Side 3Security Technologies19.02.2007 15:23:13http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/security.htm
However,if anattacker manages to change the routing tables to point to the spoofed IP address,hecan receive allthe network packets that areaddressedto the spoofed address and can reply just as anytrusted user can.Another approach that the attacker could take is to not worry about receiving anyresponse from the targeted host.This is called a
denial-of-service (DOS) attack
.The denial of service occurs because the system receiving therequestsbecomes busytryingto establish a return communications path with the initiator (which may or may not beusing a valid IPaddress).In more technical terms,the targeted host receives a TCP SYNand returns a SYN-ACK. Itthen remains ina wait state, anticipating the completion of the TCP handshake that never happens. Each wait stateuses system resources until eventually, the host cannot respond to other legitimate requests.Like packet sniffers,IP spoofing and DOS attacksarenot restricted to people who areexternal to the network.
Password attackscan beimplemented using several different methods,including brute-force attacks, Trojan horseprograms (discussed later inthe chapter),IP spoofing, and packet sniffers.Although packet sniffers and IP spoofingcan yield user accountsand passwords,password attacksusually refer to repeated attempts to identifya useraccountand/or password;these repeated attemptsarecalled brute-force attacks.Often, a brute-force attack is performed using a dictionary program that runs across the network and attemptsto loginto a shared resource,such as a server. When anattacker successfullygains access to a resource,that personhas the same rights as the user whose accounthas been compromised to gain access to that resource.If thisaccounthas sufficient privileges,the attacker can create a back door for future access, without concern for anystatus and password changes to the compromised user account.
Distribution of Sensitive Information
Controlling the distribution of sensitive information is at the core of a network security policy. Although such anattack may not seem obvious to you,the majority of computerbreak-ins that organizations suffer areat the hands ofdisgruntled presentor former employees.At the core of these security breaches is the distribution of sensitiveinformation to competitors or others that will use it to your disadvantage.An outside intruder can use password andIP spoofing attacksto copyinformation, and aninternal user can easily place sensitive information onanexternalcomputeror share a drive onthe network with other users.For example,aninternal user could place a file onanexternal FTP serverwithout ever leaving his or herdesk.Theuser could also e-mail anattachment that contains sensitive information to anexternal user.
requires that the attacker have access to network packets that come across thenetworks. An exampleof such a configuration could besomeone who is workingfor yourInternet service provider(ISP),who can gain access to all network packets transferredbetweenyournetwork and anyother network. Suchattacksareoften implemented using network packet sniffers and routing and transport protocols.The possibleusesof such attacksaretheft of information,hijacking of anongoing session to gain access to yourinternal networkresources, traffic analysis to derive information about your network and its users,denial of service,corruption oftransmitted data,and introduction of new information into network sessions.
Protecting Your Network: Maintaining Internal Network System Integrity
Although protecting yourinformation may beyourhighest priority,protecting the integrityof yournetwork is critical inyour ability to protect the information it contains.A breach inthe integrityof your network can beextremely costly intime and effort, and it can open multiple avenues for continuedattacks. This sectioncovers the five methodsofattack that arecommonly used to compromise the integrityof your network:• Network packet sniffers• IPspoofing• Password attacks• Denial-of-service attacks• Application layer attacksWhen considering what to protect within yournetwork,you areconcernedwith maintaining the integrityof thephysical network, yournetwork software,anyother network resources, and your reputation. This integrity involvesthe verifiable identityof computersand users, proper operation of the services that your network provides,andoptimal network performance;all these concerns areimportant inmaintaining a productive network environment.