JIMMA UNIVERSITY

JIMMA INSTITUE OF TECHNOLOGY

FACULTY OF ELECTRICAL AND COMPUTER ENGINEERING

COMPUTER AND NETWORK SECURITY

ASSIGNMENT-ONE

NAME: Habtamu Zeleke Biramo

ID.NOU: RU0837/07 ADD

Jimma, Ethiopia
December, 2020

1
 1. Computer Attack

What is computer attacks?

Computer attacks mean a hacking of our computer. A person or hackers protected computer
without a persons or organization office interest. They created there hacking software or
malicious software and send to each computer. In this time our computer attacked by a
malicious and it cannot work with properly. Attacking or hacking others computer is illegal
trading system that a persons need to stole a data, file or any of their interest which can use to
get income by illegal way.

How we can protect this computer attack?

Security. Security is the main method to protect this attack in any sector or in any country.
Chief secures, cyber analysts and scientist are specialized to control the attack in a country.
There are different types of computer attacks, from those as sample we see some attacks

Types of computer Attack

1) Viruses

Viruses is the first and oldest attack. The computer made at the first this viruses came with
them. The viruses attack our computers by the two methods.

 Agent said: using email, file or data sharing.

 USB Drive: connecting USB drive from one computer to the other without fixing.

Viruses attack our computer when it delete, remove, sharing from one place to other, sending
our information to hackers and etc.

How we can prevent Viruses attack

o By using updated application

o Fixing USB driver before use in our machine
2) Trojan Horse
A Trojan horse, or Trojan, is a type of software that looks legitimate but can take control of
our computer. Its name came from the Greek war system. The aim of this Trojan designed to
damage, disrupt, steal, or in general inflict some other harmful action on your data. It target
more time a browser and stolen the data after execution.

2
Most of time it attacked our computer at the downloading time. Downloaded from any website
it works properly but inside the Trojan attack the file. We don’t know his attacking but after
attacking it damaged our web.

How we can prevent Trojan horse attack

o Before downloading any file from the internet first check it by write its name and
viruses on Google.
o Don’t search directly from any of website
3) Root kits

Root kit (remote control): it is one of a dangerous computer attacking system. A hacker control
our computer which locate in any were by using remote control. A computer owners does not
know their hacking but they sit on one place or country by using Wi-Fi or internet connection
protected computer. A computer is hacked by this root kit it is zombie computer or useless
computer.

How we can protect it

o By updating our software

o Downloading new software to our computer we must check it viruses.
4) Worms

Any type of website, application, database, browser or operating systems cannot prefect from
the beginning. So the technical variability is said to be zero-day variability. The worm is a
malicious that found a cliché on the computer and the attack websites, apps, browser’s and etc.
Many time this attack target browser, adobe acrobat, and computer operating system.

How we can prevent this attack

o The software publisher company must be update their software at all times.
o After company updated also we update those software on our computer
5) Credential Reuse

The meaning of Credential reuse is a problem for many organizations. Users inundated with
requirements to supply complex passwords to different systems often resort to reusing the
same password across multiple accounts so that they can easily manage their credentials. Many
peoples restore there computer or password this credential reuse attack the computer. It is

3
stuffing attacks are possible because many users reuse the same username/password
combination across multiple sites, with one survey reporting.

Prevention method

o Secure our password and username

o At the time of restore our device and password also we sure restore as properly
6) Insufficient Logging and Monitoring attacking

This type of computer attacking is make our systems immune to all possible attacks,
realistically the need to accept that some attacks will get through our defence. However, a
resilient defines should include several layers. This includes the possibility of detecting those
attacks that succeeded despite all our efforts, preferably as soon as possible.

Prevention of Insufficient logging and monitoring system

o Select our storage location

o Control data processing using their application

7) Teardrop attack

This attack causes the length and fragmentation offset fields in sequential Internet Protocol (IP)
packets to overlap one another on the attacked host; the attacked system attempts to reconstruct
packets during the process but fails. The target system then becomes confused and crashes. It
is similarly attacked on the networking because the server can be communicated with the
computer. Many person included this attacks inside of networking attacking. As generally it
attack the same a computer.

2. Network Attack

The network attack is a method of attacking that focus on network server and client.

1) Cross site scripting (XSS) attack

This attacking system take place in three ways: attacker, website visitor and website. Attacker
visit a website for having script injection vulnerable. Then this attacker payload a malicious
software to database that steals cookies. The website transfer the victim browser to an attacker
and after exciting victim a visitor send a website cookie to attacker. Also a cross site scripting

4
attack occurs when a website has a vulnerability that allows the injection of scripts. This would
allow the attacker to steal the browser cookies for session hacking.

Prevention Method

o Avoiding un useful app from server

o Avoiding un necessary data from database
2) Man-in-the Middle (MITM) Attacks

It is a type of computer network attack that an attacker communicate between two entities. The
hacker set on the middle from the server and network it follow the network information step
by step. The attacker listens to the conversation between the public key message transmission
and the re-transmitter the message

Prevention Method

o Securing our server

o Hidden the transmitter line from the attacker by software app
o Doesn’t reply interest data on server
3) TCP SYN Flood Attack

In this attack, an attacker exploits the use of the buffer space during a Transmission Control
Protocol (TCP) session initialization handshake. The attacker’s device floods the target
system’s small in-process queue with connection requests, but it does not respond when the
target system replies to those requests. This causes the target system to time out while waiting
for the response from the attacker’s device, which makes the system crash or become unusable
when the connection queue fills up.

There are a few countermeasures to a TCP SYN flood attack:

 Place servers behind a firewall configured to stop inbound SYN packets.

 Increase the size of the connection queue and decrease the timeout on open connections.

4) Teardrop attack

This attack causes the length and fragmentation offset fields in sequential Internet Protocol (IP)
packets to overlap one another on the attacked host; the attacked system attempts to reconstruct
packets during the process but fails. The target system then becomes confused and crashes. If

5
users don’t have patches to protect against this DoS attack, disable SMBv2 and block ports 139
and 445.

5) Drive-by attack

This attacking system is focus on the HTTP and software programing which are PHP and
JavaScript codes. A person who can visit a website this drive by attack directly attacked our
application or client. Drive-by download attacks are a common method of spreading malware.
Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one
of the pages. It might re-direct the victim to a site controlled by the hackers. Drive-by
downloads can happen when visiting a website or viewing an email message or a pop-up
window. A drive-by download can take advantage of an app, operating system or web browser
that contains security flaws due to unsuccessful updates or lack of updates.

Prevention Method

o Surely program PHP and other code

o Protecting HTTP server in daily

6) Eavesdropping attack

Eavesdropping attacks occur through the interception of network traffic. By eavesdropping, an

attacker can obtain passwords, credit card numbers and other confidential information that a
user might be sending over the network. Eavesdropping can be passive or active:

 Passive eavesdropping — A hacker detects the information by listening to the message

transmission in the network.
 Active eavesdropping — A hacker actively grabs the information by disguising
himself as friendly unit and by sending queries to transmitters. This is called probing,
scanning or tampering.

7) Birthday attack

Birthday attacks are made against hash algorithms that are used to verify the integrity of a
message, software or digital signature. A message processed by a hash function produces a
message digest (MD) of fixed length, independent of the length of the input message; this MD

6
uniquely characterizes the message. The birthday attack refers to the probability of finding two
random messages that generate the same MD when processed by a hash function. If an attacker
calculates same MD for his message as the user has, he can safely replace the user’s message
with his, and the receiver will not be able to detect the replacement even if he compares MDs.

3. Web attack

What is web attack?

Web is a software or programmable application that used to gain a data from a server.

1) SQL Injection

SQL injection, also known as SQLI, the attackers inject malicious SQL scripts in to website
app to gain access to the database to store in the website server. They use a commonly way for
hacking those way is the server hidden the SQL queries in site. For instance any want to use a
Facebook it must login with in an account, but on this SQL injection query would be sent to
database to request the user’s information. However, when hackers inject a malicious software
they could request all kinds of data or information from a database. They have a communication
system with the database. Most of software applications have database stored in their server,
this software applications are become attractive target for SQL injection.

How we can prevent

o An SQL query is request for data from database we must cack if it is correctly fetched
or not
o When web app are stored there data on the server we must prepare the security location
to protect our database.
2) Denial of Service

This type of attacking is attacked the web server. The attackers sends an enormous amount to
our website or to hosting server to disrupt and even shutdown our system. It focus on server of
our web application and website ranting cloud servers. The cloud charged with an automated
server to share connection to any server. The denial-of-server attack is the same concept, except
that this time, the hackers gain illegal control over a millions of device to launch the attack on
the large scale. Different from the other attackers do not receive any direct benefit from the
denial-of service attacks. Many time this attacking system is targeted to attack an
organizational information and a hugest information stored centre.

7
How we can prevent

o Downloading the software application which is protect this type of attack from the
internet

3) Zero-day attack

A zero-day attack this software flaws before they are patched with software update. We stand
from its name it is zero-day attack so what mean that? The day of software update is day one,
then an attacker come before the update is said to day zero, from this the attacking system is
said to be zero-day attack. The attacker target on do not yet have fix software. A software
company checking their app to update this zero-day attack control all those un updated software.

How we can prevent

o By checking their update before download

o Making correct fix in our computer
o Troubleshooting un properly software
4) Parameter Tampering Attack

The parameter tamping attack is based on the manipulation of parameter exchange between the
client and server. It also exchange the modification of application data in the server. The data
stored on the database by using client. In this time the parameter tamping have a
communication with the server. We don’t know their interaction but as inside the data stole
from our server.

How we can prevent

o Checking client before store our data

o Checking server before upload our web
5) Brute force attack

Brute Force attack is called password attack. This method is one of the simplest form of web
attacks. Because the attackers or hackers simply tries different combination of username and
password as repeatedly until it is login to user account and take the other password using valid
form. For a single computer it take more time but to multiple computer simply they login by

8
breaking method or by combination of username and password. Many hackers developed there
powerful software to hack.

How we can prevent

o Traffic control password

o Control the user account
6) OS Command Injection attack

This attacking system is attacked by using the operating system command into the server that
is running the web application. It is deferent from the SQL injection because it enters from the
server side to the application side. In the SQL injection attack the control of full application.
The application also utilize to compromise other parts.

7) LDAP injection attack

LDAP (Lightweight Directory Access Protocol) is an application software mostly used for
corporate intranets. Any one need to network to find the resource as sample device, file, as well
as username or password as part of single sign-on system. An LDAP injection attack allows
attackers to send queries without validation.

Prevention Method of LDAP Injection Attack

o Protecting password and username securely

o Checking browser host before loading
o Using proper our username and password