Introduction
The current escalation of computer attacks on the Internet has given engineers and computer network a run for their money and skills. There has been a lot of research that has been done to make sure that networks are safe from the hackers at all times. Network administrators have to make sure that their technologies are always ahead of the hackers and should do the network monitoring keenly. In order to design a secure network, there are a number of factors which must be put into consideration.
There are various attacks that affect the network. The following sections of this paper will focus on the types of attacks that are common on computer networks:
SQL injection technique
SQL Injection technique is a malicious attack aimed at compromising the capability of servers and hence web applications. Just like buffer overflows, it’s a malicious attack that is based on the vulnerability of the input used in a web setting. The main idea behind the SQL injection technique is to trick the program into executing a code different from the intended one. A successful running and execution of this cod in its intended code is what makes the attack successful. SQL injection technique has a way of reducing the size of its codes so they don’t seem suspicious to the firewalls that are set in place by security experts (Clarke, 2012).
The SQL Slammer is the most common SQL injection that went in record for the attack it caused on so many systems over a very short period of time in 2004. The SQL slammer went into history for having beaten the code red worm that had been experienced in the United States’ Whitehouse earlier in 2001. SQL slammer took only 10 minutes to execute a similar attack that Code red had executed in 15 hours. Slammer’s infections also two folded within every 8.5 seconds causing attacks such as denial of service. SQL slammer focused on a malicious attack on the internet bandwidth that led to an uncontrollable traffic jam in the internet. The basics behind its working was just a random generation of IP addresses and its small size as a UDP packet that made firewalls think it was a genuine transmission. Security experts when building firewalls work on an assumption that small single packets cannot cause any significant harm to the network, hence their focus on the large and suspicious packets. This gave the SQL slammer its way to faster transmissions hence the harm caused (Clarke, 2012).
Off-line dictionary attacks
A dictionary attack is a means that hackers use in going against the cryptography principles to get access to the plaintext. This can be made possible by trying as hard to get access to the decryption key, or alternatively by trying out on all possible alternatives by use of words like those in a normal dictionary. A similar attack to the dictionary attack is the brute force attack. However, the brute force attack tries on so many words following a specific order while the dictionary attack only tries on a list of chosen words hence the term dictionary. Programmers and to some extent users make themselves prone to the dictionary attacks because of the common practice to use very short passwords that are also straightforward. Mixing up the letters in small and caps lock and also adding special characters as part of the password is a sure way to eliminate the dictionary attacks (Langie & Macbeth, 1922). Cryptography is a fundamental information security tool used in ensuring vital information security functions; protection of confidentiality and integrity and others. There are various concepts used in cryptography;
There is the aspect of diffusion which basically is the fundamental cipher design principle employed by a double substitution cipher only to spread the plaintext statistics through the cipher text. Diffusion ensures that the output bits depend so much on the input bits and that a slight change in a bit causes a great change to the cipher text. On the other end, confusion is also a cipher design principle, confusion is majorly focused at obscuring the relationship between the plaintext and cipher text. On the basis that a one-time pad is provably secure, a simple substitution cipher and a one-time pad apply confusion in cryptography. It aims at making the relationship between the plaintext and cipher text more complex and involved. It ensures security of the key eve when an attacker has some bits of plaintext-cipher text pairs, by ensuring a change in one bit of the key changes the cipher text completely. Lastly there is the aspect of randomization that is an inference control approach. Inference control attempts to limit the information that can unintentionally leak out of a database due to the legitimate user queries. Randomization as an approach to inference control adds a small amount of noise to data but one that fails to appreciate that noise may cause harm to the legitimate data (Stamp, 2006).
Collusion attack
Collusion is a type of attack where the attacker is compelled into using the original object and one or a comparison of several watermarked objects to determine the bits that carry information. To prevent this, cryptographer’s implemented the use of spread spectrum techniques to better hide the information-carrying bits, though this is a scheme that makes the attacking slightly difficult.
Plain text attack
There is the chosen plaintext attack whose working lies entirely on the possibility that communication is taking place and packets are being encrypted and sent over. A return of the cipher text to the encrypted data is what makes this attack possible, since it relies on an educated guess of the possible plaintext. In this way the attacker choice of the original text that is to be encrypted and then it’s matching encrypted text is examined. This attack also occurs in cases where the attacker has limited access to the cryptosystem (Langie & Macbeth, 1922).
Another attack is the known plaintext attack that takes place when the attacker has access to some of the plaintext or just makes an educated guess. The known plaintext is then matched to the cipher text, and the cryptography key is derived.
Mitigation strategies for malicious attacks
There are various computing techniques that could be put in place to ensure the security of information and systems. Some of these include the different encryption methods, use of intrusion detection systems, use of honey pots and honey nets among others. This paper will discuss the different types of intrusion detection systems and their significance in ensuring digital security.
One major and commonly used intrusion detection scheme is the network based IDS. A network-based intrusion detection system scans network packets at the router or host-level, audits packet information, and sends all the packets that are detected as being potentially dangerous into a file that also bears more information. It’s from this log file that a database of known attacks is created and used to send signals and warnings to security teams for further investigation. These systems are usually positioned strategically, allowing them to watch and monitor files flowing into and out of the network effectively. They operate on the wiretapping concept and focus their monitoring on the headers and content of the transmitted information.
With the increasing rise of internet use, Network-based IDS have become popular to cater for the ever growing traffic. This has led to the need for effective detection systems that can handle voluminous packets effectively and handle the insecurities facing the TCP/IP protocol. There is also a continuous need for tools that can prevent such malicious network activity as: IP spoofing, denial of service attacks and man in the middle attacks ((Schneier, 2000).
There are the hot based IDS whose working is similar to that of the network based IDS just that the former focuses only on the network packets. On the contrary, host-based IDS analyze several areas to determine malicious activities and intrusions. These detection systems checks on several log files: kernel, system, server, network, firewall, among others, and makes extensive comparisons between the logs and against some predetermined and already built basing on the study of commonly known data attacks. These are positioned on particular computers or servers, and can only monitor activities of those areas where they reside.
Another key aim of host-based IDS is verification of the data honor that can be accorded to some of the vital files. It checks a database of sensitive files and creates a checksum of each file, which system administrators will use to evaluate and ensure the integrity of the files is maintained. In case of an anomaly, a signal message is sent to the security administrators for further action (Schneier, 2000).
References
Clarke, J. (2012). SQL injection attacks and defense ([2nd ed.). S.l.: Syngress.
CrnkovicÌ, D. (2011). Information security, coding theory and related combinatorics information coding and combinatorics. Amsterdam: IOS Press.
Dhillon, G. (2007). Principles of information systems security: text and cases. Hoboken, NJ: John Wiley & Sons.
Foster, J. C. (2005). Buffer overflow attacks detect, exploit, prevent. Rockland, MA: Syngress.
Langie, A., & Macbeth, J. C. (1922). Cryptography. London: Constable & Co..
Merkow, M. S., & Breithaupt, J. (2000). The complete guide to Internet security. New York: AMACOM.
Schneier, B. (2000). Secrets and lies: digital security in a networked world. New York: John Wiley.
Stamp, M. (2006). Information security: principles and practice. Hoboken, N.J.: Wiley-Interscience.
Stamp, M. (2006). Information security: Principles and practice. Hoboken, N.J.: Wiley-Interscience.