The key takeaway I find in this chapter is the DOS attack. DoS is the abbreviation of Denial of Service, that is, denial of service. Attacks that cause DoS are called DoS attacks, whose purpose is to make computers or networks unable to provide standard services. The most common DoS attacks are computer network broadband attacks and connectivity attacks.
DoS attack refers to deliberately attacking the network protocol implementation flaws or directly using brutal means to ruthlessly exhaust the attacked object’s resources. The purpose is to make the target computer or network unable to provide standard services or resource access so that the target system service system stops responding. Even crash, and this attack does not include intrusion into the target server or target network device. These service resources include network bandwidth, file system space capacity, open processes, or allowed connections. This kind of attack will lead to a lack of resources. No matter how fast the computer’s processing speed, memory capacity, or network bandwidth is, this attack’s consequences cannot be avoided.
Hi Zibai, I agree with your point of view. Denial of Service is really common and effective in attacking the target network, with immediate effect with huge negative results in the end. It can prevent authorized users from logging into the system.
The four goals in building secure networking environments are confidentiality, availability, functionality, and access control. Although we often hear about the CIA triad in information security, a secure network also requires we have appropriate network functionality and having access control in place. Availability is the idea that authorized users are able to have access to information, services, and network resources. If the environment is not built on ensuring availability to these users, cyber-attacks such as DoS cause disturbance on conducting day to day operations. Confidentiality in a secure network environment is ensuring that unauthorized users are unable to gain information about the network’s structure, data flow, protocols used, and even packet header values. Having encryption across your network so only authorized users can view this information helps proactively secure the environment’s confidentiality. Functionality is used to prevent attacks from altering capabilities within the network; having appropriate network functionality ensures packets are correctly routed, hostnames are correctly resolved, unapproved protocols are excluded, and IP addresses are appropriately assigned. The last goal the secure networking environment should have is access control. Access controls are policy-driven control of access to the systems, data, and dialogues. This is so unauthorized users are unable to access internal resources.
Hi Mei,
You bring a valid point of having some level of obscurity to background operations within a network. There is no need for a regular user to understand the underlying infrastructure and how different technology interact using the given protocols.
Ethernet LANs offered no access control security. Any intruder who entered a corporate building could walk up to any wall jack and plug in a notebook computer. The intruder would then have unfettered access to the LAN’s computers, bypassing the site’s border firewall. This was a complete breakdown in access control. The 802.1X standard is an IEEE Standard for port-based Network Access Control, it provides access control to prevent illegitimate clients from associating with a network. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device that wishes to attach to the LAN/WLAN. The authenticator is a network device which provides a data link between the client and the network and can allow or block network traffic between the two. The supplicant is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. With 802.1X port-based authentication, the supplicant must initially provide the required credentials to the authenticator – these will have been specified in advance by the network administrator, and could include a user name/password or a permitted digital certificate.
Hi Xinyi, what you found is interesting. The wrong 802.11 security measures solve some common mistakes about WiFi security, explain in detail the reasons why these measures are invalid and suggest using 802.11i or WPA instead. One of the security measures emphasized is that disabling SSID broadcasting will make the wireless access point inaccessible, so it is safe. On the contrary, a blocked/hidden SSID is easy to be found by your local script boy using WiFi hacking tools, which is called “de camouflage”. One such tool is the cracking ng suite in Kali Linux.
One of the key points I learned from this chapter is the four main goals of ensuring the security of the network environment, namely usability, confidentiality, functionality and access control. It is important to determine the risks and security measures to protect and detect the network, so as to ensure that unauthorized personnel can not access services and resources (availability), obtain information about the network structure (confidentiality), modify network functions (functions), and have too much authorization to invade the network (access control).
In addition, the continuous development of network technology has been plagued by network administrators, they have to constantly update their skills to overcome the latest security threats. Due to budget constraints or dependence on previous technologies, organizations are very reluctant to migrate to the latest network security solutions, which makes the task of network administrators more complex.
Hi Wenyao,
It is sad that threats evolve at a much faster rate than defense mechanisms. With personnel being the main asset that network defense relies on, there is a constant need to update and upgrade skills to keep up with new threats as they emerge.
This chapter talks about the most common network-based denial of service (DoS) attacks. A DoS attack attempts to make a server or network unavailable to legitimate users which reduces availability. DoS attacks accomplish this by flooding the target with traffic. According to this news article, DoS attacks have skyrocketed during this time due to increase of remote working and using home networks instead of secure corporate networks. Organizations need to be aware of the threat of DoS attacks and educate employees about how to safeguard their networks at home. There is a distributed denial of service (DDos) attack in which multiple machines operate together to attack one target. Hackers organize these compromised computer systems together into groups called botnets. This article recommends various ways to protect from these attacks and one of them is preparing a disaster recovery plan before an attack to ensure successful mitigation and recovery.
Hi, Priyanka
I’m in line with your overall position. In addition to the money loss suffered by the company when it suffered system attacks, it should be pointed out that the company also suffered serious losses in the reputation of current and potential customers. A more interesting way for organizations to help mitigate the potential damage of DoS attacks includes alternate network paths and load balancing.
This chapter focuses on how the network itself is attacked, that is, how the attacker can maliciously change the normal operation of the network. C and I.A are most important in the security network. The DoS attack is very interesting because it divides the device into two parts: direct attack and indirect attack. According to this book, “when an attacker tries to send a packet stream directly from the attacker’s computer to the victim, a direct attack will occur. Indirect attacks attempt to drown the victim computer in the same way, but the attacker’s IP address is deceived (forged), and the attack seems to come from another computer. Figure 4-3 shows the example of SYN flood, which is a good way to understand how to deal with the world. In addition, figure 4-7 shows the peer redirection attack. Peer-to-Peer redirect attack is different from SYN flood attack, it is similar to DDoS attack.
There are four broad goals to consider when creating a secure networking environment. They include availability, confidentiality, functionality and access control. Availability ensures that authorized users have access to information, service, and network resources. Denial-of service( DoS) attack are one of the most common types of network against corporations. The next one is confidentiality. The term confidentiality is slightly different than the one we discussed in the precious chapter. It means preventing unauthorized users from gaining information about the network’s structure, data flowing across the network, network protocols used, or packet header values. The next one is functionality. It means to preventing attackers from altering the capabilities or operation of network. The last one is access control. Access control is the policy-driven control of access to systems, data, and dialogues. The goal is to prevent attackers logging into the system, and take sensitive information, with data which is important to the business operation or to delete it.
We often see DoS where I work. They aren’t always attacks but can be. They are often mitigated by blocking the IP entirely or by rate limiting them. This helps prevent the service from being unavailable to other users while we work with the user who is performing a DoS.
This chapter is outlining the requirements for a secure network. There should be confidentiality, integrity, availability, and access controls in place to help secure the network and protect it from such attacks as ARP poisoning, DoS attacks, access control threats and both ethernet and wireless threats.
To me, one of the biggest concerns today is a DoS attack on a platform. There are many bot networks which have been used in the past to send a lot of bogus traffic to platforms such as the AWS service. In the past, these attacks have caused availability issues for end users. Because the platform is busy being DDoSed, there is no way for a user to perform normal activities. it’s important for organizations to have incident response plans and redundancy measures in place to help prevent and stop these types of attacks.
The takeaway from this chapter for me was the section on wireless security. Not only is there ethernet LANs but also WLANs and these can be even more difficult to protect. Due to their nature, they can be accessed or attempted to be accessed remotely by attackers which increases the difficult when comparing them to LAN connections. These attacks will focus on the access point that can be connected to via radio waves as shown in the 802.11 standard diagram. This means these attackers can stay a safe distance away from a building where the access point is located and can conduct unauthorized network access, man-in-the-middle attacks using an evil twin and wireless DOS attacks. Unauthorized attacks will typically be on a private network where the attacker cracks the wireless security protocols. If these protocols are put in place correctly, any unauthorized access should be detectable by the security team. A weakness in wireless networks is the rogue access point when an individual or department creates another access point with little to no security. These rogue points create an easy, low hanging fruit for remote hackers to bypass the security set up to protect the main access point.
One interesting point I took from this reading is ethernet and wireless security. For ethernet security, 802.1X provides port-based access control for users who want to connect to the network. The port is in an unauthorized state and once the user is authenticated the port changes to an authorized state, providing access to the user. 802.1X relies on the extensible authentication protocol and central authentication server. The authentication server also understands authorization and what resource objects the subject user can have access to. Wireless security is becoming more of an issue due to the increase of internet of things devices. More IoT devices connected to the network increases the attack surface for threat actors to explore. Additionally, it means an organization has more to worry about. When it comes to securing a network, these two should not be forgotten about.
One thing I took away from this chapter was that Denial-of-Service attacks (DoS) are not always an external attack or issue. The chapter discusses that DoS attacks could be internal in the case of Newsnet Scotland, which claimed to be attacked by an external group for political reasons, but lost service due to bad coding and was easily remedied once the infringing code was found and fixed. DoS attacks are also not malicious all the time. Sometimes a larger site, such as a news site, will link to a smaller site for crediting a source. This small website most likely was not anticipating a large load of traffic all at one time, which would cause the site to crash. Whether the attack was intentional or not, the end goal is the same, which is that a service was stopped or slowed to the point of not being usable. Any DoS attack would affect sales, productivity, and potentially reputation of the company. It’s important to have plans in place to prevent DoS attacks from happening.
Hi, Krish. I agree that the DoS attack would affect sales, productivity, and potentially reputation of the company. Especially, retail online shopping just needs one minute DoS attack, and it may have lost $1 million. Perhaps, the customers’ information was stolen. It can have many possibilities during this one-minute DoS attack.
I completely agree that a DoS could be caused by software bugs. The “attacks” don’t necessarily have to be attacks. Sometimes a piece of software can cause a loop to occur which sends a lot of traffic to the end computer. This can overload the processor and cause it to become unavailable.
Another example is the software my company makes, Nessus, can often be blamed for a DoS but we are typically just performing a service scan. When this happens, it’s the fault of Nessus, it’s the end computer which is vulnerable to a DoS. The end user has to make sure their computer is not overloaded with our requests in order to prevent the DoS. In our eyes, we did them a favor by pointing out the vulnerability.
Hi Krish,
Thank you for your response! I totally agree with you that DoS attacks are not always external attacks. It is easy for one to think that DoS primarily provides external threat. This is untrue as internal stakeholders are just as likely to exploit a firm using Dos Attack!
DoS attacks affect the retail industry in some critical moments. As chapter 4 mention that DoS attacks can cause harm by stopping a critical service or slowly degrading services over time, the attackers will focus on HTTP, which the most common service, to break down the online shopping website. If one website stops the service for an hour on cyber Monday by the DoS attack, the company can lose a huge amount of revenues or may have any potential threat, including the employees are not able to access their email or shut down a very important application. Although the stop critical service can be identified and solved efficiently, the slowly degrades service is more complicated for Network administrators cleaning the barriers. Some hackers may use degrade service to test the strength of the website and then they use the full scale of the DoS attack. Therefore, the organization needs to spend more time building up the prevention against these threats.
Hi, Cami, thank you for your sharing, I totally agree with your point about the stopping a critical service or slowly degrading services over time. I’d like to add two more things on that, The stopping a critical service would cause the short-time period system breakdown and financial loss as you said. But the slowly degrading services last a long-time period and hard to detect and this will cause a huge unnecessary capital cost for upgrade the current bandwidth, hardware and software.
The crux of this chapter is the DDoS attack. Availability is one of the three most important items to protect in the CIA triad. While your data is not under attack, it may become unavailable or inaccessible. This can be a huge disruption to the company inherently and directly. There are financial impacts, impacts to consumer trust, political impacts, etc. The cost can be great to a company that suffers from a Distributed Denial of Service attack. They can be undetectable if the attacker is careful enough to protect his identity using zombie computers as botnets. this overwhelming amount can range from thousands to millions of computers sending anything from spam to forms of malware such as ransom ware.
I think it was a pertinent point to bring up Availability in relation to DoS attacks. You are correct that the loss of it is potentially damaging to an organization. It’s a scary thought to lose access to something and have no control of fixing the situation depending on how many computers are involved in the DoS attack, as well as how long the attack lasts.
This chapter was a deep dive into securing networks. Specific attention was given to DoS attacks. Attackers launch DoS attacks against an organization’s most crucial service which is generally the HTTP service. When attacker’s DoS an HTTP server, it not only brings down that service, but it can keep employees from accessing their e-mail or cause file servers to shut down an application. There are a few methods of DoS attacks mentioned mentioned in the chapter. Backscatter was an interesting concept. Generally when attackers perform a direct DoS attack, they spoof their IP so it cannot be traced back to them. The result of this is Backscatter. It occurs when the victim’s computer sends responses back to the spoofed IP address used by the attacker which inadvertently floods an unintended victim. The chapter also goes on to describe ways to mitigate a DoS attack. One option is called black holing. Essentially this means to drop all IP packets originating from the attacking IP. Some firewalls are able to thwart DoS attacks by pre-validating the TCP handshake with false opens. When a SYN packet arrives at the firewall, it does not forward it to the designated server. Instead, it sends a SYN/ACK segment back to the source IP. If the source IP sends back an ACK packet (which is a sign that the connection attempt is legitimate), then the firewall will forward the original SYN packet to the target server.
One of the topics that I found interesting is Wireless Intruision Detection Systems. These are complex systems that companies that have central management for their many access points can purchase centralized wireless intrusion detection system software. Each access point becomes a wireless IDS agent, sending appropriate information to the central wireless IDS con- sole. The console transfers the data to an IDS database. It also sorts through data in the database to find indications of problems. There is a good chance that a centralized wireless IDS can identify rogue or evil twin access points. There are two alternatives to using a centralized wireless IDS but neither are very effective. The first is simply not to worry about intrusion detection. Given the commonness of wire- less attacks, this is hardly wise. The second alternative is to walk around the building frequently with a laptop that has wireless IDS software. This is likely to require a prohibitive amount of labor, and it cannot catch threats that appear after the wireless security administrator has checked a part of the site for threats. Nor is this approach likely to catch evil twin access points, which only operate occasionally and so may not be operating when the wireless administrator is sweep- ing the building for concerns.
The Internet has penetrated into every aspect of life. Under the catalysis of frequent security incidents, network information security has risen to a national strategic height. The popularity of the mobile Internet and the Internet of Things, as well as the rapid development of cloud computing and big data, have brought more new challenges to cyber security. The development of network technology, the improvement of computing storage capacity, and the application of new technologies such as big data drive the continuous development of the network security industry. It is the development trend of network security to realize intelligent business through big data and AI technology. Increased along with the network attack, damage degree rise, soaring demand for network security professionals, but the serious shortage of talent, at the same time new forms are also increasingly driven by these factors, the industry began to look for automation network security solutions, big data technology and difficult recognition, machine learning and so on the rapid development of artificial intelligence technology, the rising of network security technology. The new generation of artificial intelligence through deep machine learning must be based on big data, and big data network security, especially the field of network public security, will be one of the fields where artificial intelligence will give full play to its huge potential in the future.
Big data has always been a big deal. The collection of vast amounts of information drive how much IT security professionals have become critical in every industry. What’s expanding just as exponentially is not only data but “how” we generate it. There are some many new apps, new tools and new “things” in IoT that there are that many more attack vectors than ever before. There is new traffic, traveling through new channels that security experts have to be mindful of not only the data and where it is stored but also it’s origin, the path it travels and all the potential areas it could have been infected, manipulated, hacked in.
Main takeaway I had from the reading was the various controls built within the different standards that govern a typical network. From physical and data link layer where physical layer standards govern physical connections between consecutive devices. For devices connected with unshielded twisted pair copper wires, the standard dictates how variations in voltage indicate a 1 or a 0. Fiber optic sends light signals where lights on equal 1 and off equal 0 while wireless transmissions use radio waves in spread spectrum to improve propagation reliability from device to device. Finally physical layer also needs to be able to self-correct when two switches are caught in a loop, switch supervisory frames allow switches to close selected ports to break the loop. The switch supervisory frames also introduced a risk that attackers could take advantage of where an attacker could spoof a switch and send an overload of supervisory frames to a specific device or series of devices. The introduction of authentication between switches resolved this vulnerability.
Hi Heather, I like your analysis of the different layers being used as physical connections are guarded. I’m not the most familiar with switches but your analysis helps me better understand it’s used and how it’s interpreted.
The key point that I took from this article was the DoS attack usually cause harm by following two ways: 1. stopping a critical service. 2. slowly degrading services over time. The first one is launching DoS attack against organization’s most important service which would cause the short-time period system breakdown and financial loss. But the second one last a long-time period and hard to detect. In addition, because of the nature of lasting the network administration can not find the clear distinction between the normal growth in network traffic and the progressive DoS attack. And this kind of attack will cause a huge unnecessary capital cost for upgrade the current bandwidth, hardware and software.
Hello, Zhen! I want to add something to your comments about cost. DDoS attacks cause a lot of problems and they can be difficult to track and prevent since they stem from a large number of seemingly legitimate devices. DDoS may result in lost productivity and business, extra labor in fixing and protecting against the issue.
I agree with your point mentioned that DOS attack against organization’s most important service. DDoS attacks may create high traffic of useless data, causing network congestion and making the victim host unable to communicate with the outside world normally.
The most relatable concept in this reading is the Evil Twin Access point attacks under wireless security. As much as wireless networks have been around for two decades, this attack remains a threat to unsuspecting public especially at a time when wireless access points are all over the place. Even on secured networks, an attacker can still find a way to trick users into connecting to a spoofed SSID. One of the common ways used is flooding the access point, -which is a method of wireless denial of service-. The attacker can also break the connection between a client and the legitimate access point by sending spoofed de-authentication frames.
Once connected to the spoofed wireless network, the attacker has total control of this network and can intercept any communication and inject other attacks in the user’s session and device.
Hi Humbert, I agree with you that the evil twin scenario was very relatable for wireless DoS attacks and basically spoofing de-authentication frames to the downstream routers. These types attacks easily shut down the wireless router from functioning and are an easy way to deny availability of a wireless network.
I also agree with you with the multiple access point issue. I touched on it in my response but it is imperative for all employees to notify or gain approval before creating an access point. If they don’t the security team could invest tons of time and assets into making sure the main AP is secured, but if they weren’t notified about the new access point created it not only will undermine the main access point but potentially the entire system.
The key takeaway I find in this chapter is the DOS attack. DoS is the abbreviation of Denial of Service, that is, denial of service. Attacks that cause DoS are called DoS attacks, whose purpose is to make computers or networks unable to provide standard services. The most common DoS attacks are computer network broadband attacks and connectivity attacks.
DoS attack refers to deliberately attacking the network protocol implementation flaws or directly using brutal means to ruthlessly exhaust the attacked object’s resources. The purpose is to make the target computer or network unable to provide standard services or resource access so that the target system service system stops responding. Even crash, and this attack does not include intrusion into the target server or target network device. These service resources include network bandwidth, file system space capacity, open processes, or allowed connections. This kind of attack will lead to a lack of resources. No matter how fast the computer’s processing speed, memory capacity, or network bandwidth is, this attack’s consequences cannot be avoided.
Hi Zibai, I agree with your point of view. Denial of Service is really common and effective in attacking the target network, with immediate effect with huge negative results in the end. It can prevent authorized users from logging into the system.
The four goals in building secure networking environments are confidentiality, availability, functionality, and access control. Although we often hear about the CIA triad in information security, a secure network also requires we have appropriate network functionality and having access control in place. Availability is the idea that authorized users are able to have access to information, services, and network resources. If the environment is not built on ensuring availability to these users, cyber-attacks such as DoS cause disturbance on conducting day to day operations. Confidentiality in a secure network environment is ensuring that unauthorized users are unable to gain information about the network’s structure, data flow, protocols used, and even packet header values. Having encryption across your network so only authorized users can view this information helps proactively secure the environment’s confidentiality. Functionality is used to prevent attacks from altering capabilities within the network; having appropriate network functionality ensures packets are correctly routed, hostnames are correctly resolved, unapproved protocols are excluded, and IP addresses are appropriately assigned. The last goal the secure networking environment should have is access control. Access controls are policy-driven control of access to the systems, data, and dialogues. This is so unauthorized users are unable to access internal resources.
Hi Mei,
You bring a valid point of having some level of obscurity to background operations within a network. There is no need for a regular user to understand the underlying infrastructure and how different technology interact using the given protocols.
Ethernet LANs offered no access control security. Any intruder who entered a corporate building could walk up to any wall jack and plug in a notebook computer. The intruder would then have unfettered access to the LAN’s computers, bypassing the site’s border firewall. This was a complete breakdown in access control. The 802.1X standard is an IEEE Standard for port-based Network Access Control, it provides access control to prevent illegitimate clients from associating with a network. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device that wishes to attach to the LAN/WLAN. The authenticator is a network device which provides a data link between the client and the network and can allow or block network traffic between the two. The supplicant is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. With 802.1X port-based authentication, the supplicant must initially provide the required credentials to the authenticator – these will have been specified in advance by the network administrator, and could include a user name/password or a permitted digital certificate.
Hi Xinyi, what you found is interesting. The wrong 802.11 security measures solve some common mistakes about WiFi security, explain in detail the reasons why these measures are invalid and suggest using 802.11i or WPA instead. One of the security measures emphasized is that disabling SSID broadcasting will make the wireless access point inaccessible, so it is safe. On the contrary, a blocked/hidden SSID is easy to be found by your local script boy using WiFi hacking tools, which is called “de camouflage”. One such tool is the cracking ng suite in Kali Linux.
One of the key points I learned from this chapter is the four main goals of ensuring the security of the network environment, namely usability, confidentiality, functionality and access control. It is important to determine the risks and security measures to protect and detect the network, so as to ensure that unauthorized personnel can not access services and resources (availability), obtain information about the network structure (confidentiality), modify network functions (functions), and have too much authorization to invade the network (access control).
In addition, the continuous development of network technology has been plagued by network administrators, they have to constantly update their skills to overcome the latest security threats. Due to budget constraints or dependence on previous technologies, organizations are very reluctant to migrate to the latest network security solutions, which makes the task of network administrators more complex.
Hi Wenyao,
It is sad that threats evolve at a much faster rate than defense mechanisms. With personnel being the main asset that network defense relies on, there is a constant need to update and upgrade skills to keep up with new threats as they emerge.
This chapter talks about the most common network-based denial of service (DoS) attacks. A DoS attack attempts to make a server or network unavailable to legitimate users which reduces availability. DoS attacks accomplish this by flooding the target with traffic. According to this news article, DoS attacks have skyrocketed during this time due to increase of remote working and using home networks instead of secure corporate networks. Organizations need to be aware of the threat of DoS attacks and educate employees about how to safeguard their networks at home. There is a distributed denial of service (DDos) attack in which multiple machines operate together to attack one target. Hackers organize these compromised computer systems together into groups called botnets. This article recommends various ways to protect from these attacks and one of them is preparing a disaster recovery plan before an attack to ensure successful mitigation and recovery.
https://www.bizjournals.com/twincities/news/2021/02/02/are-your-remote-workers-protected-against-hackers.html
Hi, Priyanka
I’m in line with your overall position. In addition to the money loss suffered by the company when it suffered system attacks, it should be pointed out that the company also suffered serious losses in the reputation of current and potential customers. A more interesting way for organizations to help mitigate the potential damage of DoS attacks includes alternate network paths and load balancing.
This chapter focuses on how the network itself is attacked, that is, how the attacker can maliciously change the normal operation of the network. C and I.A are most important in the security network. The DoS attack is very interesting because it divides the device into two parts: direct attack and indirect attack. According to this book, “when an attacker tries to send a packet stream directly from the attacker’s computer to the victim, a direct attack will occur. Indirect attacks attempt to drown the victim computer in the same way, but the attacker’s IP address is deceived (forged), and the attack seems to come from another computer. Figure 4-3 shows the example of SYN flood, which is a good way to understand how to deal with the world. In addition, figure 4-7 shows the peer redirection attack. Peer-to-Peer redirect attack is different from SYN flood attack, it is similar to DDoS attack.
There are four broad goals to consider when creating a secure networking environment. They include availability, confidentiality, functionality and access control. Availability ensures that authorized users have access to information, service, and network resources. Denial-of service( DoS) attack are one of the most common types of network against corporations. The next one is confidentiality. The term confidentiality is slightly different than the one we discussed in the precious chapter. It means preventing unauthorized users from gaining information about the network’s structure, data flowing across the network, network protocols used, or packet header values. The next one is functionality. It means to preventing attackers from altering the capabilities or operation of network. The last one is access control. Access control is the policy-driven control of access to systems, data, and dialogues. The goal is to prevent attackers logging into the system, and take sensitive information, with data which is important to the business operation or to delete it.
We often see DoS where I work. They aren’t always attacks but can be. They are often mitigated by blocking the IP entirely or by rate limiting them. This helps prevent the service from being unavailable to other users while we work with the user who is performing a DoS.
This chapter is outlining the requirements for a secure network. There should be confidentiality, integrity, availability, and access controls in place to help secure the network and protect it from such attacks as ARP poisoning, DoS attacks, access control threats and both ethernet and wireless threats.
To me, one of the biggest concerns today is a DoS attack on a platform. There are many bot networks which have been used in the past to send a lot of bogus traffic to platforms such as the AWS service. In the past, these attacks have caused availability issues for end users. Because the platform is busy being DDoSed, there is no way for a user to perform normal activities. it’s important for organizations to have incident response plans and redundancy measures in place to help prevent and stop these types of attacks.
The takeaway from this chapter for me was the section on wireless security. Not only is there ethernet LANs but also WLANs and these can be even more difficult to protect. Due to their nature, they can be accessed or attempted to be accessed remotely by attackers which increases the difficult when comparing them to LAN connections. These attacks will focus on the access point that can be connected to via radio waves as shown in the 802.11 standard diagram. This means these attackers can stay a safe distance away from a building where the access point is located and can conduct unauthorized network access, man-in-the-middle attacks using an evil twin and wireless DOS attacks. Unauthorized attacks will typically be on a private network where the attacker cracks the wireless security protocols. If these protocols are put in place correctly, any unauthorized access should be detectable by the security team. A weakness in wireless networks is the rogue access point when an individual or department creates another access point with little to no security. These rogue points create an easy, low hanging fruit for remote hackers to bypass the security set up to protect the main access point.
One interesting point I took from this reading is ethernet and wireless security. For ethernet security, 802.1X provides port-based access control for users who want to connect to the network. The port is in an unauthorized state and once the user is authenticated the port changes to an authorized state, providing access to the user. 802.1X relies on the extensible authentication protocol and central authentication server. The authentication server also understands authorization and what resource objects the subject user can have access to. Wireless security is becoming more of an issue due to the increase of internet of things devices. More IoT devices connected to the network increases the attack surface for threat actors to explore. Additionally, it means an organization has more to worry about. When it comes to securing a network, these two should not be forgotten about.
One thing I took away from this chapter was that Denial-of-Service attacks (DoS) are not always an external attack or issue. The chapter discusses that DoS attacks could be internal in the case of Newsnet Scotland, which claimed to be attacked by an external group for political reasons, but lost service due to bad coding and was easily remedied once the infringing code was found and fixed. DoS attacks are also not malicious all the time. Sometimes a larger site, such as a news site, will link to a smaller site for crediting a source. This small website most likely was not anticipating a large load of traffic all at one time, which would cause the site to crash. Whether the attack was intentional or not, the end goal is the same, which is that a service was stopped or slowed to the point of not being usable. Any DoS attack would affect sales, productivity, and potentially reputation of the company. It’s important to have plans in place to prevent DoS attacks from happening.
Hi, Krish. I agree that the DoS attack would affect sales, productivity, and potentially reputation of the company. Especially, retail online shopping just needs one minute DoS attack, and it may have lost $1 million. Perhaps, the customers’ information was stolen. It can have many possibilities during this one-minute DoS attack.
I completely agree that a DoS could be caused by software bugs. The “attacks” don’t necessarily have to be attacks. Sometimes a piece of software can cause a loop to occur which sends a lot of traffic to the end computer. This can overload the processor and cause it to become unavailable.
Another example is the software my company makes, Nessus, can often be blamed for a DoS but we are typically just performing a service scan. When this happens, it’s the fault of Nessus, it’s the end computer which is vulnerable to a DoS. The end user has to make sure their computer is not overloaded with our requests in order to prevent the DoS. In our eyes, we did them a favor by pointing out the vulnerability.
Hi Krish,
Thank you for your response! I totally agree with you that DoS attacks are not always external attacks. It is easy for one to think that DoS primarily provides external threat. This is untrue as internal stakeholders are just as likely to exploit a firm using Dos Attack!
DoS attacks affect the retail industry in some critical moments. As chapter 4 mention that DoS attacks can cause harm by stopping a critical service or slowly degrading services over time, the attackers will focus on HTTP, which the most common service, to break down the online shopping website. If one website stops the service for an hour on cyber Monday by the DoS attack, the company can lose a huge amount of revenues or may have any potential threat, including the employees are not able to access their email or shut down a very important application. Although the stop critical service can be identified and solved efficiently, the slowly degrades service is more complicated for Network administrators cleaning the barriers. Some hackers may use degrade service to test the strength of the website and then they use the full scale of the DoS attack. Therefore, the organization needs to spend more time building up the prevention against these threats.
Hi, Cami, thank you for your sharing, I totally agree with your point about the stopping a critical service or slowly degrading services over time. I’d like to add two more things on that, The stopping a critical service would cause the short-time period system breakdown and financial loss as you said. But the slowly degrading services last a long-time period and hard to detect and this will cause a huge unnecessary capital cost for upgrade the current bandwidth, hardware and software.
The crux of this chapter is the DDoS attack. Availability is one of the three most important items to protect in the CIA triad. While your data is not under attack, it may become unavailable or inaccessible. This can be a huge disruption to the company inherently and directly. There are financial impacts, impacts to consumer trust, political impacts, etc. The cost can be great to a company that suffers from a Distributed Denial of Service attack. They can be undetectable if the attacker is careful enough to protect his identity using zombie computers as botnets. this overwhelming amount can range from thousands to millions of computers sending anything from spam to forms of malware such as ransom ware.
Hi Vanessa,
I think it was a pertinent point to bring up Availability in relation to DoS attacks. You are correct that the loss of it is potentially damaging to an organization. It’s a scary thought to lose access to something and have no control of fixing the situation depending on how many computers are involved in the DoS attack, as well as how long the attack lasts.
This chapter was a deep dive into securing networks. Specific attention was given to DoS attacks. Attackers launch DoS attacks against an organization’s most crucial service which is generally the HTTP service. When attacker’s DoS an HTTP server, it not only brings down that service, but it can keep employees from accessing their e-mail or cause file servers to shut down an application. There are a few methods of DoS attacks mentioned mentioned in the chapter. Backscatter was an interesting concept. Generally when attackers perform a direct DoS attack, they spoof their IP so it cannot be traced back to them. The result of this is Backscatter. It occurs when the victim’s computer sends responses back to the spoofed IP address used by the attacker which inadvertently floods an unintended victim. The chapter also goes on to describe ways to mitigate a DoS attack. One option is called black holing. Essentially this means to drop all IP packets originating from the attacking IP. Some firewalls are able to thwart DoS attacks by pre-validating the TCP handshake with false opens. When a SYN packet arrives at the firewall, it does not forward it to the designated server. Instead, it sends a SYN/ACK segment back to the source IP. If the source IP sends back an ACK packet (which is a sign that the connection attempt is legitimate), then the firewall will forward the original SYN packet to the target server.
One of the topics that I found interesting is Wireless Intruision Detection Systems. These are complex systems that companies that have central management for their many access points can purchase centralized wireless intrusion detection system software. Each access point becomes a wireless IDS agent, sending appropriate information to the central wireless IDS con- sole. The console transfers the data to an IDS database. It also sorts through data in the database to find indications of problems. There is a good chance that a centralized wireless IDS can identify rogue or evil twin access points. There are two alternatives to using a centralized wireless IDS but neither are very effective. The first is simply not to worry about intrusion detection. Given the commonness of wire- less attacks, this is hardly wise. The second alternative is to walk around the building frequently with a laptop that has wireless IDS software. This is likely to require a prohibitive amount of labor, and it cannot catch threats that appear after the wireless security administrator has checked a part of the site for threats. Nor is this approach likely to catch evil twin access points, which only operate occasionally and so may not be operating when the wireless administrator is sweep- ing the building for concerns.
The Internet has penetrated into every aspect of life. Under the catalysis of frequent security incidents, network information security has risen to a national strategic height. The popularity of the mobile Internet and the Internet of Things, as well as the rapid development of cloud computing and big data, have brought more new challenges to cyber security. The development of network technology, the improvement of computing storage capacity, and the application of new technologies such as big data drive the continuous development of the network security industry. It is the development trend of network security to realize intelligent business through big data and AI technology. Increased along with the network attack, damage degree rise, soaring demand for network security professionals, but the serious shortage of talent, at the same time new forms are also increasingly driven by these factors, the industry began to look for automation network security solutions, big data technology and difficult recognition, machine learning and so on the rapid development of artificial intelligence technology, the rising of network security technology. The new generation of artificial intelligence through deep machine learning must be based on big data, and big data network security, especially the field of network public security, will be one of the fields where artificial intelligence will give full play to its huge potential in the future.
Big data has always been a big deal. The collection of vast amounts of information drive how much IT security professionals have become critical in every industry. What’s expanding just as exponentially is not only data but “how” we generate it. There are some many new apps, new tools and new “things” in IoT that there are that many more attack vectors than ever before. There is new traffic, traveling through new channels that security experts have to be mindful of not only the data and where it is stored but also it’s origin, the path it travels and all the potential areas it could have been infected, manipulated, hacked in.
Main takeaway I had from the reading was the various controls built within the different standards that govern a typical network. From physical and data link layer where physical layer standards govern physical connections between consecutive devices. For devices connected with unshielded twisted pair copper wires, the standard dictates how variations in voltage indicate a 1 or a 0. Fiber optic sends light signals where lights on equal 1 and off equal 0 while wireless transmissions use radio waves in spread spectrum to improve propagation reliability from device to device. Finally physical layer also needs to be able to self-correct when two switches are caught in a loop, switch supervisory frames allow switches to close selected ports to break the loop. The switch supervisory frames also introduced a risk that attackers could take advantage of where an attacker could spoof a switch and send an overload of supervisory frames to a specific device or series of devices. The introduction of authentication between switches resolved this vulnerability.
Hi Heather, I like your analysis of the different layers being used as physical connections are guarded. I’m not the most familiar with switches but your analysis helps me better understand it’s used and how it’s interpreted.
The key point that I took from this article was the DoS attack usually cause harm by following two ways: 1. stopping a critical service. 2. slowly degrading services over time. The first one is launching DoS attack against organization’s most important service which would cause the short-time period system breakdown and financial loss. But the second one last a long-time period and hard to detect. In addition, because of the nature of lasting the network administration can not find the clear distinction between the normal growth in network traffic and the progressive DoS attack. And this kind of attack will cause a huge unnecessary capital cost for upgrade the current bandwidth, hardware and software.
Hello, Zhen! I want to add something to your comments about cost. DDoS attacks cause a lot of problems and they can be difficult to track and prevent since they stem from a large number of seemingly legitimate devices. DDoS may result in lost productivity and business, extra labor in fixing and protecting against the issue.
I agree with your point mentioned that DOS attack against organization’s most important service. DDoS attacks may create high traffic of useless data, causing network congestion and making the victim host unable to communicate with the outside world normally.
The most relatable concept in this reading is the Evil Twin Access point attacks under wireless security. As much as wireless networks have been around for two decades, this attack remains a threat to unsuspecting public especially at a time when wireless access points are all over the place. Even on secured networks, an attacker can still find a way to trick users into connecting to a spoofed SSID. One of the common ways used is flooding the access point, -which is a method of wireless denial of service-. The attacker can also break the connection between a client and the legitimate access point by sending spoofed de-authentication frames.
Once connected to the spoofed wireless network, the attacker has total control of this network and can intercept any communication and inject other attacks in the user’s session and device.
Hi Humbert, I agree with you that the evil twin scenario was very relatable for wireless DoS attacks and basically spoofing de-authentication frames to the downstream routers. These types attacks easily shut down the wireless router from functioning and are an easy way to deny availability of a wireless network.
Humbert,
I also agree with you with the multiple access point issue. I touched on it in my response but it is imperative for all employees to notify or gain approval before creating an access point. If they don’t the security team could invest tons of time and assets into making sure the main AP is secured, but if they weren’t notified about the new access point created it not only will undermine the main access point but potentially the entire system.