistic Networks and Security. Journal of Electrical & Electronics Engineering, 5(1), 163-166.
Sahare, S., Joshi, M., & Gehlot, M. (2012). A Survey paper: Data Security in Local Networks Using Distributed Firewalls. International Journal on Computer Science & Engineering, 4(9), 1617-1622.
Supriyanto, Hasbullah, I., Murugesan, R., & Ramadass, S. (2013). Survey of Internet Protocol Version 6 Link Local Communication Security Vulnerability and Mitigation Methods. IETE Technical Review, 30(1), 64-71.
