Modern Day Attacks Against
Firewalls and Virtual Private Networks
Electronic technology is growing at a rapid rate; more devices are made mobile and wireless, but with those improvement and developments come flaws and malicious opportunities. Cyber attacks are on the rise and no system or device is immune. Many organizations employ multiple layers of firewalls but that doesn’t completely eliminate the threat. Attacks against firewalls and virtual private networks or VPNs are constantly being exploited with new methods everyday, but they are yet another obstacle that a cyber criminal must overcome.
First let’s discuss what a firewall is and what a firewall ...view middle of the document...
Unfortunately, many firewalls come with so many rules or policies that they can counteract the security desired and create loopholes for network threats or actually block traffic that is desired or requested by the user. These issues make it really important to understand how all rules and policies in the firewall work and how to apply them.
Another tool often used for secure reasons and also as a reliable method to share information remotely is called a Virtual Private Network or VPN. Henry describes A VPN as “a group of computers (or discrete networks) networked together over a public network—namely, the internet” (para 3, 2012). Basically, it’s a private network created to allow remote access through a public network. Most often you will see that employees on airplanes or in a public place that will require and utilize these VPNs to access their business resources for all kinds of information, but some people just use it as a means to use their network without physically compromising the actual systems.
A good VPN can provide many functions such as access anywhere worldwide without dedicated lines, data security, remote access to business resources and better employee production. For these VPNs to perform these functions properly they are required to provide reliability by ensuring that the network does not break down before reaching its max capacity, scalability to ensure the ability to expand as business grows, and of course security to ensure that any data captured by unauthorized individuals is not compromised. However with the right tools in the wrong hands, any experienced malicious actor can access this network through its public use of the Internet and as we continue to learn there is no device safe from the malicious actors.
Today, technology continues to advance at such a rapid rate that it becomes more and more difficult everyday to ward off the malicious threats created and attempted daily. Some of these threats developed can be targeted to specific individuals or machines and others can be targeted at large businesses and organizations. There are also malicious threats that aim to attack a large amount of systems in order to use all infected systems for a distributed attack. Never the less firewalls and VPNs are often the first line of defense therefore the first line of attack. Cyber threat actors can use a number of attacks to achieve their goals. Grimes in a 2002 article described a few of these methods, such as Port Scans, where system ports are scanned to detect which ports are available to send traffic through. Each one of these ports are designed for specific services and therefore giving an attacker an idea of what type of attack can be launched and how to access the system. Another method used would be Network Traffic floods, which is accomplished similar to Denial of service attacks where a system is overwhelmed or flooded with traffic. This method has been known to get through firewalls. The last method I will...