What Are The Network Attack And Defenses — ExploitByte
Network Attack :-
Network Attack the various ways attackers try to exploit a computing device were discussed. These included physical attacks, zero-days, unpatched software, social engineering, password issues, eavesdropping/man-in-the-middle attacks, data leaks, misconfiguration, denial-of-service, user errors, and malware. All of these attacks can be accomplished on either the computing device itself or the network connecting to the computing device.
Types of Network Attack
Network attacks can be anywhere along the Open Systems Interconnection
(OSI) model. The OSI model is a very commonly known and used construct showing the different layers of interconnection along a network and to a networked computing device. The OSI model has seven abstraction layers:
■ ■ Physical Layer
■ ■ Data-Link Layer
■ ■ Network Layer
■ ■ Transport Layer
■ ■ Session Layer
■ ■ Presentation Layer
■ ■ Application Layer
All layers could be applied to a network and its controlling devices (because network devices run applications, too), although many could be applied directly on the computing device as well. A physical attack could be any scenario where a network or network equipment is physically accessed, damaged, or stolen.
The Data-Link layer often applies to Ethernet bridges, network switches, and protocols and standards at those layers like a device’s MAC Address. The Network layer refers to routing. The Transport and Session layers refer to upper layer protocols, and the Presentation and Application layers are within the device or application. If a network medium is being shared without any other pro-tections, it is always possible for one node on the network to interfere with another node’s communications. The following sections explore some popular approaches for network attacks.
Eavesdropping
Eavesdropping is unauthorized viewing and/or recording of an otherwise
intended private conversation. Although it isn’t as successful now, years ago
you could plug a network-sniffing application into any network and be able to
see plaintext conversation streams and authentication information. There are
many free tools available on the Internet that you can install and then click
a single button to start capturing plaintext passwords. There are other tools
that allow you to capture other people’s website cookies and take over their
sessions. In most cases it requires no particular expertise, just the ability to
run software.
Man-in-the-Middle Attacks
Man-in-the-middle (MitM) attacks can be accomplished at any layer of the
OSI model as well. A MitM attack breaks into an unauthorized communica-
tion stream and pretends to be an authorized party to all the other authorized parties. Most of the time the involved original, legitimate party is impacted and often kicked out of the communication stream. MitM attacks are done for all the same reasons as eavesdropping, including to view and steal private data. However, they can also manipulate the communication stream to change communications and data, like changing a “yes” to a “no” when someone asks a question or misdirecting one or more listening parties to an unauthorized location.
Today, many network protocols and applications have protection against
MitM attacks, but sometimes they aren’t always turned on by default, often
because of performance or interoperability concerns. For example, the open
DNSSEC standard was created in 2004 to prevent DNS spoofing attacks, but
more than a decade later fewer than 1% of the DNS servers in the world run it.
Distributed Denial-of-Service Attacks
Distributed denial-of-service (DDoS) attacks are arguably the most common
and easily the largest volume of attacks on the Internet. On any given day,
there are terabytes of data being sent to interrupt legitimate sites and services on the Internet. DDoS attacks can attack at any layer of the OSI model.
Network Attack Defenses
There are many defenses against network attacks, including the ones discussed in the following sections.
Domain Isolation
Domain isolation means creating a secure border between authorized and
unauthorized network traffic. This can be accomplished using a variety of
tools and methods, including firewalls (both network-based and host-based),
virtual private network connections, IPSEC, routers, software-defined networks, and other types of switching fabrics. If a network attack can’t reach
your device or network, it’s not going to be able to hurt you, normally. There
are edge cases like when a DDoS attack attacks an upstream or downstream
network dependency, which in turn impacts the intended target anyway. But
domain isolation can only help.
Virtual Private Networks
One of the best things any device can do when on an open, shared network
service is to use a virtual private network (VPN). VPNs can be accomplished
using software, hardware, or a combination of the two. At the very least they
encrypt all the traffic between the sender and at least the first node of their
intended receiver, if not the entire transmission path. VPNs aren’t perfect. For
example, a DDoS attack can interrupt them.
Use Secure Protocols and Applications
Nothing beats a secure protocol and application that includes defenses against known threats. Users should use secure protocols and applications when they are offered (such as SCP and SSH) and avoid knowingly using insecure protocols (such as FTP and Telnet). Also, no application should store plaintext logon credentials on disk or in memory or transfer them across a networkk.
Network Intrusion Detection
Network attacks can be detected by network sniffers (manually) or by looking for predefined patterns of maliciousness. When network maliciousness is detected, it can be dropped or an actionable alert can be created. Network
protocol analyzers (such as network sniffers) are a great way to capture and
decode network anomalies. Sniffers allow manual analysis and many include
automated methods, too. Many firewalls contain network intrusion detection
features as well.
Anti-DDoS Defenses
You can defend against distributed denial-of-service (DDoS) attacks by hardening network equipment, allocating more bandwidth on the fly, and utilizing specialized anti-DDoS services. Dozens of anti-DDoS services exist today, and they can help protect a company’s assets against very large DDoS attacks. The only issue is that they can be very expensive, and every now and then it is an anti-DDoS service vendor causing the problem in the first place. Unfortunately, there are number of unethical competitors that will do anything to get a customer’s business. If you are considering using an anti-DDoS service, do your research to make sure you only go with a legitimate, unquestionably ethical firm.
Visit Secure Web Sites and Use Secure Services
Many network attacks, like easy-to-steal web site cookies and authentication
tokens, only occur because the web site or service is not using the secure
development lifecycle (SDL) in their programming. A properly coded web
site or service, appropriately threat-modelled and using SDL to close known
vulnerabilities, will be more resistant to network attacks than ones that do not. Unfortunately, it’s difficult for the average web surfer to know whether
the web site they are visiting or the web service they are using is follow-
ing secure practices. Some web sites contain security attestations from well-
known, trusted security vendors and if verified as legitimate should give the
casual user some additional level of comfort.
Network attacks are a daily occurrence on the Internet and some of them
have caused huge damages for their victims. There are many network attack
defenses that users and companies can avail themselves of to lower the risk
of attack.
I hope you get useful information there if you think anything to improve in this article you can comment below or if you need any help we will help you soon. If you are interested to learn hacking you can check here.
Originally published at https://exploitbyte.com on April 9, 2020.