IDENTIFYING POTENTIAL MALICIOUS ATTACKS, THREATS AND VULNERABILITIES
IDENTIFYING POTENTIAL MALICIOUS ATTACKS, THREATS AND VULNERABILITIES
1. Potential malicious attacks and threats that could be carried out against networks and organizations and their potential consequences
The three potential threats that may affect the network configuration are:
This type of attack is a group of compromised systems (also known as "zombie computers") that attack a single target to cause a denial of service to users themselves are legitimate.
The attack consists of a huge flow of messages and requests to the target network. The information flow is released for this overloading and force the system to shut down; as a result, it denies service to legitimate users.
A typical way to achieve a DDoS attack is that the attacker exploits a vulnerability in a computer system and become its "Botmaster". Then this Botmaster identifies other vulnerable systems and infects them with malware to turn computers into zombies. When sufficient control (which botnet or zombie army would be called), they send instructions to a specific target launch an attack (Incapsula, 2015).
Difference between DoS and DDoS
There is a difference between DoS and DDoS. The first is simply a denial of service and the second is a distributed denial of service attack.
DoS attacks only need a computer and an Internet connection to overwhelm the bandwidth and resources of a target. Furthermore, the DDoS attack uses many devices and multiple Internet connections that are usually distributed throughout the world. Of course, since the attack comes from different directions is almost impossible to divert because it is not dealing with a single attacker.
Types of DDoS attacks:
Based on volume: in this case, the purpose of the attack is to saturate the bandwidth of a website that is the goal. The idea is to cause congestion.
Protocol attacks: this type of attack consumes server resources or a service that work as an intermediary such as a firewall or load balancing. This attack can knock up services that can maintain millions of active connections.
Application layer attacks: this requests that are disguised as legitimate or innocent but to make the Web server to stop working users are used.
■ Syn Flood
The TCP/IP protocols have a header and markers that are called Flags, which among other things indicate the priority of this connection or when it ends.
The flood is sending TCP/SYN packets with connection requests with falsified IPS, and the target machine tries to answer each of these connections by sending a TCP/SYN-ACK connection waiting for this machine responds origin. Since IP is false and no one has requested that connection logically no one answers, it begins to accumulate pending connections until the machine is saturated to reach the limit of connections and stop servicing legitimate requests (Eddy, 2006).
■ ICMP Flood:
With this option, the hacker leaves no bandwidth to the victim and send ICMP packets requests or large Pings to the victim with the intention of an Echo Reply respond. The volume of requests is so large that it cannot be both the 100% of the bandwidth and processing capacity is compromised by the server.
The best known of this type of attack is called the SMURF variant that is put between a broker and more. The attacker addresses these intermediaries ICMP Echo request with the IP of the machine being attacked when all these intermediaries responded do the target and achieved a similar effect to that account in the first part of this point but without needing much power process (Radware, 2015).
2. Proposals of security control to protect against selected potential malicious attacks.
Controls and preventive systems to warn a DDoS attack is not possible, at least not from the current corporate environment. This difference between DoS and DDoS means that with a display of our conventional arsenal of tools cannot prevent an attack. The administrator can implement firewalls, anomaly detectors, application controls, but if the bandwidth is consumed, nothing can be done. The administrator can prevent illegitimate packets arrive at the system, but the attack has already consumed bandwidth so it will not respond back to the application. The only thing the administrator can do at this point is to identify what is the problem and contact the Internet provider.
The rapid identification of DDoS, SYN Flood, and ICMP Flood is essential
The first step is identification. The ability of the administrator to identify an attack can be the difference between a quick or slow recovery. While prevention may be impossible, identification is relatively easy. The previous can be achieved by monitoring systems data flow analysis and bandwidth use, firewall logs to understand what is being attacked, and IDS identification. By using some of these resources, the administrator will be able to identify the attack quickly and effectively (Leach, 2013).
Neutralize the threat
With these aids, companies can neutralize the threat and resume normal operations. Perhaps never the real motive behind an attack is known but serves as a reminder that the threat is real. To mitigate this threat, the ISP will have to combine their efforts. To facilitate a quick recovery, the Administrator has to check that the system has all the necessary resources to detect an attack and the knowledge to understand what to do.
Reference List
Eddy, W. M. (2006, December). Defenses Against TCP SYN Flooding Attacks - The Internet Protocol Journal - Volume 9, Number 4. Retrieved from Cisco: http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-34/syn-flooding-attacks.html
Incapsula. (2015). Denial of Service Attacks. Retrieved from Incapsula: https://www.incapsula.com/ddos/ddos-attacks/denial-of-service.html
Leach, S. (2013, September 17). Four ways to defend against DDos attacks. Retrieved from Network World: http://www.networkworld.com/article/2170051/tech-primers/tech-primers-four-ways-to-defend-against-ddos-attacks.html
Radware. (2015). ICMP Flood. Retrieved from Radware: https://security.radware.com/ddos-knowledge-center/ddospedia/icmp-flood/