1.4 β Network security
π1.4.1 Threats to computer systems and networks
This section covers:
Forms of attack:
Social engineering, e.g. phishing, people as the βweak pointβ
Brute-force attacks
Denial of service attacks
Data interception and theft
The concept of SQL injection
This unit looks at how networks can be vulnerable to many forms of attack, and measures that we can take that will make them more secure.
Malware
Malware is the name given to software that is malicious, i.e. it wants to cause harm to either you or the computer system.
There are many types of malware, and some malware can cause harm in several ways. The main ones are:
Viruses
A virus is malicious software designed to cause harm to a network or computer system. The virus attaches itself to programs or files on a computer or server and can affect all components of an operating system. There are around eighty thousand viruses computer made each day. Two infamous viruses were known as Stuxnet and CryptoLocker.
Worms
Unlike a virus, a worm does not need to attach to a program, instead it replicates itself in order to spread to other computers. They are often using a computer network. In order to do this, the worm exploits vulnerabilities across the computer network.
Trojan Horses
A Trojan horse is a malicious computer program that is designed to access a computer by misleading users of its intent. An example of a Trojan horse is an email appearing to have been sent from a bank asking to download security software which would improve security where in fact the software intention is to give unauthorised access to the system
Other Forms Of Attack
Social Engineering
Social Engineering attacks rely on human interaction (social skills). They usually involve an attacker contacting a legitimate computer user and tricking them into breaking normal security procedures. This method does not revolve around technical cracking techniques such as worms or viruses.
Attacks like this are referred to as "people are the weak link" attacks. The most security conscious person in the world can be lured into believing that the person they are talking to is genuine and that they are trying to help them.
How the attack is used
A social engineering attack usually involves one human trying to get another human to reveal information such as passwords or personal information which can be used to steal someones online identity.
Purpose of the attack
This kind of attack is used to gain unauthorised access to a computer system. This may be to steal data or make changes to the system that could cause further damage. Social engineering attacks are also used in identity theft which involves fake accounts being set up in order to steal money or goods.
Example of Social Engineering - Phishing
This method is a direct phone calls that pretend to be an official service. A good example would be when a telephone phishing system would request similar prompts to a bank if the exploit was to gain banking information. Users could be asked to enter bank number, expiry, CCV, PIN and system may reject or ask for re-entry to ensure original digits are correct.
Sometimes, a website will ask users to contact their bank using a weblink, or telephone number that is not the real one. Even if users stop the call, it is possible for the person on the other end of the phone line to still maintain the phone connection, and when the user tries to make another phone call, they may still be connected to the phishing phone caller.
Brute force attacks
A brute force attack is an attempt to crack a password or username or find a hidden web page, or find the key used to encrypt a message, using a trial and error approach and hoping, eventually, to guess correctly.
A brute force attack can be used for gaining access to password-based entry systems, one method would consist of an attacker trying possible passwords and passphrases until a correct one is found. Automated attacks may use a long list of words, even a complete dictionary, one word at a time until a correct password has been found.
How the attack is used
A brute force attack can use a large network of computers that have been compromised (they have a virus which allows other people to control them via the Internet) to attack a single website or network.
Purpose of the attack
A brute force attack is used to find out a password and enable the attacker to then logon using a correct username and password. They will then be able to steal data or cause further harm.
Denial of Service (DDOS attacks)
How the attack is used
A Distributed Denial of Service attack is a method of overloading a website with unwanted traffic. Typically many hundreds of thousands of "zombie" computers are used to access a web site at the same time, flooding it with traffic that it cannot handle. this makes the website very slow and may even force the server to lock up or crash.
A zombie computer could be a legitimate computer that has been infected with malware. The user will be completely unaware that their computer has been infected and will not notice anything unusual, when when it is being used for an attack. The network of zombies is referred to as a "botnet".
Purpose of the attack
The purpose of a denial of service attack is to prevent legitimate users being able to use a website or network. DDOS attacks are sometimes carried out against businesses to prevent them trading, but they can also be done against organisations that are not commercial such as when a disgruntled student attacks a school system.
Data Interception and theft
How the attack is used
Data travels across networks in packets, and these packets can be intercepted at any point in their journey. It is a relatively simple task to re-assemble messages from unencrypted packets and the data can be intercepted and stolen.
Another form of data interception is for an additional connection to be made to a network, simply by plugging in another network cable or connecting wires directly to the bare connections. Data stored on portable hard drives and USB pen drives is easily stolen.
To prevent data interception, all data should be encrypted. this makes it impossible to read the information itself and also makes the header information unreadable. Without the header information, related packets cannot be identified and re assembled.
Purpose of the attack
The purpose of this form of attack is to gain personal information to fraudulently gain access to accounts of innocent people. Once access has been gained, the account is either used to attack others, or money is transferred to a third party without the owners knowledge or consent.
SQL injection
How the attack is used
When a website has an input box for users to enter information such as usernames and passwords, it could be possible to type text that also contains SQL statements that will be executed by the web site and update the database that the website is using. When the website software looks at what the user has entered, the SQL statement may be executed. It is relatively easy to create a SQL statement that will reset passwords, delete or alter information and even destroy the whole database.
Many websites use a database to store information, including Google, YouTube, PayPal, eBay, Cisco etc.
Exploits that have been identified must be patched quickly to reduce impact on businesses therefore important for organisations to update infrastructure regularly. Every time a user is able to type in text, it should be checked to see that it does not contain malicious code.
Purpose of the attack
Should an attacker gain access to the database, they could:
Bypass authentication procedures and impersonate specific users
Execute queries, exposing data
Altering data, resulting in data integrity issues
Delete data
Quick Test - will be here (Requires login)
Other Resources for this topic
Past Paper Questions
Click to make a copy of these documents:
π 1.4 Security Past Papers Q1
π 1.4 Security Past Papers Q2