Viruses
A virus is a destructive program that infects systems by replicating itself and spreading across the network. Viruses can easily hide within a system by attaching themselves to other files or programs because they are small. It is difficult to trace a virus after it has spread across a network. Viruses either destroy data or change the functionality of the software applications on a computer. Virus attacks are one of the main areas that need to be considered while planning for the security of the networking infrastructure within an organization.
Worms
A worm is a self-replicating program that uses the network and security gaps for its replication. It scans the network for a computer with a specific security gap. The worm copies itself to a computer by using the security gap and starts replicating itself into the newly infected computer. A worm also takes up the memory resources of a computer system on a network. In addition, a worm can travel across networks, and consumes the network bandwidth and system memory of the computers in the network.
Some of the differences between a virus and a worm are:
- A virus can replicate itself from one program to another on a single computer. However, a worm can replicate itself from one computer to another in a network.
- A worm spreads faster than a virus. This is because a virus needs human intervention to spread from one computer to another unlike a worm.
Trojan Horse
Trojan Horse is a destructive program that masquerades as a useful program. Trojans do not replicate themselves like viruses. Users install Trojans thinking them to be legitimate programs. However, Trojans can contain viruses
that destroy or corrupt the data and programs on the network. Trojans can also corrupt software applications. Like the name suggests, a Trojan can bring other viruses and worms with itself. A Trojan can be concealed within any software. Trojans can also be created by using existing utility programs.
Man-in-the-Middle Attacks
In the man-in-the-middle attack, a hacker can redirect the data being exchanged between two authorized entities to multiple unauthorized entities. In other words, before the authorized entities exchange data, a third party intercepts to monitor, capture, or control communication on a network. In this type of attack, the hacker acts as an authorized entity and captures the data meant for the authorized entity.
Denial-of-service Attacks
A Denial-of-service (DoS) attack is a mechanism of making a computer or network resource, such as a Web server, unavailable to the intended users. Such attacks generally target sites or services hosted on Web servers, such as banks and credit card payment gateways. DoS attacks are based on the concept of network congestion or starvation of resources and aimed at disrupting network use for legitimate users. Resource starvation can be caused in many ways. Typical examples would include sending a large number of junk email messages or a large number of IP request packets to a mail server. Any intruder can cause network congestion by sending loads of junk data over the network. As a result, the target computers are inaccessible for some time because all routes to reach the computers are blocked. It can even cause the target computers to stop responding due to lack of resources, such as memory and disk space. A DoS attack can be executed from any IP packet sent over a network. The intruder’s identity is kept anonymous. Some of the commonly used methods to initiate DoS attacks are:
- SYN flood
- Broadcast storm
- Ping of death
- Mail bomb
- Spamming
SYN Flood
The SYN flood attack is primarily focused on the TCP protocol used by all the computers on the Internet. To understand how this attack occurs, you need to understand the SYN-ACK (three-way) handshake process
The steps in this process are:
The first node requests communication by sending a packet with the sequence number and the SYN bit. The second node acknowledges the receipt of data and responds with an acknowledgement (ACK) that contains the sequence number, plus one increment in value, and its own sequence number (SYN-ACK). The first node responds, and the communication between the two nodes continues.
Broadcast Storm
In a broadcast storm , an intruder sends a large number of fake broadcast packets to all the computers on the network. As a result, each computer forwards these packets to the specified fake target address, increasing the amount of network traffic excessively.
Ping of Death
Ping of death is a technique that involves sending abnormally large ping packets to a specific computer. The target computer receives the ping command in fragments. On receiving the ping command, the computer tries to reassemble the fragments into a big packet. However, the size of the data packets is so large that they cannot fit into the computer’s buffer. As a result, these large-sized ICMP packets cause an overflow, which may cause the system to stop responding, reboot frequently, or the protocol will hang.
Mail Bomb
The mail bomb is a simple and effective harassment tool. In a mail bomb attack, a message is sent repeatedly to the targeted recipient. This action can cause the recipient’s mail box to crash or spam by sending unauthorized mails by using the target’s Simple Mail Transfer Protocol (SMTP) gateway. Mail bombs can exist in the form of an email message that has huge files attached or is in the
form of thousands of email messages. For example, some software programs generate thousands of email messages and dispatch them to a user’s mailbox, causing the mail server to stop responding or denying users resources.
Spamming
Spamming is an attempt to deliver an email message to someone who might otherwise not choose to receive it. The most common example is commercial advertising. Mail spamming engines are sold on the Internet, with thousands of email addresses adding to the explosive growth of junk mail.
Password-cracking
On a typical computer network, all the users have fixed passwords until they decide to change it. When the password is typed in, the computer’s authentication kernel encrypts and translates it into a string of characters, and checks it against the long list of encrypted passwords. This list is in a password file stored on the computer. When the authentication module finds an identical string of characters paired with the user name, access to the system is permitted. If a hacker gains access to a copy of this file and runs a password-cracking program, the string of characters can be converted to the original password. A password-cracking program encrypts a long list of character strings, such as all the words in a dictionary, and checks it against the encrypted set of passwords. If the program finds even one match, an intruder can access the system. This type of attack does not require a high level of skill, and as a result, many password-cracking programs are available on the Internet.
Sniffing
A sniffer is a hardware or software device that passively intercepts and copies all the network traffic on a system, a server, a router, or a firewall. Intruders can use stealth sniffers that are extremely dangerous to a network’s security because they are difficult to detect and can be self-installed almost anywhere. Most stealth sniffers are programmed to specifically detect and extract a copy of data containing a user name and a password. The attacker can then use a network utility or hacking software to capture the user name and password, and impersonate the user. The attacker gains access to the remote server with the help of captured credentials.
Spoofing
Spoofing is used to assume the identity of a trusted host to subvert security and attain trustful communication with a target host. IP spoofing is a form in which a network attacker breaches security and gains access by masquerading as a trusted host.
Email Hacking
Users often use email to communicate with other users. If email headers and content are sent in the plaintext format, hackers may read or alter the messages in transit. Hackers may also change the header to modify the sender name or redirect the message to another user. They may use a technique called packet replay to retransmit message packets over a network. Packet replay may cause serious security threats to programs on the network that require authentication sequences. A hacker may replay the packets containing authentication data to gain access to the resources of a computer system on a network.