Securing Your Cyber Perimeter: A Comprehensive Guide to Network Attack Prevention
Known the frequency and variety of existing attacks as well as the threat of new and more destructive future attacks, network security has become a central topic in the field of computer networking.
Before knowing about the network Attacks we need to know few terms about cyber security —
Bot — Bot is a software application to run the automated and repetitive tasks, mostly these bots are used for web crawling through the internet.
Malware — It is the mostly used term in Cyber crimes like this is the Malicious Software the cyber criminals make use of to enter into our computer to steal all the personal information.
DNS Resolver — It is a server on the Internet that converts domain names into IP addresses. DNS Resolvers helps us simply our job of not remembering the IP address of the websites instead we can just type the domain name like the Google.com, Facebook.com etc.,
Zombie Bot — A zombie bot is either the program that combs the Internet looking to turn vulnerable machines into zombies or the computer that has been compromised.
DoS (Denial of Service) — A DoS attack renders a network, host, or other pieces of infrastructure unusable by legitimate users. DoS attacks typically function by flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to addition users. A DoS attack is characterised by using a single computer to launch the attack.
Now lets go deep into some of the networking attacks —
Botnets
It is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g. to send spam.
Some of the first bots use client server architecture — here bots acts as clients and connect to server called command and control center. If command center is compromised the entire bot net will be vulnerable Since, this command center gives the commands and bots execute them. So, the best architecture is peer to peer network.
Malicious bot — These are self propagating malware that infects computer and multiple computers effected with malicious bots forms a botnet
How these Botnets work ?
Initially, the Bot Master infects the severs with the malware. Since these compromised servers gives Commands and Controls to the network resulting in infecting the PC’s. Finally, compromised network of servers infects the hosts.
It turns compromised devices into ‘zombie bots’ for a botnet controller. A botnet attack is a large-scale cyber attack carried out by malware-infected devices which are controlled remotely.
Unlike other malware that replicates itself within a single machine or system, botnets pose a greater threat because they let a threat actor perform a large number of actions at the same time. So, This network can be increasing exponentially based on the vulnerabilities present in the network.
DNS Spoofing
Also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver’s cache, causing the name server to return an incorrect IP address.
Let us consider the example given below,
General case describes how a original DNS resolution works, Like Initially a DNS Server request sent to the domain name ‘example.com’, So, the DNS server process that request and find the ip address of the and results in opening the requested original page.
Where as in the second case, when the user requested for the same ‘example.com’ they will be directed to some malicious ip address which looks similar to the original page but has some malicious content in the page. If we tried to give our personal information this makes us more vulnerable to cyber threats by stealing our sensitive information.
DNS server request Returned IP address
General case 'example.com' '93.184.216.34'
DNS spoofing case 'example.com' '190.0.0.34' (example)DNS spoofing is primarily used by attackers to carry out attacks to steal sensitive user data. However, legitimate companies also resort to DNS spoofing from time to time. It is a known fact that some internet service providers (ISPs) have used DNS spoofing to enforce censorship and for advertising purposes.
Risks caused by DNS Spoofing
Confidential data theft — Used to steal the sensitive information like passwords.
System malware infection — The victim is tricked into installing malware on their own system. This results in opening a backdoor for some other cyber attacks.
Destroy or alter data — They will have the complete access to our hardware. So, they can delete or alter the original information.
Damage or destroy hardwares — They damages our machine even more making our machine slow and not accessible until we pay the ransom.
Man in the Middle Attack
Man-in-the-middle attacks (MITM) are a common type of cybersecurity attack that allows attackers to have an eye on the communication between two targets. The attack takes place in between two legitimately communicating hosts, allowing the attacker to listen to a private conversation, hence the name “Man-in-the-Middle.”
MITM Attack example
Let us consider two clients named Bob and Alice are having a private conversation, which needs to be confidential. Eve is the middle man with malicious intent tries to listen the entire conversation and makes changes to the information, by the time it reaches Bob. As a result, Eve is able to transparently hijack their conversation.
How to avoid MITM Attack ?
Keep the computer systems up to date. Use End-to-End Encryption.
Avoid connecting to Public WiFi like Coffee shops, Bus Stations., other public places. Else use VPN before connecting to Public WiFi.
Always use Multi-Factor Authentication and Secure the login credentials.
Deploy the latest versions of browsers and Security Applications.
Rootkits
Rootkit malware is a collection of software designed to give malicious actors control of a computer network or application. Once activated, the malicious program sets up a backdoor exploit and may deliver additional malware, such as ransomware, bots, keyloggers or trojans. Rootkits may remain in place for years because they are hard to detect, due in part to their ability to block some antivirus software and malware scanner software.
Rootkits spread in the same ways as any malware — email, USB drives, vulnerabilities, etc.
How to protect ourselves from RootKits ?
The best protection from rootkit malware is an endpoint protection solution that uses advanced technologies such as artificial intelligence,
Stop them before they execute.
Another key feature is continuous, auditable monitoring of each endpoint’s BIOS to prevent kernel rootkit attacks.
DDoS Attack
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
A DDoS attack is a cybercrime that aims to disrupt or shut down a website or service by flooding it with fake traffic from multiple sources.
It is just a flooding the DoS Attack from multiple computer sources which makes the site unusable.
How to Identify DDoS Attack ?
The obvious symptom of a DDoS attack is a site or service suddenly becoming slow or unavailable.
A flood of traffic from users who share a single behavioural profile, such as device type, geolocation, or web browser version.
Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes).
IP Spoofing
IP Spoofing is essentially a technique used by a hackers to gain unauthorized access to Computers. Making a fake IP address which looks to be legitimate. If we fall in the trap of IP Spoofing, some malicious softwares can be installed in our computer results in opening backdoors for new cyber threats like stealing sensitive information.
Risks of IP Spoofing
Denial of Service Attacks
Unauthorised access
Reputation damage to a Company
Data Interception
For more articles like this, please check the CyberSecurity Series in Madhu Sri Sushmitha Chowdary — Medium
Thank you 🙂
