Denial of Service (DDOS attacks)

A Distributed Denial of Service attack is a method of overloading a website with unwanted traffic. Typically many hundreds of thousands of "zombie" computers are used to access a web site at the same time, flooding it with traffic that it cannot handle. this makes the website very slow and may even force the server to lock up or crash.

A zombie computer could be a legitimate computer that has been infected with malware. The user will be completely unaware that their computer has been infected and will not notice anything unusual, when when it is being used for an attack. The network of zombies is referred to as a "botnet".

There are ways that a DDOS attack can be prevented. Monitoring software can check for large numbers of similar web requests and block or restrict the attack.

Data Interception and theft

Data travels across networks in packets, and these packets can be intercepted at any point in their journey. It is a relatively simple task to re-assemble messages from unencrypted packets and the data can be intercepted and stolen.

Another form of data interception is for an additional connection to be made to a network, simply by plugging in another network cable or connecting wires directly to the bare connections. Data stored on portable hard drives and USB pen drives is easily stolen.

To prevent data interception, all data should be encrypted. this makes it impossible to read the information itself and also makes the header information unreadable. Without the header information, related packets cannot be identified and re assembled.

The concept of SQL injection

When a website has an input box for users to enter information such as usernames and passwords, it could be possible to type text that also contains SQL statements. When the website software looks at what the user has entered, the SQL statement may be executed. It is relatively easy to create a SQL statement that will reset passwords, delete or alter information and even destroy the whole database.

Many websites use a database to store information, including Google, YouTube, PayPal, eBay, Cisco etc.

Exploits that have been identified must be patched quickly to reduce impact on businesses therefore important for organisations to update infrastructure regularly. Every time a user is able to type in text, it should be checked to see that it does not contain malicious code.

Should an attacker gain access to the database, they could:

• Bypass authentication procedures and impersonate specific users
• Execute queries, exposing data
• Altering data, resulting in data integrity issues
• Delete data

Poor Network Policy

When users are unaware of security risks related to using software, opening emails and making changes such as turning off firewalls, the network could be exposed to numerous threats.

A good network policy will make sure that everyone receives information about these risks, and coupled with restrictions placed on the computers which will limit and dangerous actions that the user may make, will minimise the risks.

The most common policy is the Acceptable Use Policy (AUP), which you have agreed to in our first ICT lesson.

Penetration Testing

Penetration testing is a tool used to test that networks are secure. Tests are performed under a controlled environment by a qualified person, who deliberately tries to break into a system or simulate a genuine cyber attack. It checks for current vulnerabilities and explores potential ones in order to expose weaknesses in the system so they cannot be maliciously exploited.

The person carrying out the simulated attack may use software and hardware tools to help them in their duties. Hardware can be used to create large volumes of simulated traffic, and specialist software can be created to simulate viruses and other malware.

Network policies

(see also "poor network policies" above)

A network policy defines how a system can be secured through specific rules or requirements, it explains how particular users should access and treat a system.

Network Policies can have specifies rules for use, for example:

• Who should access particular parts of a system (no distributing of passwords)
• What systems can be used for (eg. Work only / no personal use)
• How to handle specific systems like email (no passing chain mail)
• Acceptable Use Policy (may have to be agreed to and signed before a person can use a network)

Anti-malware software

The most common form of anti-malware software is given the generic title of "anti-virus software", although in practice anti-virus packaged can be very powerful and will do much more than just prevent viruses.

The anti-virus package will load when the computer is turned on and will constantly check for symptoms of an attack. If a virus or other piece of malware is detected, it will be prevented from operating and the file will be "quarantined" so that it cant cause any harm. Many viruses actively try to shut down the anti malware software and may not even cause an issue until they detect that the anti malware software is not operating.

Firewalls

A firewall can be a piece of software that performs a ‘block’ between a potential attacker and the computer system. The firewall software can be held on a server, or a standalone computer that will carry all traffic that is going to and coming from the systems internet connection.

All traffic on the network is sent in packets, and the packets each contain information in their header

The firewall software can monitor application and network usage and has the ability to block access from certain computer users and disable traffic that may be perceived as a threat. A firewall is not always 100% effective – an attacker could exploit a vulnerability which bypasses the firewall.

Many anti-malware packages have this feature built in.

Although rare, a firewall may be a dedicated piece of hardware that has the sole job of checking every single packet and will block any inappropriate traffic.

User access levels

Also known as system access rights, user access levels come under the system access control topic. They allow a system administrator to set up a hierarchy of users who have different permissions when they access different parts of the system.

Lower level users would have access to limited information and settings, whereas higher level users can access the most sensitive data on the system.

A good example is how a school network operates:

• Students will be able to read and write to their own user area. They will also be able to read documents (but not write) that are stored in a shared area.
• Staff will be able to read (but not write) work stored in the students folders. They will be able to create, edit and delete any files stored in the student shared area.

Passwords

A password is typically a string of characters used to gain access to a service or system. It is also possible to use a biometric password, where a fingerprint reader, iris scanner or even facial recognition software is used to validate that the user is actually genuine. Special hardware "dongles" can also be used which should be inserted into the computer before anyone can access the computer.

When text based passwords are used, a password policy may be enforced by the computer system which will force a user to have a "strong" password." Password length may be checked and any short passwords will be rejected. The longer the number of characters, the more difficult it is to actually guess the password. The password policy may also force users to change their passwords regularly and may prevent them from using a password again.

Encryption

Encryption is where data is translated into code so that only authorised users, or users with the key can decrypt and read. Users must have the key in order to decrypt the coded file.

A good example, although far too simple to be effective on a computer network, is the Caeser Cipher. This was invented by Julius Caesar and designed to keep his messages secret. It works by encrypting messages through movement of each letter a certain number of places to the left or right in the alphabet. The key tells us how many places that the letters have been moved.

Let’s say we received the message ABZOVMQBA with and the key was 3:

...you can see that the decrypted message is the word DECRYPTED.