A network exists when two or more computing systems are linked in a mutually dependent relationship that enables them to share resources and/or information. The connection between systems may be a physical one – as is the case with a traditional private data center, where banks of servers and systems are connected by cables, routers, and switches. It may also be wireless or virtual, like a WiFi internet connection or a telecommunications service.
With equipment and resources being shared, there’s an increased likelihood that an attack or mishap affecting one component may spread that effect to other systems on the network. In a worst-case scenario, a successful assault on one aspect of the network may even take down the entire set-up.
The Importance of Ensuring Network Security
Some level of security assurance is essential to enabling a network to perform its intended function – whether that be allowing users to communicate with each other, the sharing and storage of documents and data, giving ready access to shared infrastructure or facilitating links to external resources (including other networks).
Coping With The Physical
Even with the prevalence of wireless, mobile, and cloud-based technologies, physical connections between network devices are still largely the norm – and there’s hardware involved in those “cable-free” network infrastructures, as well. Part of ensuring that a network remains both operational and secure involves taking steps to protect its physical infrastructure.
So data centers must typically be housed in physically secure facilities with strict access controls and surveillance – preferably on sites free from the risk of earthquakes, floods, and other natural disasters.
Redundancy (having duplicate or alternate versions of critical hardware and software so another can be called up if the first one fails), auxiliary power generators, surge protection for public power supplies, environmental controls like air-conditioning and cooling, and Uninterruptible Power Supply (UPS) units are also standard.
Securing Data On The Network
As information travels within and outside a network, it faces the threat of interception or interference by third parties not authorized to have access to it. So keeping data secure on a network is undertaken with three objectives in mind:
- Confidentiality: Keeping sensitive or private data and intellectual property exclusive to the individual or corporate body that owns it. Eavesdropping on communications and data transmissions or the outright theft of information are the threats to be guarded against.
- Integrity: Making sure that data originating within a network, stored in its servers, transmitted, or received retains its original form – one that reflects the real-world conditions that it’s supposed to represent. Interception of data in transit or tampering with data in storage to corrupt or manipulate it are the threats here.
- Availability: Ensuring that documents, data and network resources vital to an organization and its users/customers remain accessible to those authorized, at all times. Denial of Service (see below) is a major threat to this.
Dealing With Threats
The threats facing network security are wide-ranging, and often expressed in categories. And as with other sciences, security analysts have a range of views as to which of them are the most important.
Some consider logic attacks and resource attacks to be the most critical. Logic attacks seek to exploit software vulnerabilities and flaws to give intruders access to targeted systems, degrade network performance, or crash systems entirely. Resource attacks are intended to overwhelm CPUs, memory, and other critical resources with multiple requests or huge volumes of data packets.
Others favor a threat classification that covers four different categories:
- Unstructured threats: Largely impulsive or experimental attacks on a network(s) often staged without a particular target or motive in mind, but to test out techniques, technologies, and/or hacking skills.
- Structured threats: The larger body of attacks carried out by one or more individuals with some skill in the use of hacking tools and techniques, and targeted at a specific network(s), with a specific aim in mind.
- Internal threats: These derive from individuals who currently have access to a given network, or who had it in the past. Former employees with a grudge or a profit motive are typical of this breed of attack – and such individuals may have paved the way for their assault by creating ghost user identities for themselves before leaving an organization.
- External threats: Attacks by perpetrators outside an organization, typically using the internet or telecoms access.
Within this broad range of classifications, there exist several attack modes and vectors commonly used to compromise network security. These include the following:
These are direct assaults on systems, infrastructure, and network resources by attackers unable or unwilling to gain prior intelligence or network access. Worms, viruses, Trojans, malicious code injections and the stealing of credentials and intellectual property are typical examples.
Covert and often longer term operations that involve infiltration of a network and lying in wait for sensitive information to be revealed. Packet sniffing tools, extracting passwords and credentials from unencrypted data transmissions, and network monitoring (spying) using traffic analysis software are examples.
Bringing a server or service to a halt by sending more data to an application than its allocated buffer size can handle.
Denial of Service (DoS) Attacks
The overloading of network resources, servers, and websites by bombarding them with login requests, data packets, or communications – effectively locking out any authorized users who are also trying to access the system.
Perpetuated via malicious code embedded in otherwise legitimate-looking software, which is distributed to users via internet download sites or portals. The malware is often spyware, which sits on the machines where it has been installed, relaying data back to the cyber attacker’s own systems.
A knowledge of the weaknesses in operating systems and software enables an attacker to develop methods of exploiting these to gain access to target networks or to corrupt and manipulate data and operations.
Hijacking And Interception
Unsecured data transmission and communication protocols leave networks vulnerable to attackers who can step into an exchange at mid-stream – often to direct traffic towards their own servers, gain access to information in transit, or to insert their own (generally malicious) code into the transaction.
Besides dissatisfied former or existing employees acting to steal information or sabotage operations with malicious intent, these also include the often costly errors and lapses of authorized network users whose actions may have disruptive and expensive consequences.
Increasingly sophisticated use of messaging technologies such as email and SMS text, intended to bait users into revealing credentials or confidential data, visiting bogus web sites where information may be extracted or malware installed or inducing recipients to download malicious software (often embedded in attached files).
Often a precursor to some other, more aggressive course of action, these involve an attacker gathering as much information about a network and its operations as possible. This data might typically include server locations, IP address ranges, operating systems and other software being used, network hardware, etc.
Often used in an attempt to bypass the rules set by network firewalls, these attacks involve changing the source address of a data packet(s) so that the recipient assumes that the information is coming from a different source.
Share this Post