Today, the number of people using Internet is skyrocketing. The Internet is playing a key role in keeping communications between people and became an essential part of our lives. Many of us, however, are ignorant about network security and its importance. Can we assume that this gigantic cyber space is safe? What if some groups of bad guys attack vulnerable points of the network for their own benefits? To prevent such threat, we need strong network security system.
Because computer network is an aggregation of many different technologies, there exists several different kinds of malicious software and attacks. Let's go over some of them.
Denial of Service Attack (DoS) & Distributed Denial of Service Attack (DDoS)
A denial of service attack is an attack on a network that is designed to bring the network to its knees by flooding it with garbage traffic (traffic refers to the load on a network or server system) or disabling the system. Perpetrators of DoS attack typically target sites or services with high-profile web servers such as banks. Many Dos attacks, such as Teardrop attacks and the Ping of Death, exploit limitations in the TCP/IP protocols.
The main goal of a DoS attack is to prevent legitimate users of a service from using that service. The most common ways of DoS attack is consuming computational resources such as memory or bandwidth of a network. Other popular method is disrupting configuration information such that users trying to reach servers are directed to wrong web servers. Distributed Denial of Service attack is a type of DoS attack occurs when multiple systems flood system resources of a targeted system.
Impersonation
Impersonation is an attack that steals access rights of authorized users. For example, imagine a telnet user login into network from terminal. Then attacker with network sniffer such as tcpdump can capture complete login session. The attacker later logs into the system with user-id and stolen password and can impersonate the victim. To prevent impersonation, applications need to encrypt data to protect its traffic.
DNS Spoofing
Generally, DNS spoofing is the trick of making a DNS entry to point to some IP other than it would be supposed to direct to. In other words, DNS spoofing is a technique used to hijack the identity of the server by supplying false DNS information to a host. For example, if you try to browse to Google, the computer that you use will make the changes from the domain name www.google.com to its unique IP address. When you send the query to the DNS server, the attacker can manipulate the DNS information, and can eavesdrop your data.
HTML Injection
HTML injection refers to injecting HTML code in a web servers response to alter the content to the end user and is also also known as code injection. The result of HTML injection can be disastrous, for injection can deviate the course of execution of the web servers. Fortunately, HTML injection now can efficiently be prevented by using parsing program that removes HTML tags from the inputs.
Trojan Horse
Trojan horse, commonly known as Trojan, is a software that appears to perform a useful function before it actually runs. However, it corrupts the system or steals information from the system once it is executed without any user intervention.
Spyware
Spyware refers to programs that surreptitiously monitor activity on a computer system and report the information back to the attacker without user's permission. Usually, the presence of spyware is hidden from the user and there can be very difficult to detect and remove. Spyware collect various types of personal information such as browsing history.
Types of Security
Even though such attacks described above can bring devastating consequences, there are many powerful ways to defend ourselves.
Firewall
A firewall is a set of programs, located at a network gateway server, which protects the resources of a private network from users from other networks. What firewall basically does is that it filters traffic that is potentially dangerous. It examines each network packet to determine whether to forward it toward its destination. Firewall can be implemented in both hardware and software, or a combination of both.
There exists several types of firewall techniques:
Packet filtering - Each network request is consisted of set of packets. By using packet filtering firewall, the system can examine each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Even though this approach is relatively simple to implement and easy to use, it is vulnerable to many different kinds of attacks such as DNS spoofing.
Application gateway - This approach applies security mechanisms to specific applications, such as Telnet servers. Application gateway is a very effective method, but it consumes a high amount of system resources.
Proxy server - Proxy server is basically a server that sits between a client and a real server and handles additional jobs for the real server. A firewall can be implemented to act as a proxy server, hiding the true network address of the systems connected to it. Proxy server intercepts all messages entering and leaving the network and filters potentially dangerous traffics.
Public-key Cryptography
Public-key cryptography is one of the most important technique in Internet security. This system uses two keys for encryption -- a public key known to everyone and a private key known only to the recipient of the packet. The key concept of this technique is that public and private keys are related such that only the public key can be used to encrypt packets and only the appropriate private key can decrypt them. As long as the private key is exposed, packets being transferred are safe to spoofing, since it is almost impossible to decrypt the packet without the private key, given only to the recipient of the packets.
Let's see how this technique works with an example. In the figure above, a recipient --let's say Sue-- provides a public key to the sender, Bob. Then, Bob uses this public key to encrypt the plaintext to ciphertext. After that, Bob sends the cipertext to Sue. Sue, the recipient, has the private key that is not known to anyone else but her and uses this private key to decrypt the cipertext into the plaintext.
There are several different approaches that utilizes public-key cryptography technique, and secure sockets layer (SSL) and transport layer security (TLS) are one of them.
Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Protocol
A popular implementation of public-key encryption is the secure sockets layer (SSL). Originally developed by Netscape, SSL is an Internet security protocal used by Internet browsers and servers to transmit sensitive data. SSL now has become part of an security protocol known as Transport Layer Security (TLS).
Conclusion
We went over different types of attacks and security techniques in Internet. Today, as Internet gets more popular, the number of malicious attacks through the network is increasing. Thus, we should always beware of the potential danger from the network and be prepared to defend ourselves from such attacks.
Sources
http://en.wikipedia.org/wiki/Internet_security
No comments:
Post a Comment