Viruses
A virus is a destructive program that infects systems by replicating itself and spreading across the network. Viruses can easily hide within a system by attaching themselves to other files or programs because they are small. It is difficult to trace a virus after it has spread across a network. Viruses either destroy data or change the functionality of the software applications on a computer. Virus attacks are one of the main areas that need to be considered while planning for the security of the networking infrastructure within an organization.Worms
A worm is a self-replicating program that uses the network and security gaps for its replication. It scans the network for a computer with a specific security gap. The worm copies itself to a computer by using the security gap and starts replicating itself into the newly infected computer. A worm also takes up the memory resources of a computer system on a network. In addition, a worm can travel across networks, and consumes the network bandwidth and system memory of the computers in the network.
Some of the differences between a virus and a worm are:
- A virus can replicate itself from one program to another on a single computer. However, a worm can replicate itself from one computer to another in a network.
- A worm spreads faster than a virus. This is because a virus needs human intervention to spread from one computer to another unlike a worm.
Trojan Horse
Trojan Horse is a destructive program that masquerades as a useful program. Trojans do not replicate themselves like viruses. Users install Trojans thinking them to be legitimate programs. However, Trojans can contain viruses
that destroy or corrupt the data and programs on the network. Trojans can also corrupt software applications. Like the name suggests, a Trojan can bring other viruses and worms with itself. A Trojan can be concealed within any software. Trojans can also be created by using existing utility programs.
Man-in-the-Middle Attacks
In the man-in-the-middle attack, a hacker can redirect the data being exchanged between two authorized entities to multiple unauthorized entities. In other words, before the authorized entities exchange data, a third party intercepts to monitor, capture, or control communication on a network. In this type of attack, the hacker acts as an authorized entity and captures the data meant for the authorized entity.
Denial-of-service Attacks
A Denial-of-service (DoS) attack is a mechanism of making a computer or network resource, such as a Web server, unavailable to the intended users. Such attacks generally target sites or services hosted on Web servers, such as banks and credit card payment gateways. DoS attacks are based on the concept of network congestion or starvation of resources and aimed at disrupting network use for legitimate users. Resource starvation can be caused in many ways. Typical examples would include sending a large number of junk email messages or a large number of IP request packets to a mail server. Any intruder can cause network congestion by sending loads of junk data over the network. As a result, the target computers are inaccessible for some time because all routes to reach the computers are blocked. It can even cause the target computers to stop responding due to lack of resources, such as memory and disk space. A DoS attack can be executed from any IP packet sent over a network. The intruder’s identity is kept anonymous. Some of the commonly used methods to initiate DoS attacks are:
- SYN flood
- Broadcast storm
- Ping of death
- Mail bomb
- Spamming
SYN Flood
The SYN flood attack is primarily focused on the TCP protocol used by all the computers on the Internet. To understand how this attack occurs, you need to understand the SYN-ACK (three-way) handshake process
The steps in this process are:
The first node requests communication by sending a packet with the sequence number and the SYN bit. The second node acknowledges the receipt of data and responds with an acknowledgement (ACK) that contains the sequence number, plus one increment in value, and its own sequence number (SYN-ACK). The first node responds, and the communication between the two nodes continues.
Broadcast Storm
In a broadcast storm , an intruder sends a large number of fake broadcast packets to all the computers on the network. As a result, each computer forwards these packets to the specified fake target address, increasing the amount of network traffic excessively.
Ping of Death
Ping of death is a technique that involves sending abnormally large ping packets to a specific computer. The target computer receives the ping command in fragments. On receiving the ping command, the computer tries to reassemble the fragments into a big packet. However, the size of the data packets is so large that they cannot fit into the computer’s buffer. As a result, these large-sized ICMP packets cause an overflow, which may cause the system to stop responding, reboot frequently, or the protocol will hang.
Mail Bomb
The mail bomb is a simple and effective harassment tool. In a mail bomb attack, a message is sent repeatedly to the targeted recipient. This action can cause the recipient’s mail box to crash or spam by sending unauthorized mails by using the target’s Simple Mail Transfer Protocol (SMTP) gateway. Mail bombs can exist in the form of an email message that has huge files attached or is in the
form of thousands of email messages. For example, some software programs generate thousands of email messages and dispatch them to a user’s mailbox, causing the mail server to stop responding or denying users resources.
Spamming
Spamming is an attempt to deliver an email message to someone who might otherwise not choose to receive it. The most common example is commercial advertising. Mail spamming engines are sold on the Internet, with thousands of email addresses adding to the explosive growth of junk mail.
No comments:
Post a Comment