Defending Networks

 

It is becoming increasingly common to hear about new, dangerous malware or some company being hacked. The number of attacks is on the rise and it seems this may simply be something that comes with the territory. Companies are spending more and more money to ensure they have the strongest most up to date defenses to protect their networks. Frequently, however, an attacker does not need to penetrate these defenses as simple exploits are often left unpatched or unguarded.

Exploits are growing in number and sophistication every day, so it is unreasonable to think every vulnerability could be located and secured. However, there are a number of common exploits that are commonly overlooked. Default passwords or blank administrative passwords are all too common issues. This is primarily a concern with networking hardware itself and allows easy access for an attacker. Sometimes an administrator may be rushing when creating a privileged user account and leave the password blank creating a clean point of entry for an attacker (“Common Exploits”). Intrusion Prevention / Detection Systems (IPS/IDS) are used by more companies, however incomplete or incorrect deployment of these systems is one of the most common vulnerabilities. Companies with a comprehensive security strategy should have a plan in place to find segments that were missed and must be incorporated into the IPS/IDS system by mapping the network (Markluec, 2010).

Attackers are more likely to use a tried and true method, so it is important for a company to know about and defend against the most common attacks. Network attacks generally fall in the category of logic attack or resource attack. Exploiting existing vulnerabilities or software bugs with the intent of crashing a system, granting access to an intruder or degrading network performance are categorized as logic attacks. An attacker may compromise a system by finding a flaw or vulnerability through a service provided over the internet. These service vulnerabilities can go unnoticed during development and testing as an issue such as a buffer overflow is unlikely to be discovered (“Common Exploits”). Frequently, simple or basic websites are manipulated without the owner’s knowledge. Extremely common web application vulnerabilities like Cross-Site Scripting and SQL injection are not uncommon for even trusted websites, giving an attacker access to information and systems (“Top Risks”).  While difficult to guard against, an administrator should always keep security and application systems up to date; also ensuring services are not given privileged access or run as root user provides the best chance of defense (“Common Exploits”). Client-side applications are vulnerable as well. Directing users to websites with malicious scripting and spear phishing e-mail attacks help an attacker gain access to a network or system. Windows link files, Office documents, PDF documents, QuickTime videos and everything Flash has to offer have been used to attack and gain access from the client-side (“Top Risks”). Keeping systems up to date and trying to educate the user are primary methods of defense, but restricting use of and access to unneeded file types can be used when security requirements are greater.

Resource attacks attempt to bring a system down by compromising the physical resources of the system such as the memory or processor. Denial of Service (DoS) Attacks are happening more and more frequently as downloadable applications have made it trivial to send massive amounts of unrecognized data to a network or server (“Common Exploits”). This risk has become even more substantial in the light of distributed DoS (DDoS) attacks especially when under the control of a single individual or group in the form of a botnet. Implementing systems that recognize and block or ignore data generated for DoS attacks is one of the most effective ways to ensure legitimate traffic can still be processed quickly.

While these are only a few of the potential attacks a network may face, the most common attacks are often the most destructive. A network may never be completely safe but proper administration, up-to-date systems, quick action and effective testing are the components of strong security. Common attacks change as new exploits are discovered, but often have roots in exploits from the past. Staying current about vulnerabilities and security news while maintaining a strong awareness and understanding of old exploits will also give an administrator a substantially better chance at success.