1
Explain with examples, Vulnerability, Threat and attacks.

Mumbai University > Information Technology > Sem6 > System and Web Security

Marks: 8M

Year: May 2015

1
0

Vulnerability:

Vulnerabilities in network security can be summed up as the “soft spots” that are present in every network. The vulnerabilities are present in the network and individual devices that make up the network.

• Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses:

i. Technology weaknesses

Technological Weaknesses Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses.

Weakness Description
TCP/IP protocol weaknesses HTTP, FTP, and ICMP are inherently insecure. Simple Network Management Protocol (SNMP), Simple Mail Transfer Protocol (SMTP), and SYN floods are related to the inherently insecure structure upon which TCP was designed.
Operating system weaknesses The UNIX, Linux, Macintosh, Windows NT, 9x, 2K, XP, and OS/2 Operating systems all have security problems that must be addressed.

ii. Configuration weaknesses.

Configuration Weaknesses Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.

Weakness How the Weakness Is Exploited
Unsecured user accounts User account information might be transmitted insecurely across the network, exposing usernames and passwords to snoopers.
System accounts with easily guessed passwords This common problem is the result ofpoorly selected and easily guessed user passwords

iii. Security policy weaknesses

Security Policy Weaknesses Security policy weaknesses can create unforeseen security threats. The network can pose security risks to the network if users do not follow the security policy.

Weakness How the Weakness Is Exploited
Lack of written Security policy. Politics An unwritten policy cannot be consistently applied or enforced. Political battles and turf wars can make it difficult to implement a consistent security policy.
Lack of continuity Poorly chosen, easily cracked, or default passwords can allow unauthorized access to the network.

Threats

The people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses.

There are four primary classes of threats to network security

i. Unstructured threats:

$\hspace {2cm}$ a. Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.

$\hspace {2cm}$ b. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.

ii. Structured threats:

$\hspace {2cm}$a. Structured threats come from hackers who are more highly motivated and technically competent.

$\hspace {2cm}$b. These people know system vulnerabilities and can understand and develop exploit code and scripts.

$\hspace {2cm}$c. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.

iii. External threats:

$\hspace {2cm}$a. External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network.

$\hspace {2cm}$b. They work their way into a network mainly from the Internet or dialup access servers.

iv. Internal threats:

$\hspace {2cm}$a. Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.

$\hspace {2cm}$b. According to the FBI, internal access and misuse account for 60 percent to 80 percent of reported incidents.

Attacks

The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.

Four primary classes of attacks exist:

i. Reconnaissance

Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack.

ii. Access

System access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.

iii. Denial of service

Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.

iv. Worms, viruses, and Trojan horses

a. A computer virus is a program that is loaded on your computer without your knowledge and runs without your permission. A virus is designed to reproduce itself through legitimate processes in computer programs and operating systems; therefore, a virus requires a host in order to replicate.

b. The term, Trojan horse, is usually used to refer to a non-replicating malicious program which is the main characteristic that distinguishes it from a virus. Trojan horses often appear as e-mail attachments with enticing names that induce people to open them.

c. A worm is a small piece of software that uses security holes within networks to replicate itself. The worm scans the network for another computer that has a specific security hole. It copies itself to the new machine exploiting the security hole, and then starts replicating from that system as well.

0