Check other parts:
- Types of Network Damage
- Why in the heck do I get attacked?
- Malware Part 1
- Malware Part 2
- Malware Part 3
- Botnets Part 1
- Botnets Part 2
I decided to start the course with the most fundamental stuff “Know your enemy” !! So this post is about the first thing that you need to know, which is what are the types of Network attacks?
Don’t under estimate this knowledge, as knowing what you are facing is the first step towards protecting your network.
Network attacks can be divided to:
- Passive Attacks: simply listening to your network traffic and may capture sensitive information, or scanning your IP ranges without doing an action.
- Active Attacks: an attacker is actively going after your protected resources and trying to get access to it, by modifying or injecting traffic.
We can also divide attacks to two categories:
- Automated Attacks: Nowadays, we have the automated attacks. The vast majority of attacks that we hear about are automated attacks, where the attacker creates a tool that attacks the network by itself. Those tools can get so intelligence.
To give a simple example, worms are the famous type of automated attacks. Those automated attacks uses vulnerability in a system and use it, so the best way of defense against those automated attacks are patching your systems and to monitor your network for suspicious events.
- Manual Attacks: the attacker is actively analyzing your network and act accordingly. Those types of attacks are much rarer and the most dangerous types of attacks.
Some people will go further and divide network attacks to four types even:
- Passive Automated: like sniffers that automatically replay an authentication sequence and stroke logger that automatically sends data to the attacker.
- Passive Manual: sniffer that only listen to traffic by an attacker, especially wireless network. Nothing to worry about unless it is escalated to another type of attack, which is the most likely.
- Active Automated: like worms and distributing attacks where the attacker uses thousands of hosts to target a single network to cause denial of service attack.
- Manual Active: this is the most attack that you should worry about, where someone is intentionally targeting you and your organization. Attackers in this case have time, skill, and resources to do the job and hide their attacks. If the attacker is skilled, you may never even know you got attacked.
So which of those attacks we should worry about? It is not the first two, and to some extend not even the third (as you can patch your systems). The attack that worries us is the one where someone adds himself to your payroll.
Don’t get me wrong, all the attacks can cause incredible amounts of damage. An active automated attack in the form of a worm is designed to cause widespread damage, but because it is designed to attack as many systems as possible, it is by necessity generic in nature. The basic principle behind worms is usually to cause maximum amount of harm to the greatest number of people.
What you should do now ?
I think that you need to start worrying about the first two attacks, then do the necessary to protect yourself against the third attack, and finally raise your bars and start working on preventing the chance for a fourth type of attacks(Manual Active).
Great job, you have earned your first certificate to become a security Expert… I will see you in the next lesson.
References: sessions and theories from Steve Riley and Jesper Johansson