Network Security Threats

Trojan horses, worms and DoS (denial of service) attacks are often maliciously used to consume and destroy the resources of a network. Sometimes, misconfigured servers and hosts can serve as network security threats as they unnecessarily consume resources. In order to properly identify and deal with probable threats, one must be equipped with the right tools and security mechanisms. In this article we will discuss some of the best practices for identifying and dealing with such threats.

Types of Network Threats

Most experts classify network security threats in two major categories: logic attacks and resource attacks. Logic attacks are known to exploit existing software bugs and vulnerabilities with the intent of crashing a system. Some use this attack to purposely degrade network performance or grant an intruder access to a system.

One such exploit is the Microsoft PnP MS05-039 overflow vulnerability. This attack involves an intruder exploiting a stack overflow in the Windows PnP (plug and play) service and can be executed on the Windows 2000 system without a valid user account. Another example of this network security threat is the infamous ping of death where an attacker sends ICMP packets to a system that exceeds the maximum capacity. Most of these attacks can be prevented by upgrading vulnerable software or filtering specific packet sequences.

Resource attacks are the second category of network security threats. These types of attacks are intended to overwhelm critical system resources such as CPU and RAM. This is usually done by sending multiple IP packets or forged requests. An attacker can launch a more powerful attack by compromising numerous hosts and installing malicious software. The result of this kind of exploit is often referred to zombies or botnet. The attacker can then launch subsequent attacks from thousands of zombie machines to compromise a single victim. The malicious software normally contains code for sourcing numerous attacks and a standard communications infrastructure to enable remote control.

Seek and Destroy

The first step in training your staff to identify network security threats is achieving network visibility. This concept is all rather simple as you cannot defend against or eradicate what you can't see. This level of network visibility can be achieved with existing features found in devices you already have. Additionally, you can create strategic diagrams to fully illustrate packet flows and where exactly within the network you may be able to implement security mechanisms to properly identify and mitigate potential threats.

You must establish a baseline of normal network activity and patterns in order to detect abnormal activity and potential network security threats. Mechanisms like NetFlow can be integrated within your infrastructure to help effectively identify and classify problems. Prior to implementing such a system, you should perform some sort of traffic analysis to fully comprehend the rates and patterns of general traffic. In a successful detection system, learning is achieved over a huge interval which includes the peaks and valleys of network activity.

The best defense against common network security threats involves devising a system that is adhered to by everyone in the network. Furthermore, you can strengthen your level of security with reliable software that makes this process much easier.


Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.