Network Attack Types
There are 2 types of attacks in general, either they are passive, meaning information is being screened and monitored ; other attacks are active, which means that the information is altered with the intent to modify or destroy the data or the network itself.
Without protecting your computer and system, your data might be go under to an attack.
Your networks and data are vulnerable to any of these attacks if you have no protection and security plan:
1. Password-Based Attacks
Password-based access control is a common factor of most operating system and network security plans. This means your access rights to a computer and network resources are determined by your user name and your password.
Older applications do not always protect identity information as it is passed through the network for validation. This might allow an “eavesdropper” to gain access to the network by posing as a valid user.
In general, the majority of network communications occur in an unsecured or “clear text” format, which allows an attacker who has gained access to data paths in your network to “listen in” or interpret (read) the traffic.
When an attacker is eavesdropping on your communications, it is referred to as “sniffing” or “snooping”. In an enterprise, the ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face.
Without strong encryption services that are based on cryptography, your data can be read by others easily as it traverses the network.
3. Data Modification
After an attacker has seen and read your data, the next logical step he will most probably take is altering it.
An attacker can modify the data without the knowledge of the sender or receiver. Even if you do not require confidentiality for all communications, you do not want any of your messages to be modified in transit. For example, if you are exchanging purchase requisitions, you do not want the items, amounts, or billing information to be modified.
4. Identity Spoofing (IP Address Spoofing)
Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet.
When an attacker gains access to the network with a valid IP address, he can modify, reroute, or delete your data and conduct other types of attacks.
When an attacker uses valid user account, the attacker acts as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.
An attacker can do any of the following after gaining access to your network:
• Modify, reroute, or delete your data.
• Obtain lists of valid user and computer names and network information.
• Modify access controls and routing tables.
• Changes server and network configurations.
5. Compromised-Key Attack
A key is a secret code or number that is needed to interpret secured information.
Although obtaining a key is a difficult and resource-intensive process for an attacker, it is possible.
After an attacker obtains a key, that key is referred to as a “compromised key”.
An attacker uses the compromised key to gain access and attack a secured communication channel without the sender or receiver being aware.
With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.
6. Denial-of-Service Attack
The denial-of-service attack prevents normal use of your computer or network by valid users which is different from a password-based attack.
The attacker can do any of the following after gaining access to your network:
• Block the traffic, resulting in a loss of access to the network by authorized users.
• Send invalid data to applications or network services causing unexpected behavior of the applications or services.
• Flood a computer or the entire network with traffic until an overload happens causing shutdown.
• Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.
7. Man-in-the-Middle Attack
A man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently.
When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data exactly.
For example, the attacker can re-route a data exchange.
Man-in-the-middle attacks are like someone assuming your identity in order to read your communications. The person on the other end may believe it is you because the attacker might be actively replying as you to keep the exchange going and get the desired information.
This attack is capable of the same damage as an application-layer attack.
8. Application-Layer Attack
An application-layer attack targets application servers by causing a fault in a server’s operating system or applications.
The attacker gains the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do the following:
• Read, add, delete, or modify your data or operating system.
• Introduce a sniffer program that analyzes your network and gains information that can be used to crash or to corrupt your network and systems.
• Introduce a virus program that uses your computers and software applications to copy viruses throughout your network.
• Disable other security controls to enable future attacks.
• Abnormally terminate your operating systems and data applications.
9. Sniffer Attack
A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets.
A sniffer provides a full view of the data inside the packet.
Even If the packets are not encrypted, encapsulated packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.
Using a sniffer, an attacker can do any of the following:
• Read your communications.
• Analyze your network and gain information to cause your network to crash and become corrupted.
Now this was the general interview about network attack types,
Let’s get started about how hackers or cyber criminals executes these attacks.
To simplify things, most of network attackers use a powerful tools to gain access the data on a network:
1.Metasploit Framework – an open source tool for exploit development and penetration testing Metasploit is well known in the security community. Metasploit has exploits for both server and client based attacks; with feature packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go to tool if you want to break into a network or computer system.
Defending against Metasploit:
- Keep all software updated with the latest security patches.
- Use strong passwords on all systems.
- Deploy network services with secure configurations.
2.Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW!
Defending against Ettercap:
- Understand that ARP poisoning is not difficult in a typical switched network.
- Lock down network ports.
- Use secure switch configurations and NAC if risk is sufficient.
3.sslstrip – using HTTPS makes people feel warm, fuzzy and secure. Using sslstrip this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords and emails from your boss all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that warm and fuzzy feeling.
Defending against sslstrip:
- Be aware of the possibility of MITM attacks (arp, proxies / gateway, wireless).
- Look for sudden protocol changes in browser bar. Not really a technical mitigation!
4.evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, itunes, quicktime and winamp! It really whips the llamas ass!
Defending against evilgrade:
- Be aware of the possibility of MITM attacks (arp attacks, proxy / gateway, wireless).
- Only perform updates to your system or applications on a trusted network.
5.Social Engineer Toolkit – makes creating a social engineered client side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open source client side attack weapon of choice.
Defending against SET:
- User awareness training around spear phishing attacks.
- Strong Email and Web filtering controls.
6.sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting sql injection; but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system.
Defending against sqlmap:
- Filter all input on dynamic websites (secure the web applications).
- Use mod_proxy or other web based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).
7.aircrack-ng – breaking holes in wireless networks for fun and profit. A suite of tools that enables all manner of wireless network attacks.
Defending against aircrack-ng:
- Never use WEP
- When using WPA2 with pre-shared keys, ensure passwords are strong (10+ characters non-dictionary based passwords).
8.oclHashcat – Need to get some passwords from the hashes you grabbed with sqlmap? Use this tool to bust them open. Over 48 different hashing algorithms supported. Will use the GPU (if supported) on your graphics card to find those hashes many times faster than your clunky old CPU.
Defending against oclHashcat:
- Passwords are the weakest link. Enforce password complexity.
- Protect the hashed passwords.
- Salt the hashes.
9.ncrack – Brute force network passwords with this tool from Fyodor the creator of Nmap. Passwords are the weakest link and Ncrack makes it easy to brute force passwords for RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
Defending against ncrack:
- Use strong passwords everywhere.
- Implement time based lockouts on network service password failures.
10.Cain and Abel – Cracking passwords, sniffing VOIP and Man in the Middle (MITM) attacks against RDP are just a few examples of the many features of this Windows only tool.
Defending against Cain and Abel:
- Be aware of the possibility of MITM attacks (arp attacks, untrusted proxy / gateway, wireless).
- Use strong passwords everywhere.
11.Tor – push your traffic through this onion network that is designed to provide anonymity to the user. Note your traffic from the exit node is not encrypted or secured. Make sure you understand what it does before using it, Tor provides anonymity not encrypted communication.