When looking to strengthen our network designs we looked at the typical threats and risks that they pose. Here are some of the attacks we used as of priority to protect ourselves when looking to see what we would be up against:
• DOS/DDOS Attacks
• Man In the Middle Attacks / Spoofing
• Buffer Overflow
• Fragmentation Attacks
• Session Hijacking
• Social Engineering
• SQL Injection / Injection attacks
• Replay Attacks
There are many more attacks possible but these are the attack we focused on. With each threat, we analyzed how these attacks could be used against us and what counter measures would be ...view middle of the document...
For increased security if possible, a multifactor authentication method should be used whenever possible to better mitigate the risks. A proposed idea of user/id along with bade credentials is one suggestion.
Buffer Overflow – Buffer overflow is usually a direct result of poor programming. This usually is an attack that results when a hacker injects an excess amount of data into a buffer, and if the buffers do not have limit checks, can overflow and pose a threat. Hackers can sometimes use this to put command line coding into the overflow, which the system may run with higher privileges. As stated, limit checks should be implemented by programmers to prevent this type of threats, which can prevent them completely.
Fragmentation Attacks – Fragmentation attacks occur when various sizes of data packets are fragmented or broken up so that they are in compatible sizes to other data packets that are traveling within a network segment. Sometimes these fragments can be maliciously reassembled to cause DOS or to corrupt IDS detection and Firewall filtering. While firewall filtering and IDS should be used (for more than just this purpose)we should be using sender fragmentation. By selecting a “Maximum Transmission Unit” and fragmenting the data before it is sent, we can ensure that fragmentation does not occur while the data is on the way, thus preventing issues from arising.
Session Hijacking – This occurs when a Hacker learns about the connection points between a client and server and uses the information to inject their own crafted packets, thus taking over the stream of data. This is like double Dutch, where the hacker learns how the rope (or data packets) moves and inserts his own packets in anticipation. This often occurs with unencrypted TCP/IP use. TCP/IP should be used with encryption, so that the hacker cannot easily find out the details of the transmissions or future sequence values.
Social Engineering – Social engineering is when attackers use your own employees or in some case customers, against you. They can use many different forms of communication (email, sms, phone calls, etc…) to pose as legitimate positions, and use the individual’s trust to extort information that should not be given. A good example of such is someone calling an employee pretending to be a member of the IT department. The attacker may have just basic information about the individual such as their name and position and use that to establish trust to gather more information, or credentials such as an ID or password. User awareness and training is the best method in mitigation but restricting some forms of communication may help alleviate the risks. We recommend personal email not be used whenever possible, and that work email address be the only source of electronic communication regarding business sensitive information.
Injection attacks – Injection or insertion attacks suck as SQL...