Network Security Threats And Solutions

Network Security Threats

It can be troublesome to get rid of malware like viruses, Trojans, and worms once they infect a computer system or network. Therefore, it is always best to prevent them from infecting your computer in the first place. Network security aims to protect information exchanged over a network or the Internet. It deals with aspects such as prevention and detection of unauthorised access, termination of misuse, Denial of Service (DoS) and upholding the confidentiality and integrity of data. A secure network protects not just your desktops and laptops but also the handheld and wireless devices (such as smartphones and tablets) that connect to your home network.

In order to create a secure network environment where your computers and devices can be free from attacks, the following measures should be given due consideration.

  • Back up the data regularly
  • Store the data on a reliable medium
  • Update the software patches
  • Install SSL certificates to stay ahead of threats
  • Upgrade Firewalls with ACLs (Access Control Lists), Demilitarised Zone (DMZ), Proxy and routers Network security threats are of two types:

Passive threats: Passive threats or attacks involve attempts by an intruder to monitor a communication; in order to steal sensitive information that two devices transmit over a network. During a passive attack, the attacker does not affect the communication. Email, file transfers and client/server exchanges are some examples of transmissions that can be monitored by passive attackers. Passive threats are sometimes referred to as eavesdropping attacks or sniffing and snooping attacks.

 Active threats: Active threats involve modification of transmitted data and attempts to gain unauthorised access to networked computers. In an active attack, the attacker alters the information stored on a computer, prevents users from accessing the network or web resources and pretends to be a legitimate user to gain access to the network.

Types of Network Security Threats

There are many types of network security threats against which a network is vulnerable. Some of these are discussed below along with the suggested security solutions.

Unauthorised Access

Unauthorised access refers to the use of a computer or network without valid permission. This is done with the intent of compromising the system by breaking through the security barrier. It is the most damaging threat to a network’s security, especially to the authorised section, and can cause loss of data. An attacker/hacker can gain illegal access to your system (a host) in a network and steal sensitive information.

 

Security Solution

The following measures should be implemented to tackle this threat:

  • Implement strong authentication policies.
  • Protect login credentials (usernames and passwords) from reaching unreliable sources.
  • Do not provide unnecessary access to any one.

 

 Eavesdropping

Eavesdropping is a term used to describe the act of intercepting and logging the communication between two computers over a network. The aim is to acquire sensitive and confidential information like passwords, session tokens etc. that is transmitted over the network. Eavesdropping is a security threat that carries great risk because confidential information is at stake. During eavesdropping, an intruder (attacker) intercepts the packets of data transferred over an HTTP (through monitoring software) connection, modifies the data and misuses it in order to damage the network.

Security Solutions

The following measures should be implemented to tackle this threat:

  • Implement strong encryption policy using digital certificates (SSL certificates) to mitigate the risk of eavesdropping attacks.
  • Create network segments to prevent eavesdropping and other network attacks.
  • Employ Network Access Control (NAC) to authenticate every device before establishing any connection.

DoS & DDoS Dos

(Denial of Service) and DDoS (Distributed Denial of Service) are sophisticated threats that are very difficult to detect and eradicate. A DoS or DDoS attack is an attempt to make an online service unavailable by overwhelming it with an excessive amount of traffic so that it cannot handle it. There are several tools that have made it quite simple to disrupt any website’s availability through these attacks. In a DoS attack, legitimate users are deprived of access to a network or a web resource.

In DoS, an attacker creates a program that establishes a connection on a service port by forging the packet’s header details and then leaves the connection. Now if the host can handle 20 requests per second, the attacker sends 50 requests per second. This has a high probability of causing the host server to go down due to mass fake requests received which far exceed the maximum volume that it can handle. In the following example, the server cannot accept a legitimate request due to high volume of fake requests. The server becomes unavailable to the legitimate users

A DDoS attack is a type of cybersecurity threat which targets businesses that offer online services through websites. The attack is to overload these websites with traffic from multiple sources, and usually with more traffic than that the server can handle. The overload causes websites to run slowly for genuine users and, in some case, shuts down a website completely. The primary goal of DDoS attacks is to prevent an organisation from functioning properly and to bring operations to a standstill, thereby hurting them financially and in terms of reputation.

Security Solutions

The following measures should be implemented to tackle this threat:

  • Monitor the packets to save your server from the entrance of the counterfeit packets.
  • Timely upgrade the security patches on your host’s operating system.
  • Beware of running of your server very close to full capacity.

 

IP Spoofing

Attackers usually mask their true identity and disguise as someone else while targeting a computer system or a network. IP Spoofing is one of the most common forms of online concealment, and is the act of hiding the IP address to mislead the target computer to think that it is receiving data from a trusted computer/host. Most computers keep logs of online activity. If attackers want to hide their identity, they need to change the source address.

 

Security Solutions

The following measures should be implemented to tackle this threat:

  • Use a firewall on every computer on your network.
  • Monitor packets, analyse logs between systems on your internal network and spot unusual activities.
  • Filter the data packets entering into the network. Additionally, filter all incoming and outgoing traffic.
  • Use Access Control List (ACL) to prevent forged IP addresses from entering the network.
  • Use SSL certificates to significantly reduce risk of spoofing.

 

Man-In-The-Middle Attack

man-in-the-middle attack (M1TM) is a type of eavesdropping attack where the attacker establishes an independent connection with both the sender and the receiver. This is done in order to hijack their communication session. The aim is to intercept their messages and/or data transferred, modify message or data, and relay it back to them. A MITM attack is a form of session hijacking and exploits the real time processing of transaction (between login and authentication), conversations or transfer of other data. Other forms of session hijacking are sidejacking, Evil twin and sniffing.

Security Solutions

The following measures should be implemented to tackle this threat:

  • Use Public Key Infrastructure (PKI) based authentications.
  • Set up passwords and other high-level secret keys.
  • Use time testing techniques such as Latency Examination.

 

Other Security Threats

In addition to the above threats, there are other common threats such as viruses, worms, spams, zombies and botnets that affect computers in a network and significantly impact overall network performance. All these threats are part of a software class called Malware (short for malicious software). Malware is designed to steal, damage, disrupt or commit other illegitimate actions on data, computers or networks.

Malware protection starts from your home network, and for better protection, you can change the password for your network router. Moreover, you should install and run a firewall on every computer that you use to prevent unauthorized access over the network.

Computer Viruses and Worms

A computer virus is a program that is loaded onto your computer without your knowledge. It has the potential to cause heavy damage to the computer. For example, it can cause annoying effects such as freezing your system, showing pop-ups, damaging data (deleting files) and software or even reformatting the hard disk. The virus can propagate by creating a functional copy of itself and spread across the network, thereby affecting all the computers that are connected to the network. It can also become part of another program and can also lead to a Denial of Service (DoS) condition.

A computer worm is a type of malware that can rapidly infect computers by replicating itself over the network. A worm creates functional copies of itself. However, unlike viruses, worms are standalone software and do not require a host program to propagate from one computer to another.

Security Solution: Install an antivirus suite on your computer that can protect against threats such as viruses and worms.

Trojan Horses

A Trojan horse is an impostor that contains malicious or harmful code. When the malicious code is triggered, it can lead to loss or theft of data. The Trojan horse does not replicate itself, as a virus does. It can spread using an email attachment. For a Trojan horse to spread, you must open an email attachment. In a network, a Trojan Horse can cause massive damage to all computers of that network.

Security Solution: Security suites such as Norton Internet Security help prevent you from downloading attachments that are likely to contain Trojan horses. All such attachments are scanned prior to downloading and the appropriate corrective action is taken instantly by the tool.

Spams

Spams generally refer to the junk emails that are sent to people without their permission. Mostly, they Contain advertisements for services or products. Most reputed companies do not use this method of advertising. A spam is also known as Unsolicited Commercial Email (UCE) or Unsolicited Bulk Email (UBE). Spams are less threating to network security but can be annoying for the users.

Security Solution: Spam filters can effectively be used to stop spam mails. Most email service providers are pre-equipped with spam filters that separate spam mails from your important mails and often store them in a separate folder. You can also purchase and install a variety of spam filters depending on your business requirement.

Phishing

Phishing is a technique used to obtain personal information in a fraudulent manner. It is all about tricking people to give out their sensitive information such as credit card details and passwords. Emails that appear to be coming from a legitimate source are sent out under the name of a trustworthy company or website; asking the receiver to update their personal and financial information. This can lead to a huge financial loss or identify theft.

Security Solution: Phishing filters can be used to filter out these unwanted mails and to prevent this threat.

Packet Sniffer

A packet sniffer is a device or software that allows eavesdropping on traffic moving between computers. It captures the data that is addressed to other machines and stores it for future analysis. This is one of the major security threats to a network. In a network, a packet sniffer can filter out personal information and this can lead to identity theft.

Security Solution: By using encryption, all packets become unreadable to anyone except the destination address, making the packet sniffers irrelevant.

Maliciously Coded Websites

Some websites contain malicious code. When you visit these websites, they can install Trojan Horses or redirect you to an unrequested and unsecure website. They (maliciously coded websites) are mainly designed to steal passwords, credit card numbers and other sensitive information.

Security Solution: Using a security suite such as AVG, we can detect infected sites and prevent the user from entering the site.

Zombies and Botnets

A zombie computer (also known as a bot) is a networked computer that has been infected by a computer virus or compromised by a hacker. The hacker takes complete control of the affected computer and performs malicious tasks remotely. In this way, hackers can take over large numbers of computers and create a network (called a botnet) connecting these computers. Now, all these computers can be controlled at once and used to perform malicious acts on a large scale. This is a major security threat on a network because the network, unknown to anyone, could be acting as a hub that forwards malicious files, etc. to other computers.

Security Solution: A good antivirus can help prevent zombie computers whereas a Network Intrusion Prevention (NIP) system can help prevent botnets. The best protection is to set your operating system, antivirus, anti-spyware and web browser programs to automatically look for latest updates and patches and install them whenever they are available.

Shared Computers

Shared computers can have different risks such as unauthorised access and data privacy. You can take the following precautions to be safe when sharing computers:

  • Never leave a computer unattended while you are logged in.
  • Always sign out completely
  • Clear the web browser cache
  • Be careful of shoulder surfers
  • Avoid confidential transactions
  • Be wary of spyware
  • Never save passwords
  • Change your password frequently

Leave a Reply

Your email address will not be published. Required fields are marked *