Network Security Attacks and Defence
Network Security Attacks and Defence
Network Security Attacks and Defence
I. INTRODUCTION
Network security refers to protecting the websites domains or servers from various forms of attack.
Network security is important in every field of todays world such as military, government and even in
our daily lives. Having the knowledge of how the attacks are executed we can better protect ourselves.
The architecture of the network can be modified to prevent these attacks, many companies use firewall
and various polices to protect themselves. Network security has a very vast field which was developed in
stages and as of today, it is still in evolutionary stage. To understand the current research being done, one
must understand its background and must have knowledge of the working of the internet, its
vulnerabilities and the methods which can be used to initiate attacks on the system. Internet has become
more and more widespread, in today's world internet is available everywhere in our house, in our work
place, mobiles, cars everything is connected to the internet and if an unauthorized person is able to get
access to this network he can not only spy on us but he can easily mess up our lives.
A network consists of routers from which information can be easily stolen by the use of malwares such as
a Trojan Horses. The synchronous network consist of switches and since they do not buffer any data
and hence are not required to be protected. Network security is thus mainly focused on the data
networks and on the devices which are used to link to the internet.As forecasting goes for the field of the
network security it can be said that some new trends are emerging some are based on old ideas such as
biometric scanning while others are completely new and revolutionary.
Email is a widely used
service today and it is also contain many serious flaws, there is no system of authenticating the sender as
well as the recipient, it is stored in multiple places during transmission and can be easily intercepted and
changed. SPAM are serious security threat they only require very less manpower but affect millions to
billions of Email users around the world, they can malicious link or even false advertisements.
A
network contains many vulnerabilities but most of them can fixed by following very simple procedures,
such as updating software and correctly configuring network and firewall rules, using a good anti-virus
software etc.In this report most of the basic information regarding network security will be outlined such
as finding and closing vulnerabilities and preventing network attacks and also security measures
currently being used.
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
This type of attacks includes attempts to break the system using observed data. One of its example is
plain text attack, where both the plain text and cipher text are already known to the attacker.
Properties of passive attacks are as follows:
Interception: The data passing through a network can be easily sniffed and thus attacking the
confidentiality of the user, such as eavesdropping, "Man in the middle" attacks
Traffic analysis: Also attacks confidentiality. It can include trace back on a network like a CRT
radiation.
B. Active Attacks
In this attack the attacker sends data stream to one or both the parties involved or he can also completely
cut off the data stream. Its attributes are as follows:
Interruption: It prevents an authenticated user form accessing the site. It attacks availability. Such as
DOS attacks.
Modification: In this the data is modified mostly during transmission. It attacks integrity.
Fabrication: Creating counterfeit items on a network without proper authorization. It attacks
authentication.
C. DOS Attack
DOS attacks today have become a major threat to network security all over the world. They can be easily
launched by anyone with the basic knowledge of network security. They dont require as much time and
planning as some other attacks, in short they are cheap and efficient method of attacking networks. They
can shutdown the company network by overflowing it with requests and thus affects availability of the
network. With the help of easy to use network tools such as Trinoo, which can be easily downloaded of
the internet any normal user can initiate an attack. DOS attacks usually works by exhausting the targeted
network of bandwidth, TCP connections buffer, application/service buffer, CPU cycles, etc. DOS attacks
use many users connected to a network known as zombies most of the time users are unaware of that
their computer is infected [8].
1. Different Types of DOS Attacks.
Many attacks are used to perform a DOS attack so as to disable service. Some of which are as follows: TCP
SYN Flooding. When a client wants to connect to the server, the client first sends to an SYN message to
the server. The server then responds to the client by sending a SYN-ACK message to the client. The client
completes the connection by sending an ACK message. The connection is now established and data can be
transferred easily. The problem arises when the connections remain half open and the server waits for
the client side to send an ACK message. This takes system resources and the server will wait till the
expiration date. The person exploiting the server will never send the ACK message and will keep on
sending new connection demand, till the server is overloaded, thus cannot provide access [3].
ICMP Smurf Flooding: ICMP package is used to know whether the server is responding or not. The server
replies with an ICMP echo command. In smurf attack the attacking host forges the ICMP echo requests
having victims address as the source and the broadcast address of remote networks. These computers
will then send back ICMP echo reply package to source, thus congesting victims network.
9 | 2014, IJAFRSE All Rights Reserved
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
UDP Flooding: Many networks now use TCP and ICMP protocols to prevent DOS attacks but a hacker can
send large number of packages as UDP overloading the victim and preventing any new connection.
D. Types of Network Security
The different types of network security are as follows [3]:
Table 1: Types of Network Security
Security by Obscurity
Defence in Depth
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
It is the most widely sold and available network security tool available in the market. This is the wall
which stands between the local network and the internet and filters the traffic ad prevents most of the
network attacks.There are three different types of firewalls depending on filtering at the IP level, Packet
level or at the TCP or application level [11]. Firewalls help preventing unauthorised network traffic
through an unsecured network to a private network. They can notify the user when an untrusted
application is requested access to the internet. They also create a log of all the connections made to the
system. These log can be very harmful in case of any hacking attempts. Firewalls only works if they are
correctly configured, if somebody makes a mistake while configuring the firewall, it may allow
unauthorised to enter or leave the system. It takes certain knowledge and experience to correctly
configure a firewall. If the firewall goes down one cannot connect to the network as in a case of DOS
attack. Firewall also reduces the speed of network performance as it examines both incoming and
outgoing traffic. Firewall does not manage any internal traffic where most of the attacks come from. Many
companies are under false assumptions, that by just using a firewall they are safe, but the truth is they
are not, firewall can be easily be circumvented. The best thing while configuring firewall is to deny
anything that is not allowed [12].
C. Encryption
Using encryption methods one can prevent hacker listening onto the data because without the right key it
will just be garbage to him.Different encryption method such as using HTTPS or SHTTP during the
transmission of data between the client and user, will prevent Man in the middle attack (MIM), this will
also prevent any sniffing of data and thus any eavesdropping. Using VPN will encrypt all the data going
through the network, it will also improve the privacy of the user. Encryption also has downsides as all the
encrypted mail and web pages are allowed through firewall they can also contain malware in them.
Encrypting data takes processing power from the CPU. This in turn reduces the speed at which data can
be send, the stronger the encryption the more time it takes [13].
D. Defence against DOS Attacks
To prevent DDoS attack many technologies have been developed such as intrusion detection systems
(IDSs), firewalls, and enhanced routers. These things are used between the internet and servers. They
monitor incoming connections as well as outgoing connections and automatically take steps to protect
the network. They have traffic analysis, access control, redundancy built into them [15].IDSs are make a
log of both the incoming and outgoing connections. These logs can then be compared to baseline traffic to
detect potential Dos attacks. If there is unusually high traffic on the server it can also alert of a possible
ongoing DOS attack such as TCP SYN flooding [14].Firewalls can also be used as defence against DOS
attacks with the required configuration. Firewalls can be used to allow or deny certain packets, ports and
IP addresses etc. Firewalls can also perform real time evaluation of the traffic and take the necessary
steps to prevent the attack. Security measures can also be employed in routers which can create another
defence line away from the target, so even if a DOS attack takes place it wont affect the internal network.
Service providers can also increase the service quality of infrastructure. Whenever a server fails a backup
server can take its place, this will make effect of DOS attack negligible. If the service providers are able to
distribute the heavy traffic of a DOS attack over a wide network quickly it can also prevent DOS attacks,
however this method require computer and network resources and they can be very costly to provide on
daily basis as a result only very big companies opt for this method.
E. Vulnerability Testing
11 | 2014, IJAFRSE All Rights Reserved
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
To prevent any attacks on the network, one must find any open vulnerabilities in the network and close
them, these may include open ports and also faulty and outdated software with known vulnerabilities,
outdated firewall rules etc. There are different tools available which allows a user to test his own
network security and also find vulnerabilities in a network [4]. One such method is using a port scanner
which can be used to probe a server and find any open ports. This is used by many admins to verify
policies of their servers and also can be used by attackers on a network to find exploits. Some of the tools
which are available for free on the internet are Nmap, SuperScan. These tools can be downloaded by
everyone and each comes with a detailed tutorial for using them [16]. Different types of port scans are
given below.
Open Scan
Half Open
Stealth
Sweeps
Misc
TCP Connect
SYN Flag
Pin Flag
TCP echo
UDP/ICMP
Error
Reverse Ident
"Dumb Scan"
ACK flags
UDP echo
FTP Bounce
Null Flags
TCP ACK
All Flags
TCP SYN
TCP
Fragmentation
ICMP Echo
SYN|ACK
flags
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
VPN allows a user to secure it privacy as its very hard to correctly detect the location of the user as the
network data may be routed through multiple locations spread across the world before finally reaching
its destination. It also can be used to bypass firewall and blocks of websites.
D. E-Mail Security
As both the sender and receiver of the email one must be concerned about the sensitivity of the
information in the mail, it being viewed by unauthorised users, being modified in the middle or in the
storage. Email can be easily counterfeit therefore one must always authenticate its source. E-mail can
also be used as a delivery mechanism for viruses. Cryptography as in many other fields plays a crucial
role in email security [6].Emails are very unsecure. As they pass through many mail servers during
transits they can be easily intercepted and modified. While using common Email there is no process to
authenticate the sender and many users would not give a thought to authenticate the email
received.There are many standards one can choose in order to secure his emails some of these are:PGP,
PEM, Secure multipurpose Internet mail extension (MIME), Message Security Protocol (MSP).
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
The emails during their transit are stored in many servers, which they pass through during their transit
and as a result they are not actually deleted when the users delete them from their account. These copies
can be easily retrieved and as well as their contents. Thus there should be a feature to delete these copies
or making these copies secure basically by using some strong encryption so that they cannot be read [10].
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
malware can already take complete control of the computer, disable the antivirus or even hides itself
from the antivirus. To prevent this antivirus companies introduced a new system called cloud scanning
this way not only will the digital signature be scanned across the database but also across millions of
computers and servers across the world. This all happens and real time and results are very fast. This
greatly reduces the chance of infection from a new malware.
VI. CONCLUSION
As internet has become a huge part of our daily life, the need of network security has also increased
exponentially from the last decade. As more and more users connect to the internet it attracts a lot of
criminals. Today, everything is connected to internet from simple shopping to defence secrets as a result
there is huge need of network security. Billions of dollars of transactions happens every hour over the
internet, this need to be protected at all costs.Even a small unnoticed vulnerability in a network can have
disastrous affect, if companies records are leaked, it can put the users data such as their banking details
and credit card information at risk, numerous softwares such as intrusion detection have been which
prevents these attacks, but most of the time its because of a human error that these attacks occur.Most of
the attacks can be easily prevented, by following many simply methods as outlined in this paper. As new
and more sophisticated attacks occur, researchers across the world find new methods to prevent them.
Numerous advancements are being made in the field of network security both in the field of hardware
and software, its a continuous cat and mouse game between network security analyst and crackers and
as the demand of internet shows no signs of decreasing its only going to get a lot harder.
VII.
REFERENCES
[1]
B. Daya ,Network Security: History, Importance, and Future ,University of Florida Department of
Electrical and Computer Engineering , 2013.
http://web.mit.edu/~bdaya/www/Network%20Security.pdf
[2]
[3]
[4]
A. R. F. Hamedani, Network Security Issues, Tools for Testing, School of Information Science,
Halmstad University, 2010.
[5]
S. A. Khayam, Recent Advances in Intrusion Detection, Proceedings of the 26th Annual Computer
Security Applications Conference, Saint-Malo, France, pp. 224-243, 42, 2009
[6]
[7]
R. E. Mahan, Introduction to Computer & Network Security, Washington State University, 2000.
[8]
Q. Gu, Peng Liu, Denial of Service Attacks, Texas State University, San Marcos.
[9]
M. A. Shibli, MagicNET: Human Immune System & Network Security, IJCSNS International
Journal of Computer Science and Network Security, Vol. .9 No.1, January 2009.
www.ijafrse.org
International Journal of Advance Foundation and Research in Science & Engineering (IJAFRSE)
Volume 1, Issue 3, August 2014.
[10]
[11]
[12]
[13]
B. Preneel, Cryptography for Network Security, Katholieke Universiteit Leuven and IBBT, 2009.
[14]
M. Kassim, An Analysis on Bandwidth Utilization and Traffic Pattern, IACSIT Press, 2011.
[15]
[16]
[17]
S. Shaji, Anti Phishing Approach Using Visual Cryptography And Iris Recognition,
Recogn
IJRCCT, Vol 3.
No. 3pp. 88-92, 2014.
AUTHORS PROFILE
Kartikey Agarwal is researcher in Department of Computer Science and
Engineering, Amity University, Uttar Pradesh, India. His research areas include
Network Security, Cloud Computing and Database Management System.
www.ijafrse.org