3 Types of Network Attacks to Watch Out For
1. Reconnaissance Attacks
Reconnaissance attacks are general knowledge gathering. These attacks can happen in both logical and physical approaches. Whether the information is gathered via probing the network or through social engineering and physical surveillance, these attacks are preventable.
Some common examples of reconnaissance attacks include packet sniffing, ping sweeping, port scanning, phishing, social engineering and internet information queries. We can examine these further by breaking them into the two categories of logical and physical.
This refers to anything that is done in the digital spectrum and doesn’t require a human on the other side to complete the reconnaissance attack.
Ping Sweeps and Port Scans
There are two methods of discovering both if the system is there and what it is looking for on the network.
An example of a return on a port scan would be discovering that an IP address was listening on port 443 for HTTPS traffic. That allows the hacker to know that they can attempt exploitation geared towards HTTPS.
Additionally, here we see information queries over the internet. These are sometimes called whois queries. All domains registered to independent companies belong to a domain provider somewhere. These domain management platforms handle the exchanges and maintenance of domain names from conception to expiration.
These domain hosting services typically offer a lot of information relative to an organization to include points of contact and contact information. All of this makes the information gathering that much easier when you contact a company having legitimate information of persons of interest.
This crosses the lines of what a network admin has control of.
There are elements that will never be protected fully like locations as well as security elements like cameras, mantraps, door locks or guards. However, these can play into physically securing a network.
For example, bank security may be limited in the ability to stop an extremely well-orchestrated heist attempt to what that security team has prepared for, but the simple fact that a bank has security in place creates the potential to deter most lower to mid-level criminals who would make the attempt.
That is the same idea that goes into most physical security measures for network protection. Reconnaissance, as we have established, is the collection of information from any available sources. If the surveyor cannot access the information easily, it can deter the collection altogether or force them into a more logical realm.
Either of these options from the surveyor would be beneficial to the network team, as it drives the reconnaissance into a more controllable atmosphere.
The solution to Reconnaissance Attacks
For these kinds of attacks, it is inevitable that some information will be available as some details and company information needs to be publicly accessible. However, through training and simple steps at the developmental level, mitigation steps can be taken to prevent this from compounding into a bigger issue.
Try to limit what is posted about a company’s contact information.
Edit banner returns for banner-grabbing attacks so the information is limited to the attacker. If all the information for contacting the network admin or company representative is required, be sure that personnel is trained up on how to spot social engineering attacks.
This training needs to be extended out to all employees, as anyone is a risk of sharing company secrets if a social engineer is charismatic enough.
Here comes your Managed Services company doing penetration tests, training and other solutions to prevent any of those attempts and attacks. A qualified MSP can achieve access by any means necessary, and this can truly highlight what a real attacker is capable of.
Also, be sure to conduct audits of both the logical information as well as the physical security in place. If badges are being used, check logs and be sure personnel is following the guidelines of the access agreements.
2. Access Attacks
Access attacks require some sort of intrusion capability. These can consist of anything as simple as gaining an account holder’s credentials to plugging foreign hardware directly into the network infrastructure. The sophistication of these attacks ranges just as far.
Often these access attacks can be compared to reconnaissance in being either logical or physical, logical being over the net and physical usually leaning more towards social engineering.
Logical access attacks like exploitation through brute force attacks or testing passwords on the net by rainbow tables or dictionary attacks tend to create a ton of traffic on the network and can be easily spotted by even a lower experienced level network monitor.
It is for this reason that most logical access attacks are usually put forward after enough reconnaissance has been done or credentials have been obtained. There is also a tendency to lean on the passive side of attacking like a “man-in-the-middle” attack to try to gather more information before becoming overly suspicious.
Physical access is really either access to the hardware or access to the people. Social engineering is very dangerous and hard to defend against simply because your users are usually the weakest link in cybersecurity.
The easiest type of social engineering attack involves sending out phishing emails designed to hook someone or getting a key logger on a person’s internal computer to gain credentials that may escalate the privileges of the attacker.
Even the most secure networks can fall subject to these types of attacks simply because they play on humanity as it exists. Human error and lack of awareness are two of the most dangerous threats in cybersecurity.
The solution to Access Attacks
Enter your Managed IT Service provider – not as an excuse to place an ad. It’s just logical to hire a company with all the tools and staff to handle all scenarios for you.
This type of attack really comes down to network hardening. Most companies are limited to the capabilities of their equipment, so if your Cisco router is vulnerable to attack, then the best course of action is to know that attack, look for it and set rules on your network IDS/IPS for it.
And again, training training training.
Update often and regularly
This cannot be stressed enough in the computer industry.
Additional steps include monitoring the probing from any recently recognized reconnaissance attacks. If hackers are researching you, there is a greater possibility of future attack attempts.
Again, having a great MSP team to test and audit current security standings is paramount to your own Business Continuity.
3. Denial of Service Attacks
Denial of service (see DoS and DDoS) means that the network cannot move traffic in any capacity.
This can happen from power failure or flooding the network with junk traffic that clogs the network’s ability to function. Both have happened without any malicious intent but still result in loss. These can be prevented with physical and logical blockers.
To achieve a denial of service against an entire network, the attacker usually needs ample computer power on their end as well and often achieves this from a comparable network of devices that may or may not know they are involved.
This would be referred to as a botnet, and it can bring swift devastation to a network without any warning through a process called the distributed denial of service.
Essentially, the linked computers all fire off packets into the network simultaneously. A computing resource may seem superior to humankind, but like us, a computer can only perform one action at a time, so flooding the network with these packets generates a need to respond, and if the network cannot keep up with the responses, then the network simply cannot function.
Another type of denial of service attack would be a crash to the system. This system crash can cause temporary or permanent damage to a network. The idea is like a flood where the attacker simply wants to render the network inoperable.
The permanent damage would be considered a destructive denial of service where the temporary denial of service is just a crasher.
The Solution to Denial of Service Attacks
DoS and DDoS attacks defense walk in parallel with access attack defense ideology. Protecting against these attacks can include a few options from maximizing bandwidth allocation to network isolation based on traffic types.
If your webserver is attacked, you do not want that to affect the mail server or back-end network management devices. Combine this effort with limiting privileges and roles.
Hardening network devices is always a best practice. Ensuring all systems hardware and software is updated and patched regularly is a good habit for an organization. Controlling traffic flows is a great way to stop these attacks.
Also, know the vulnerabilities that can affect you.
It is a dream to believe a network infrastructure is invulnerable.
However, the possibility of being protected and reducing your IT costs by 25% to 30% is real.
Fundamentally, it comes down to knowledge of what can happen to your network, your equipment, and training up the staff.
Having a highly-skilled team, we have the know-how and perform the actions above on a daily basis with great success to our Clients as reported by their enthusiastic Testimonials. Reach out to us today. We stand ready to help.
Tampa Bay Office: (813) 489-4122 | Washington D.C. Office: (703) 260-1119