Types of Network Security Threats

On:
In: Dinesh Regmi

Types of Network Security Threats

There are many types of network security threats against which a network is vulnerable. Some of these are discussed below along with the suggested security solutions.

Unauthorised Access

Unauthorised access refers to the use of a computer or network without valid permission. This is done with the intent of compromising the system by breaking through the security barrier. It is the most damaging threat to a network’s security, especially to the authorised section, and can cause loss of data. An attacker/hacker can gain illegal access to your system (a host) in a network and steal sensitive information.

 

Security Solution

The following measures should be implemented to tackle this threat:

  • Implement strong authentication policies.
  • Protect login credentials (usernames and passwords) from reaching unreliable sources.
  • Do not provide unnecessary access to any one.

 

 Eavesdropping

Eavesdropping is a term used to describe the act of intercepting and logging the communication between two computers over a network. The aim is to acquire sensitive and confidential information like passwords, session tokens etc. that is transmitted over the network. Eavesdropping is a security threat that carries great risk because confidential information is at stake. During eavesdropping, an intruder (attacker) intercepts the packets of data transferred over an HTTP (through monitoring software) connection, modifies the data and misuses it in order to damage the network.

Security Solutions

The following measures should be implemented to tackle this threat:

  • Implement strong encryption policy using digital certificates (SSL certificates) to mitigate the risk of eavesdropping attacks.
  • Create network segments to prevent eavesdropping and other network attacks.
  • Employ Network Access Control (NAC) to authenticate every device before establishing any connection.

DoS & DDoS Dos

(Denial of Service) and DDoS (Distributed Denial of Service) are sophisticated threats that are very difficult to detect and eradicate. A DoS or DDoS attack is an attempt to make an online service unavailable by overwhelming it with an excessive amount of traffic so that it cannot handle it. There are several tools that have made it quite simple to disrupt any website’s availability through these attacks. In a DoS attack, legitimate users are deprived of access to a network or a web resource.

In DoS, an attacker creates a program that establishes a connection on a service port by forging the packet’s header details and then leaves the connection. Now if the host can handle 20 requests per second, the attacker sends 50 requests per second. This has a high probability of causing the host server to go down due to mass fake requests received which far exceed the maximum volume that it can handle. In the following example, the server cannot accept a legitimate request due to high volume of fake requests. The server becomes unavailable to the legitimate users

A DDoS attack is a type of cybersecurity threat which targets businesses that offer online services through websites. The attack is to overload these websites with traffic from multiple sources, and usually with more traffic than that the server can handle. The overload causes websites to run slowly for genuine users and, in some case, shuts down a website completely. The primary goal of DDoS attacks is to prevent an organisation from functioning properly and to bring operations to a standstill, thereby hurting them financially and in terms of reputation.

Security Solutions

The following measures should be implemented to tackle this threat:

  • Monitor the packets to save your server from the entrance of the counterfeit packets.
  • Timely upgrade the security patches on your host’s operating system.
  • Beware of running of your server very close to full capacity.

 

IP Spoofing

Attackers usually mask their true identity and disguise as someone else while targeting a computer system or a network. IP Spoofing is one of the most common forms of online concealment, and is the act of hiding the IP address to mislead the target computer to think that it is receiving data from a trusted computer/host. Most computers keep logs of online activity. If attackers want to hide their identity, they need to change the source address.

 

Security Solutions

The following measures should be implemented to tackle this threat:

  • Use a firewall on every computer on your network.
  • Monitor packets, analyse logs between systems on your internal network and spot unusual activities.
  • Filter the data packets entering into the network. Additionally, filter all incoming and outgoing traffic.
  • Use Access Control List (ACL) to prevent forged IP addresses from entering the network.
  • Use SSL certificates to significantly reduce risk of spoofing.

 

Man-In-The-Middle Attack

man-in-the-middle attack (M1TM) is a type of eavesdropping attack where the attacker establishes an independent connection with both the sender and the receiver. This is done in order to hijack their communication session. The aim is to intercept their messages and/or data transferred, modify message or data, and relay it back to them. A MITM attack is a form of session hijacking and exploits the real time processing of transaction (between login and authentication), conversations or transfer of other data. Other forms of session hijacking are sidejacking, Evil twin and sniffing.

Security Solutions

The following measures should be implemented to tackle this threat:

  • Use Public Key Infrastructure (PKI) based authentications.
  • Set up passwords and other high-level secret keys.
  • Use time testing techniques such as Latency Examination.
Please follow and like us:
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *