Networks are never stable, and threats still exist. There are individuals who have a personal motive or work for someone who would like to manipulate the network's weakness. That is why keeping the network safe and stable is really important. Sagarmatha university, the university I work at has asked me for a study of their network security procedures. This is to ensure that their security infrastructure is intact and that they do a decent job of keeping threats at bay. We need to know about the types of threats we face to determine how secure a network is. There are two different types of attacks that can happen in many different ways, they are
Active attacks Network attacks by bypassers by attempting to hack through the use of malware, worms, or other security vulnerabilities. These attacks are used to access unauthorized data or to gain network administrator privilege and to use resources. Passive attacks Although active attacks were exploits used to break into a network through bypassers, passive attacks are when the attacker watches the network traffic for any contact of plain text that it may get. These could be anything from website data to login messages. The attacker tracks and captures the packets for unencrypted traffic. There are various attacks that can be used to attack a network. Some of the most used ones are listed below:
-DOS (Denial Of Service) DDOS(distributed denial of service)
-Brute Force Attack
Denial of service(DOS) Denial of service is a destructive attack by overwhelming it with too much traffic intended to pull down a website or network. To block people from entering the website or network they are targeting, hackers use DoS attacks, although these attacks typically do not result in the hacker's financial benefit, they can cost the company time and resources while their network is down, hackers usually execute these attacks to show off or simply to see if they can do it.
Distributed denial of service (DDOS) In this attack, the attacker takes control of computers all around the world. The attacker sends some malware through the medium of emails, fake websites, or other things like these. Once the malware is set up, the attacker has some kind of control over the computers, which they can use as Botnets that can do what the attacker wants, in this case, flood the server with requests. This attack is more widely used due to the presence of thousands or even millions of different sources and the server admin cannot determine which request is valid from which is not. Once, it crosses its limits, the server goes offline.
Bruteforce attack This attack is a way of using a hit and trial technique to break into a network or other password-protected facility. The Bruteforce attack is where all password combinations are attempted by the attacker before they get in. Through creating an automated program that checks passwords in multiple variations or methods, such as Dictionary assault, Fingerprint attack, Hybrid attack, Mask attack, Permutation attack, Rule-based attack, Table-Lookup attack and Toggle-Case attack, the attackers do this.
Viruses are the most prevalent source of system security threat, are man-made, and can propagate without ever detecting users from computer to computer and through networks. Nearly all viruses are connected to an application, ensuring that if you execute or open a viral file, the virus will only impact the computer. Without human activity to keep them going, viruses can not spread, which means people will unknowingly continue to spread the virus by sharing infected files and sending emails with attached viruses. Viruses can also replicate themselves, meaning that until all available memory has been used, a virus can copy itself over and over again, which will bring the computer to a halt.
Rootkits Another form of malicious software is rootkits, which are triggered before the operating system of your system has fully booted, making them difficult to spot. Rootkits can be concealed inside the program you uninstall or connected to emails you open on your device. A Rootkit would allow someone to manage your computer administratively, ensuring they can upload files, track user behavior, build secret user accounts, access logs, and even alter the configuration of the computers; all this makes them so dangerous without you even knowing. Data from terminals, network links, and even the keyboard can even be intercepted by Rootkits.
Worms are somewhat similar to viruses and are known as a form of the virus often. Worms can spread from machine to device, much like a virus, except without any human action, worms are able to fly and spread. Worms are particularly harmful because they can even self-replicate, which ensures that thousands of copies of themselves could be sent out if a single worm gets access to the computer. For example, a worm could send a copy of itself to everyone in your E-mail address book. Then, the worm will replicate itself once again and send itself out to everyone listed in each of the receiver's address books, this continues to happen over and over and can cause a huge devastating effect.
Describe how networked systems can be protected
Now that we have talked about the kinds of attacks and the real-life attacks, we now have to talk about how we can prevent that. Taking strong initiatives to prevent any attacks. Some of the ways a networked system can be protected are as follows:
Intruder Detection System
Encryption Mac association
WEP and WPA
The intrusion detection system is a system that detects any suspicious activities in the network and it notifies when such events occur. They are programmed to detect anomalous activities that come from an unexpected source. There are two types of IDS:
Host-based IDS are installed in devices in the network or individual hosts present in the network. This IDS only monitors the packets sent and received by the particular device. It cannot do that for other devices in the network. After a suspicious activity is detected, it alerts the user or administrator about it so relevant actions can be taken for it. I took a snapshot of existing system files and matched them to the previous snapshot. If critical system files are deleted or modified, an alert is sent to the administrator to investigate.
Network-Based IDS While host-based IDS were installed in individual devices, Network-based IDS are installed at strategic spots in the network. This could be at the point where most traffic goes from. The purpose is to monitor traffic to and from devices on the network. It performs an analysis of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator. An example of a NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall.
Encryption The most powerful way to protect data is encryption. Encryption effectively transforms the data into an unreadable format; to decode it you would then require a hidden key or password. It will be encrypted until it is transmitted when transmitting data and only decrypted when the other user receives it.
Mac association Another way to protect a network is to set up a MAC alliance by sending the DHCP server a list of all the MAC addresses you want to be able to reach the network. This ensures that the network would only be able to reach computers with one of the specified MAC addresses. You can't alter the MAC address of your device, which means it will be very difficult for an attacker to reach your network.
WPA and WEP WEP is short for the protection of wired equipment; it is a means of encrypting data over cellular IEEE 802.11 networks. WEP is designed to offer protection at the same standard as wired LAN networks. Wireless networks are distributed by radio waves, which means they are more susceptible to tampering. WEP is a very poor encryption system, so it is very easy to intercept files.WPA stands for Wi-Fi protected access, it is another method used to secure wireless networks. WPA was designed to work with existing Wi-Fi products already configured with WEP and improve upon WEPs security features.