Advance Attacks on Network

 Advance Attacks and Protection:

In this section we will discuss some common types of attacks that can be launched against the systems and networks.

Spoofing:
Spoofing occurs when one person or entity impersonates or masquerades as someone or something else. There are two common types of spoofing attack one is IP spoofing and the other one is MAC spoofing. We can prevent IP spoofing by blocking the packet if it contains the private IP address on public interface.

SYN Flood Attack:
The SYN Flood attack is a common attack used against servers on the internet. They are very easy for attackers to launch and difficult to stop, and can cause significant problems. It can disrupt the TCP handshake process and can prevent legitimate clients from connecting. In a SYN flood attack, the attacker never completes the handshake by sending the ACK packet. So it consumes the server resources. We can prevent it by setting the threshold for SYN packet.

MITM:
Man in the Middle attack is a form of active interception or active eavesdropping. It uses a separate computer that accepts traffic from each party and in a conversation and forward the traffic between two. Kerberos mutual authentication helps us to prevent MITM.

ARP Poisoning:
It is an attack that misleads the computer or switches about the actual MAC address of a system. There are two types of attacks performed using ARP poisoning. One is MITM and other is DOS by sending ARP reply with bogus MAC address for the default gateway.

DNS cache poisoning:
DNS poisoning attack can modify the IP address associated with the domain and replace it with the malicious domain. Every time a user requests a DNS query then the DNS server responds with the IP address of the malicious web site. We can prevent this attack by setting the TTL while in DNS cache.

Brute Force Attack:
This attack helps to guess all possible character combinations. Attacker can try to log on to an account by repeatedly guessing the username and password. We can prevent this attack by a lockout mechanism for a specific number of unsuccessful times.

Dictionary Attack:
It is the one of the original password attacks. It uses a dictionary of words and attempts every word in the dictionary to see if it works. Dictionary is just a list of words and character combinations. We can prevent this by setting the limit of unsuccessful attempts.

Birthday Attack:
Birthday attack is named after the birthday paradox in mathematical probability theory. In this attack, an attacker is able to create a password that produces the same hash as the user’s actual password. We can also say this as a hash collision. We can prevent this by increasing the number of bits of hash.

Rainbow Table Attack:
It is the type of attack that attempts to discover the password from the hash. Rainbow table is a huge database of precomputed hashes. It helps to look at the process of how some password cracker applications discover password. Salting is the method which helps in preventing the rainbow table attack. A salt is the set of random data such as two additional characters. It helps in creating the different hash.

Zero Day Attacks:
It is the type of vulnerability or weakness that is unknown to trusted sources, such as OS and antivirus vendors. A zero day attack exploits the undocumented vulnerability. Sometimes vendors are not aware of the problem.

Buffer overflow:
It occurs when an application receives more input, or different input, then it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible. Buffer overflow enables an attacker to write the malicious code into this area of memory.

DLL injection:
It is an attack that injects a DLL into the system’s memory and causes it to run. In DLL injection, the attacker attaches to a running process, allocates memory within the process and connects the malicious DLL within the allocated memory, and then executes the function in DLL.

Comments

Post a Comment

Popular posts from this blog

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m
Read more

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio
Read more

Authentication Services

Image
  Authentication Services: In this section we will discuss the authentication services. The main goal of these services are to ensure that unencrypted credentials are not sent across the network. In other words they ensure that credentials are not sent in clear text. Kerberos: It is a network authentication mechanism mostly used in both windows active directory domain and some Unix environments. Kerberos provides mutual authentication that can help prevent MITM attacks and uses tickets to help prevent replay attacks. Working of Kerberos: The KDC(key distribution center) uses a complex process of issuing TGTs(Ticket granting tickets) and other tickets. The KDC packages user credentials within the ticket. Tickets provide authentication for users when they access resources such as files on the file server. These tickets are sometimes referred to as tokens. NTLM: New Technology LAN Manager is a suite of protocols that provide authentication, integrity, and confidentiality within windows sy
Read more