A reflected attack uses legitimate responses to initiate a denial of service against the victim. For example, an attacker could send spoofed requests to a target server resulting in the device being overwhelmed with responses. High volume servers are often targeted in these types of attacks as they can deliver a large number of responses which increases effectiveness. On initial review, the victim only sees legitimate requests as the servers have been manipulated by the spoofing. Taking the manipulated systems offline can increase the impact of the attack as they may inadvertently block other services while doing this.
I found this type of attack to be interesting as it uses the network against itself. Proper monitoring and anomaly detection is important as it can help to detect and stop this type of attack from happening. Rate limiting is also important as this can restrict the amount of legitimate services from being used on the network, e.g. limiting the number of ICMP requests.
Thanks Matthew. I think deploying load balancers could also help reduce the impact of this kind of attack. While it may not entirely prevent the attack it could prolong the amount of time it takes to take a server offline. Ideally incident responders would identify and resolve the incident before the server is taken offline.
There are four objectives to consider when creating a secure network, availability, confidentiality, functionality, and access control. Attacks against networks typically focus on disrupting one or more of these targets. Denial of Service (DoS) is the disruption of network availability, where authorized users will lose access to information, services, and network resources, which can render business transactions with customers, suppliers, and employees impossible. This is a common attack in business, which is to deny access to the server, stop the critical services of the enterprise and cause business interruption. Address Resolution Protocol (ARP) poisoning can alter the functionality of internal networks, allowing attackers to steal trade secrets. ARP is a network attack where the attacker needs to have a computer on the local network. The way to prevent ARP poisoning is to use static IP and ARP tables, and restrict local access.
The clearest form of unauthorized access is when an attacker “cracks” the wireless security
protocols on a secured network. Wireless security protocols, discussed later, are enabled and
configured on wireless access points. Properly configured APs authenticate users, encrypt wireless
traffic, and can detect intrusions.
A serious threat to wireless networks is the introduction of a rogue access point as shown in
Figure 4-22. Rogue access points are unauthorized access points set up by individuals or departments
with little or no security. Rogue access points give a drive-by hacker a clean shot into the
network, bypassing a firms carefully developed wireless security in legitimate access points.
I found this interesting as it reminded me of the episode from Mr. Robot where Elliot installs malicious code onto a Femtocell, a device that mimics cell phone towers, then has Angela place the device inside of the E Corp Build where the FBI is conducting an investigation. The plan is to intercept and download cell data from any FBI agent within a 100-foot radius. Some preventive measures that detect and prevent various types of rogue access points are: Implementing IDS/IPS systems, Continuous scanning of rogue devices and there should be a plan laid out to remediate the process for rogue device.
I like the challenges that wireless security presents as the traditional physical perimeter is no longer applicable. An attacker can be effective from across the street or even from the air when using a drone mounted rogue access point. The following article provides more information on this emerging threat: https://securityboulevard.com/2022/01/from-drone-to-counter-drone-the-shifting-role-of-cybersecurity/
In addition to scanning for rogue access points, physical security is important when protecting wireless networks, e.g. reviewing CCTV footage of surrounding areas for suspicious vehicles, personnel carrying unusual equipment, etc. Organizations may be unable to engage with the actor off their property, but they can use the intelligence from physical security teams to investigate potential threats. For example, physical and cybersecurity teams could correlate wifi de-authorization events with CCTV footage of the same van parking across the street from their business.
The insight understanding from this chapter makes emphasis on the Cia-Triad and the goal was based on the fouth added objective “Functionality” by ensuring appropriate network security and functionality to prevent attackers from gaining network access into altering the capabilities of a network operation and possible denial of service (DoS) attack which always attempts to make server or network unavailable to serve legitimate users by flooding it with attack packets. Unauthorized user access, this part explains the security considerations when building a network functionality that is, policy-driven control should be the overall goal. The goal is to prevent attackers logging into the system, and take sensitive information, with data which is important to the business operation or to delete it. Also, it addresses having more internal intrusion detection systems (IDS), virtual LANs, central authentication servers and encrypted internal traffic for information at rest and in transit.
Organizations need to be aware of common and uncommon threat of a DoS attacks and educate employees about how to safeguard their networks at all time. It also recommends various ways of protection from these attacks.
Chapter 4 Secure Networks laid out the 4 broad goals for creating a secure network environment, which are Availability, Confidentiality, Functionality and Access Control.
-Availability- Users have access to information services and network resources.
-Confidentiality-Prevent unauthorized users from gaining information about a network.
-Functionality-Preventing attackers from altering the capabilities or normal operations of a network.
-Access Controls-Keep attackers, or unauthorized employees, from accessing internal resources
Chapter 4 also explained Dos Attacks.
A Denial-of-Service DoS attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users of the service or resource they expected.
A section that stood out to me was 4.1.2 Future of Secure Networks. This section was interesting as it talked about the “Death of the Perimeter”. In which network admins are starting to believe that securing the network 100% is impossible. This is due to there no longer being a single point of entry. This made me think of a slide that comes up in class quite often, the forbidden city. The forbidden city had its defense designed to make attackers come one specific way, a very strong defense as long as one knows which way the attacks have to come from. So I found it very interesting that as the technology grows, that forbidden city concept has to adapt and kind of lose the castle defense and change into the “city model”. Which makes a lot more sense, users can get into the city multiple ways, but the buildings they can access are “controlled”.
I like your detailed summary. There is no 100% network security, as long as there is a network, it is at risk. The multi-layered walls of the Forbidden City can not only resist high-intensity aggression, but also slow down the speed of being breached. Multiple security settings and protections in the network can at least slow down the speed at which the network can be breached by attackers.
Chapter 4 briefly discusses peer-to-peer (P2P) networking and unsecured wireless networks. In a P2P network, computers on a network agree to communicate, connect, and share resources such as sharing files with one another. Since they are considered equal, they also share the same permissions and responsibilities for processing data. However, this can lead one to be vulnerable to a P2P redirect attack where the attacker convinces hosts (i.e. bots) to redirect their legitimate P2P traffic from the P2P server to the victim as can be seen in Figure 4-7 on page 220. Moreover, wireless networks are also susceptible to be attacked by hackers without raising suspicion or permission. Unauthorized access can occur on networks that may, or may not, have security protocols enabled. On page 240, you read about a case about a man who was arrested for allegedly downloading child pornography, but the investigation concluded that the man was innocent. It turns out, the man was signed into a peer-to-peer network and his neighbor had used the man’s wireless network without his knowledge.
What’s even more shocking is that this occurs a lot more often then people would think. In fact, it’s purposely done to incriminate certain individuals on purpose by trying to download illicit material that could land several years in jail. This is why it’s important to check the network to ensure that only allowed devices are assessable within organizations or within your own home. ACLs allow you to uniquely identify devices and give a description for what their purpose on the network is – which secures non-repudiation.
I found the discussion on eavesdropping on ethernet LANs and wireless LANs interesting. In each type of LAN, packet sniffing software could be deployed on the network in order to access and decipher the contents of the network traffic. However when it comes to ethernet LANs, organizations who have strong physical access controls (i.e. periodic reviews of physical access to networking closets) can rely on them in order to protect themselves from unauthorized access to wall jacks. Wireless LANs are a bit more complex since a malicious attacker doesn’t require physical access in order to gain access to the desired data. Organizations must use encryption to mask the data that is being moving through the network via radio transmission. Organizations who use strong encryption methods, such as AES-256, can rely on the algorithm to ensure their network traffic is protected from unauthorized access.
This chapter talks about the different processes or objectives to consider when securing a network. The four objectives are availability, confidentiality, functionality and access control. In this reading, it was also mentioned how hackers have different ways of attacking a network. I would also add that not only outsiders can attack network because when a network is attacked, we automatically think about outsiders or hackers. We have disgruntled employees that have a strategy to attack the network. This method is called “man-in-the-middle attack” which occurs through ARP poisoning attack that an unhappy employee will use to steal trade secrets.
To be realistic, we all know that a network cannot be secure 100% that’s why there is people monitoring activities coming in and out the network. This is explained in the chapter as a “death perimeter”.
Moving forward, we will see what other methods are used to secure a network like firewalls, physical controls etc…
Limiting access to employees in an organization is also a better way to secure network because sometimes not all attacks come from outside. Making policies and procedures related to information systems on the do’s and don’t is also helpful to secure a network.
Great point about limiting access to employees being a way to secure a network, because as we have learned over multiple courses, humans tend to be the source of most threats, whether it was by mistake or on purpose, so I agree limiting as much access as you can gives you the best chance at a secure network.
After reading Chapter 4, I learned about the 4 goals that should be considered when creating a secure network environment. These four goals included availability, confidentiality, functionality, and access control. I also learned about ARP Poisoning. ARP Poisoning consists of abusing the weaknesses in address resolution protocol to corrupt the MAC-to-IP mappings of other devices on the network. ARP poisoning could be used to reroute or stop traffic altogether through a DoS attack. These attacks target the functionality and confidentiality of a network.
In chapter 4, CIA Triad and access control are identified as goals when creating a secure environment. The takeaway for me was one of the most common network-based attacks, DoS attacks, and how they work. The chapter explains that attackers’ intention is to make networks unavailable for users while reducing availability. These attacks eventually cause harm by creating losses from online sales, reputation, productivity, and customer loyalty. They might either affect service by stopping or slowing down, which will affect the availability. The methods introduced in the chapter include: direct/indirect, intermediary reflected, and sending malformed packets. The most interesting part about DoS is that they are easy to detect but hard to stop (Figure 4-11).
This chapter talks about the secure networking infrastructure and helps protect it from outside attackers. It includes availability, confidentiality, functionality, and access control. Ensuring that authorized users have access to information, service, and network resources. In section 4.4, Access control for networks, the remote VPN networks emerged to protect WAN networks especially confidential communications over the internet. SSL/TLS certificate created to protect the Internet. Corporate LANs should be provided access controls that allow only authenticated and authorized personnel on the network.
The key objectives:
– DOS attacks
– ARP poisoning
– Access control for Networks
– Ethernet and wifi Security
The chapter on Network Security from Boyle and Panko highlights the importance of creating a secure networking environment, and touches on some of the threats that are present. There is an array of different attack vectors on a network including DoS attacks, ARP poisoning, 802.11 vulnerabilities, and more. The network of a company is the foundation for the exchange of information between systems and individuals. It is important to ensure that the information is protected while it is at rest on a network, in route to its destination, and ensure it is not intercepted or redirected to malicious actors. The extension of the CIA triad this chapter mentions is the goals of availability, confidentiality, functionality, and access control. To have a secure network means you need to protect against these four areas. With increasingly large networks with new systems and technologies, it increases the attack surface of a company. The safeguards in place need to be scaled up with the increase of the surface area to ensure the four goals are satisfied.
This chapter details Network Security and discusses how your own network – or someone elses network – can be spoofed and used against you. Something that I didn’t think about before is sending packets to servers and spoofing the victim’s address which causes them to blacklist the service. This is also even more devious because it can deny service from the organization – but the victim might also be shutting down essential services from other organizations. I also see this as causing mass chaos between several organizations when they’re initially trying to identify the problem which potentially makes it easier for the attacker to play subterfuge with their tactics. Imagine attacking multiple organizations with their tactics – this would not affect the reputation of one organization but multiple causing massive cost in damages to reputation.
There are 4 broad goals to consider when creating a secure network environment: availability, confidentiality, functionality, and access control. For me, availability is the most important goal to focus. DoS is the disruption of network availability. DoS attacks can come from non-intentional and intentional purposes. Examples of non-intentional purposes are faulty coding, and a dramatic increase in legitimate network traffic. Intentional DoS attacks are focused on stopping critical services or slowly degrading critical services over time.
The malware term bot stands for robots. It’s a term to describe the automation that is taking place behind the scenes when your system is taken over by this type of malware. When it is on your computer it can control almost any aspect of your operating system. There are many ways for this malicious software to infiltrate your system, such as; a Trojan horse, vulnerability in the OS or an application, or alongside an application you are installing normally. The compromised computer will then start working with other infected systems that have the same malicious software installed to create a botnet. This botnet is controlled through a command and control (C&C) server.
The reading says, “botnets with 10,000 computers could be purchased outright for $500”. Due to that being almost two decades ago, I can only imagine and assume that it is much worse today.
I found the section on wireless security to be interesting. While WiFi is incredibly useful, it presents new challenges in network security. Bad actors can gain unauthorized access to private networks through misconfigured access points or rogue access points. A bad actor can also set their computer up to act as an access point and create a MITM attack on a wireless network. The attacker makes their computer look like the legitimate access point and sets the transmission power high enough so that computers on the network connect to their computer or “evil twin access point” instead of the legitimate AP. Finally, bad actors can use DoS in a wireless network setting. The attacker can flood the 2.4-GHz and/or 5-GHz frequency bands, flood the access point, or send attack commands to the AP or even wireless clients.
I like your post. What you have described is also known as an evil twin attack. This is the use of an access point owned by an attacker that usually has been enhanced with higher-gain antennas to look like a better connection to the users and computers attaching to it. By getting users to connect through the evil access point, attackers can more easily analyze traffic and perform man-in-the-middle type attacks.
Chapter 4 of our text looks at the importance maintaining a secure network in order to defend against malicious attacks, such as DoS, Wireless, & ARP attacks. One interesting takeaway I took from the reading was how ARP Poisoning works as it’s something I’m fairly unfamiliar with. Address Resolution Protocol (ARP) is a communication protocol that’s used to resolve 32-bit IP addresses into 48-bit local MAC addresses. Essentially, hosts build ARP tables in order to send/receive information using IP addresses. ARP poisoning works by manipulating these tables to reroute local-area traffic. The attacker can then reroute this traffic for a man-in-the-middle attack, A key point of ARP Poisoning is that the attacker must be on the same local network as the target. With that being said, it is an attack on the functionality & confidentiality of the network because it is changing the network’s normal operations in order to obtain private information.
A reflected attack uses legitimate responses to initiate a denial of service against the victim. For example, an attacker could send spoofed requests to a target server resulting in the device being overwhelmed with responses. High volume servers are often targeted in these types of attacks as they can deliver a large number of responses which increases effectiveness. On initial review, the victim only sees legitimate requests as the servers have been manipulated by the spoofing. Taking the manipulated systems offline can increase the impact of the attack as they may inadvertently block other services while doing this.
I found this type of attack to be interesting as it uses the network against itself. Proper monitoring and anomaly detection is important as it can help to detect and stop this type of attack from happening. Rate limiting is also important as this can restrict the amount of legitimate services from being used on the network, e.g. limiting the number of ICMP requests.
Thanks Matthew. I think deploying load balancers could also help reduce the impact of this kind of attack. While it may not entirely prevent the attack it could prolong the amount of time it takes to take a server offline. Ideally incident responders would identify and resolve the incident before the server is taken offline.
There are four objectives to consider when creating a secure network, availability, confidentiality, functionality, and access control. Attacks against networks typically focus on disrupting one or more of these targets. Denial of Service (DoS) is the disruption of network availability, where authorized users will lose access to information, services, and network resources, which can render business transactions with customers, suppliers, and employees impossible. This is a common attack in business, which is to deny access to the server, stop the critical services of the enterprise and cause business interruption. Address Resolution Protocol (ARP) poisoning can alter the functionality of internal networks, allowing attackers to steal trade secrets. ARP is a network attack where the attacker needs to have a computer on the local network. The way to prevent ARP poisoning is to use static IP and ARP tables, and restrict local access.
The clearest form of unauthorized access is when an attacker “cracks” the wireless security
protocols on a secured network. Wireless security protocols, discussed later, are enabled and
configured on wireless access points. Properly configured APs authenticate users, encrypt wireless
traffic, and can detect intrusions.
A serious threat to wireless networks is the introduction of a rogue access point as shown in
Figure 4-22. Rogue access points are unauthorized access points set up by individuals or departments
with little or no security. Rogue access points give a drive-by hacker a clean shot into the
network, bypassing a firms carefully developed wireless security in legitimate access points.
I found this interesting as it reminded me of the episode from Mr. Robot where Elliot installs malicious code onto a Femtocell, a device that mimics cell phone towers, then has Angela place the device inside of the E Corp Build where the FBI is conducting an investigation. The plan is to intercept and download cell data from any FBI agent within a 100-foot radius. Some preventive measures that detect and prevent various types of rogue access points are: Implementing IDS/IPS systems, Continuous scanning of rogue devices and there should be a plan laid out to remediate the process for rogue device.
I like the challenges that wireless security presents as the traditional physical perimeter is no longer applicable. An attacker can be effective from across the street or even from the air when using a drone mounted rogue access point. The following article provides more information on this emerging threat: https://securityboulevard.com/2022/01/from-drone-to-counter-drone-the-shifting-role-of-cybersecurity/
In addition to scanning for rogue access points, physical security is important when protecting wireless networks, e.g. reviewing CCTV footage of surrounding areas for suspicious vehicles, personnel carrying unusual equipment, etc. Organizations may be unable to engage with the actor off their property, but they can use the intelligence from physical security teams to investigate potential threats. For example, physical and cybersecurity teams could correlate wifi de-authorization events with CCTV footage of the same van parking across the street from their business.
The insight understanding from this chapter makes emphasis on the Cia-Triad and the goal was based on the fouth added objective “Functionality” by ensuring appropriate network security and functionality to prevent attackers from gaining network access into altering the capabilities of a network operation and possible denial of service (DoS) attack which always attempts to make server or network unavailable to serve legitimate users by flooding it with attack packets. Unauthorized user access, this part explains the security considerations when building a network functionality that is, policy-driven control should be the overall goal. The goal is to prevent attackers logging into the system, and take sensitive information, with data which is important to the business operation or to delete it. Also, it addresses having more internal intrusion detection systems (IDS), virtual LANs, central authentication servers and encrypted internal traffic for information at rest and in transit.
Organizations need to be aware of common and uncommon threat of a DoS attacks and educate employees about how to safeguard their networks at all time. It also recommends various ways of protection from these attacks.
Chapter 4 Secure Networks laid out the 4 broad goals for creating a secure network environment, which are Availability, Confidentiality, Functionality and Access Control.
-Availability- Users have access to information services and network resources.
-Confidentiality-Prevent unauthorized users from gaining information about a network.
-Functionality-Preventing attackers from altering the capabilities or normal operations of a network.
-Access Controls-Keep attackers, or unauthorized employees, from accessing internal resources
Chapter 4 also explained Dos Attacks.
A Denial-of-Service DoS attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users of the service or resource they expected.
A section that stood out to me was 4.1.2 Future of Secure Networks. This section was interesting as it talked about the “Death of the Perimeter”. In which network admins are starting to believe that securing the network 100% is impossible. This is due to there no longer being a single point of entry. This made me think of a slide that comes up in class quite often, the forbidden city. The forbidden city had its defense designed to make attackers come one specific way, a very strong defense as long as one knows which way the attacks have to come from. So I found it very interesting that as the technology grows, that forbidden city concept has to adapt and kind of lose the castle defense and change into the “city model”. Which makes a lot more sense, users can get into the city multiple ways, but the buildings they can access are “controlled”.
Hi Jason,
I like your detailed summary. There is no 100% network security, as long as there is a network, it is at risk. The multi-layered walls of the Forbidden City can not only resist high-intensity aggression, but also slow down the speed of being breached. Multiple security settings and protections in the network can at least slow down the speed at which the network can be breached by attackers.
Chapter 4 briefly discusses peer-to-peer (P2P) networking and unsecured wireless networks. In a P2P network, computers on a network agree to communicate, connect, and share resources such as sharing files with one another. Since they are considered equal, they also share the same permissions and responsibilities for processing data. However, this can lead one to be vulnerable to a P2P redirect attack where the attacker convinces hosts (i.e. bots) to redirect their legitimate P2P traffic from the P2P server to the victim as can be seen in Figure 4-7 on page 220. Moreover, wireless networks are also susceptible to be attacked by hackers without raising suspicion or permission. Unauthorized access can occur on networks that may, or may not, have security protocols enabled. On page 240, you read about a case about a man who was arrested for allegedly downloading child pornography, but the investigation concluded that the man was innocent. It turns out, the man was signed into a peer-to-peer network and his neighbor had used the man’s wireless network without his knowledge.
Elizabeth,
What’s even more shocking is that this occurs a lot more often then people would think. In fact, it’s purposely done to incriminate certain individuals on purpose by trying to download illicit material that could land several years in jail. This is why it’s important to check the network to ensure that only allowed devices are assessable within organizations or within your own home. ACLs allow you to uniquely identify devices and give a description for what their purpose on the network is – which secures non-repudiation.
I found the discussion on eavesdropping on ethernet LANs and wireless LANs interesting. In each type of LAN, packet sniffing software could be deployed on the network in order to access and decipher the contents of the network traffic. However when it comes to ethernet LANs, organizations who have strong physical access controls (i.e. periodic reviews of physical access to networking closets) can rely on them in order to protect themselves from unauthorized access to wall jacks. Wireless LANs are a bit more complex since a malicious attacker doesn’t require physical access in order to gain access to the desired data. Organizations must use encryption to mask the data that is being moving through the network via radio transmission. Organizations who use strong encryption methods, such as AES-256, can rely on the algorithm to ensure their network traffic is protected from unauthorized access.
This chapter talks about the different processes or objectives to consider when securing a network. The four objectives are availability, confidentiality, functionality and access control. In this reading, it was also mentioned how hackers have different ways of attacking a network. I would also add that not only outsiders can attack network because when a network is attacked, we automatically think about outsiders or hackers. We have disgruntled employees that have a strategy to attack the network. This method is called “man-in-the-middle attack” which occurs through ARP poisoning attack that an unhappy employee will use to steal trade secrets.
To be realistic, we all know that a network cannot be secure 100% that’s why there is people monitoring activities coming in and out the network. This is explained in the chapter as a “death perimeter”.
Moving forward, we will see what other methods are used to secure a network like firewalls, physical controls etc…
Limiting access to employees in an organization is also a better way to secure network because sometimes not all attacks come from outside. Making policies and procedures related to information systems on the do’s and don’t is also helpful to secure a network.
Hello Ornella,
Great point about limiting access to employees being a way to secure a network, because as we have learned over multiple courses, humans tend to be the source of most threats, whether it was by mistake or on purpose, so I agree limiting as much access as you can gives you the best chance at a secure network.
After reading Chapter 4, I learned about the 4 goals that should be considered when creating a secure network environment. These four goals included availability, confidentiality, functionality, and access control. I also learned about ARP Poisoning. ARP Poisoning consists of abusing the weaknesses in address resolution protocol to corrupt the MAC-to-IP mappings of other devices on the network. ARP poisoning could be used to reroute or stop traffic altogether through a DoS attack. These attacks target the functionality and confidentiality of a network.
In chapter 4, CIA Triad and access control are identified as goals when creating a secure environment. The takeaway for me was one of the most common network-based attacks, DoS attacks, and how they work. The chapter explains that attackers’ intention is to make networks unavailable for users while reducing availability. These attacks eventually cause harm by creating losses from online sales, reputation, productivity, and customer loyalty. They might either affect service by stopping or slowing down, which will affect the availability. The methods introduced in the chapter include: direct/indirect, intermediary reflected, and sending malformed packets. The most interesting part about DoS is that they are easy to detect but hard to stop (Figure 4-11).
This chapter talks about the secure networking infrastructure and helps protect it from outside attackers. It includes availability, confidentiality, functionality, and access control. Ensuring that authorized users have access to information, service, and network resources. In section 4.4, Access control for networks, the remote VPN networks emerged to protect WAN networks especially confidential communications over the internet. SSL/TLS certificate created to protect the Internet. Corporate LANs should be provided access controls that allow only authenticated and authorized personnel on the network.
The key objectives:
– DOS attacks
– ARP poisoning
– Access control for Networks
– Ethernet and wifi Security
The chapter on Network Security from Boyle and Panko highlights the importance of creating a secure networking environment, and touches on some of the threats that are present. There is an array of different attack vectors on a network including DoS attacks, ARP poisoning, 802.11 vulnerabilities, and more. The network of a company is the foundation for the exchange of information between systems and individuals. It is important to ensure that the information is protected while it is at rest on a network, in route to its destination, and ensure it is not intercepted or redirected to malicious actors. The extension of the CIA triad this chapter mentions is the goals of availability, confidentiality, functionality, and access control. To have a secure network means you need to protect against these four areas. With increasingly large networks with new systems and technologies, it increases the attack surface of a company. The safeguards in place need to be scaled up with the increase of the surface area to ensure the four goals are satisfied.
This chapter details Network Security and discusses how your own network – or someone elses network – can be spoofed and used against you. Something that I didn’t think about before is sending packets to servers and spoofing the victim’s address which causes them to blacklist the service. This is also even more devious because it can deny service from the organization – but the victim might also be shutting down essential services from other organizations. I also see this as causing mass chaos between several organizations when they’re initially trying to identify the problem which potentially makes it easier for the attacker to play subterfuge with their tactics. Imagine attacking multiple organizations with their tactics – this would not affect the reputation of one organization but multiple causing massive cost in damages to reputation.
There are 4 broad goals to consider when creating a secure network environment: availability, confidentiality, functionality, and access control. For me, availability is the most important goal to focus. DoS is the disruption of network availability. DoS attacks can come from non-intentional and intentional purposes. Examples of non-intentional purposes are faulty coding, and a dramatic increase in legitimate network traffic. Intentional DoS attacks are focused on stopping critical services or slowly degrading critical services over time.
The malware term bot stands for robots. It’s a term to describe the automation that is taking place behind the scenes when your system is taken over by this type of malware. When it is on your computer it can control almost any aspect of your operating system. There are many ways for this malicious software to infiltrate your system, such as; a Trojan horse, vulnerability in the OS or an application, or alongside an application you are installing normally. The compromised computer will then start working with other infected systems that have the same malicious software installed to create a botnet. This botnet is controlled through a command and control (C&C) server.
The reading says, “botnets with 10,000 computers could be purchased outright for $500”. Due to that being almost two decades ago, I can only imagine and assume that it is much worse today.
I found the section on wireless security to be interesting. While WiFi is incredibly useful, it presents new challenges in network security. Bad actors can gain unauthorized access to private networks through misconfigured access points or rogue access points. A bad actor can also set their computer up to act as an access point and create a MITM attack on a wireless network. The attacker makes their computer look like the legitimate access point and sets the transmission power high enough so that computers on the network connect to their computer or “evil twin access point” instead of the legitimate AP. Finally, bad actors can use DoS in a wireless network setting. The attacker can flood the 2.4-GHz and/or 5-GHz frequency bands, flood the access point, or send attack commands to the AP or even wireless clients.
Hey Amelia,
I like your post. What you have described is also known as an evil twin attack. This is the use of an access point owned by an attacker that usually has been enhanced with higher-gain antennas to look like a better connection to the users and computers attaching to it. By getting users to connect through the evil access point, attackers can more easily analyze traffic and perform man-in-the-middle type attacks.
Chapter 4 of our text looks at the importance maintaining a secure network in order to defend against malicious attacks, such as DoS, Wireless, & ARP attacks. One interesting takeaway I took from the reading was how ARP Poisoning works as it’s something I’m fairly unfamiliar with. Address Resolution Protocol (ARP) is a communication protocol that’s used to resolve 32-bit IP addresses into 48-bit local MAC addresses. Essentially, hosts build ARP tables in order to send/receive information using IP addresses. ARP poisoning works by manipulating these tables to reroute local-area traffic. The attacker can then reroute this traffic for a man-in-the-middle attack, A key point of ARP Poisoning is that the attacker must be on the same local network as the target. With that being said, it is an attack on the functionality & confidentiality of the network because it is changing the network’s normal operations in order to obtain private information.