Security Academy – Course 102: Types of Network Damage

Check other parts here:

I am under attack !!! Bad for you, but what damage can I expect from getting attacked? Let me talk from my experience and from a lot of theory that i have read in the past years.

Since we have four types of network attacks, we also have four types of network damage:

1. Denial of Service DoS:  the simplest and most obvious type of damage, where the attacker slows down or disrupts completely services of your infrastructure or portion of it. In some cases, this could be crashing or destroying a system or simply flooding your network and IP ranges with so much data that it is incapable of servicing legitimate requests.

In a flooding scenario, it usually comes down to a matter of bandwidth or speed, whoever has the fattest pipe or fastest computers usually wins. In simple automated attack, moving the computers or service IP to different IP address can mitigates the attack.

Do not ever underestimate DoS attack. No matter how much you think your network is secure, an attacker from his home can flood your external IP ranges and brings your whole published services down. Some attackers simply flood your public DNS IP ranges, make them inaccessible for legitimate requests, and thus bringing your whole published services down since everything depend on DNS.

Even more, nowadays DoS attacks are offered as payed service per hour !! So a determined attacker can ask one of those companies that sell this service, to flood your network public IP ranges for certain amount of money! Funny right.

We can see also DoS attacks in the form of distributed DoS attacks. The idea is pretty simple , an attacker tells all the computers on his botnet to contact a specific server or web site repeatedly. Attacker nowadays uses Zombie army and bots. Check out future courses in this academy to know about botnet and Zombie army.

ddos attack - 1221

2. Data Destruction:  more serious consequence attack than DoS. In this type of attack, you cannot access your resources because they are destroyed. This can be corrupted database files or operating system. This type of attack can be mitigated by maintaining backup copies of your data.

data destrcution - 2322

3. Information Disclosure: This damage can be more serious than data destruction because your public reputation can be affected. This happened to Microsoft on 2004 when someone posted portions of Microsoft Windows Source code on the Internet. This attack involved portions of intellectual property. Even more, in more sophisticated attack, the victim may not known for years weather any data was disclosed. This is exactly the the objective of government spies, to steal information such that they get an advantage while the enemy is unaware of what is happening.

Think of confidential trade secretes that can be used to undermine market share to cause embarrassment or to obtain access to money.

Some people argue that information disclosure is more serious than data destruction (that can be mitigated by going back to backup). After all, ask victims of identity theft if they would have rather had the criminal destroy their bank data rather than steal them.

Information Disclosure_232

4. Data Modification:  this can cause the most serious damage of all. The reason, as in the case of information disclosure is that it is very difficult to detect. Suppose that an attacker added him self to your payroll, how long will it take you to detect that? It depends on the company size.

data modification threat

Conclusion 

I read once that a big company forces all its employee to come and pickup their paychecks instead of getting them automatically deposited. Apparently, several fake employees were discovered in the process !!!

When Microsoft source code was discovered on the internet, the immediate concern was weather the attackers also been able to insert back door into the source code.

This type of damage can be so serious. Consider for example, what will happen if attackers modified the patient blood type data in a medical database, or tax information in an accounting database.

To learn more about those types of damage, just watch the news or browse the internet for such news, and you will be amazed.

7 comments on “Security Academy – Course 102: Types of Network Damage

  1. Pingback: Security Academy – Course 101: Know Your Enemy | Ammar Hasayen - Blog

  2. Pingback: Security Academy – Course 103 : Why in the heck do I get attacked? | Ammar Hasayen - Blog

  3. Pingback: Security Academy – Course 104 : Malware Part 1 | Ammar Hasayen - Blog

  4. Pingback: Security Academy – Course 104 : Malware Part 2 | Ammar Hasayen - Blog

  5. Pingback: Security Academy – Course 104 : Malware Part 3 | Ammar Hasayen - Blog

  6. Pingback: Security Academy – Course 105 : Botnets Part 1 | Ammar Hasayen - Blog

  7. Pingback: Security Academy – Course 105 : Botnets Part 2 | Ammar Hasayen - Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s