A Denial of Service (DoS) attack is a malicious Filtering routers

Active Attack Passive

attempt Attack
to affect the availability of a targeted The packets in the network
Work by modifying thesystem, No such
modification of or application, to
as a website which enter and leave are
information information
legitimate takes
end users. place. attackers
Typically, filtered, through ingress and
There is a possibility ofgenerate
No system damages.
large volumes of packets or requests egress packet filter.
system damage. ultimately overwhelming the target system. In Disabling unused services:
Victims get informed case of Victims are not informed
a Distributed Denial of Service (DDoS) The tampering and attacks are
about the attack about
attack, and the attack.
attacker uses multiple minimized through the
Very difficult to prohibit Comparatively
compromised easy to sources to
or controlled UDP echo or through other
or prevent such attackgenerateprevent such
the attack.attacks unused services.
An Active attack A Passive attack attempts to Applying security patches:
attempts to alter learn or
In general, make
DDoS use ofcan be segregated by
attacks To avoid the DoS all the servers
system resources or whichinformation
layer of thefrom
Openthe system
Systems are reorganized with security
effect their operations.Interconnection
but does not affect
(OSI) system
model they attack. They techniques and patches.
Active attack involve are mostresources.
common Passive
at theAttacks
Network (layer 3), IP hopping:
some modification of Transportare in(Layer
the nature of
4), Presentation (Layer 6) and The IP address of clients are
the data stream or Applicationeavesdropping
(Layer 7)on or
Layers. allowed to be pre-specified
creation of false monitoring of transmission. with set of IPs to prevent from
statement. The goal of the opponent is DDoS attacks.
to obtain information that is Disabling IP broadcast:
being transmitted. The malicious part of this attack
1-Denial of Service 1-The release of message is that the attacker can use a
2-Repudiation content low-bandwidth connection to
3-Replay 2-Traffic analysis destroy high bandwidth
4-Modification of connections. The number of
messages packets that are sent by the
5-Masquerade attacker is multiplied by a factor
DDos equal to the number of hosts
behind the router that reply to
the ICMP echo packets.
TCY SYN FLOOD A SYN Flood is a common form of Denial-of- Firewalls and IPS devices, while
Service (DDoS) attack that can target any critical to network security, are
system connected to the Internet and not adequate to protect against
providing Transmission Control Protocol (TCP) complex DDoS attacks. Today’s
services (e.g. web server, email server, file more sophisticated DDoS attack
transfer). A SYN flood is a type of TCP State- methodologies require a multi-
Exhaustion Attack that attempts to consume faceted approach that enables
the connection state tables present in many users to look across both
infrastructure components, such as load Internet infrastructure and
balancers, firewalls, Intrusion Prevention network availability. Some of
Systems (IPS), and the application servers the capabilities to consider for
themselves. This type of DDoS attack can take stronger DDoS protection and
down even high-capacity devices capable of faster mitigation of TCP SYN
maintaining millions of connections. flood DDoS attacks include:
A SYN Flood occurs when the TCP layer is
saturated, preventing the completion of the Support of both inline and out-
TCP three-way handshake between client and of-band deployment to ensure
server on every port. there is not one single point of
 Every connection using the TCP protocol
requires the three-way handshake, which is a
set of messages exchanged between the client
and server:
The three-way handshake is initiated when
the client system sends a SYN message to the
server
The server then receives the message and
responds with a SYN-ACK message back to the
client
Finally, the client confirms the connection
with a final ACK message
BOTNETS A botnet attack is a large-scale cyber-attack
carried out by malware-infected devices which
are controlled remotely. It turns compromised
devices into 'zombie bots' for a botnet
controller. ... Attackers use botnets to
compromise systems, distribute malware and
recruit new devices to the brood.
SMURF A Smurf attack is a form of a distributed denial
of service (DDoS) attack that renders
computer networks inoperable. The Smurf
program accomplishes this by exploiting
vulnerabilities of the Internet Protocol (IP) and
Internet Control Message Protocols (ICMP).
How could a smurf attack happen?
A smurf attack occurred when an attacker sent
a spoofed ICMP ping request to the broadcast
address on a network. The request would be
distributed to all of the hosts on the network
and every host on that network would now
send a response to the spoofed (victim) host.
PING OF DEATH Ping of Death is a type of Denial of Service
(DoS) attack in which an attacker attempts to
crash, destabilize, or freeze the targeted
failure on the network.
Broad network visibility with
the ability to see and analyze
traffic from different parts of
the network
Varied sources of threat
intelligence, including statistical
anomaly detection,
customizable threshold alerts
and fingerprints of known or
emerging threats in order to
assure fast and accurate
detection
Scalability to manage attacks of
all sizes, ranging from low-end
(e.g., 1Gbps) to high end (e.g.,
40Gbps)
Keep your operating system up-
to-date
Don't open files from unknown
or suspicious sources
Scan all downloads before
running the downloaded files,
or find different ways of
transferring files.
Don't click suspicious links
Install an antivirus program
How could a smurf attack
happen?
A smurf attack occurred when
an attacker sent a spoofed ICMP
ping request to the broadcast
address on a network. The
request would be distributed to
all of the hosts on the network
and every host on that network
would now send a response to
the spoofed (victim) host.
also adjust firewall to not allow
pings from outside of network.
Investing in a new router can
help, as well, as these
configurations often default on
newer devices.
create a memory buffer with
enough space to handle packets
which exceed the guideline
 computer or service by sending malformed or maximum
oversized packets using a simple ping
command.
MAN IN THE A man-in-the-middle attack is a type of Strong Router Login Credentials
MIDDLE eavesdropping attack, where attackers Virtual Private Network
interrupt an existing conversation or data Public Key Pair Based
transfer. After inserting themselves in the Authentication
"middle" of the transfer, the attackers pretend Force HTTPS
to be both legitimate participants.
FILE INFECTOR A file infector infects files present in the Always have a backup. ...
system by attaching itself to the file. It is Never download programs from
dependent on the particular file types and untrusted sites. ...
platform and it needs to know how the Be cautious when opening email
various executables are executed in the attachments. ...
Operating System so it is designed in such a Disable image previews in your
way that these files must execute. email client. ...
Use an anti-malware solution. ...
Use a firewall. ...
POLYMORPHIC Polymorphic malware is a type of malware Use Strong Passwords and
that constantly changes its identifiable Change Them Regularly:
features in order to evade detection. ... Even if Ensuring that your accounts are
the new signature is identified and added to protected with secure and
antivirus solutions' signature database, unique passwords is another
polymorphic malware can continue to change best practice for malware
signatures and carry out attacks without being protection. Educate end users
detected on secure passwords and use
features like multi-factor
authentication or secure
password managers where
necessary.
LOGIC BOMBS A logic bomb is a malicious piece of code Use trusted antivirus software
that’s secretly inserted into a computer Don’t download anything you
network, operating system, or software don’t know or trust
application. It lies dormant until a specific Perform regular OS updates
condition occurs. When this condition is met,
the logic bomb is triggered — devastating a
system by corrupting data, deleting files, or
clearing hard drives.
RANSOMWARE Ransomware is a type of malicious software Prevention for ransomware
(malware) that threatens to publish or blocks attacks typically involves setting
access to data or a computer system, usually up and testing backups as well
by encrypting it, until the victim pays a ransom as applying ransomware
fee to the attacker. In many cases, the ransom protection in security tools.
demand comes with a deadline. If the victim Security tools such as email
doesn’t pay in time, the data is gone forever protection gateways are the
or the ransom increases. first line of defense, while
endpoints are a secondary

TEARRDROPPING A teardrop attack is a type of denial-of-service
(DoS) attack (an attack that attempts to make
a computer resource unavailable by flooding a
network or server with requests and data.)
The attacker sends fragmented packets to the
target server, and in some cases where there’s
a TCP/IP vulnerability, the server is unable to
reassemble the packet, causing overload.
EVAESDROPPING An eavesdropping attack occurs when a
hacker intercepts, deletes, or modifies data
that is transmitted between two devices.
Eavesdropping, also known as sniffing or
snooping, relies on unsecured network
communications to access data in transit
between devices.
PHISHING Phishing attacks are the practice of sending
fraudulent communications that appear to
come from a reputable source. It is usually
done through email. The goal is to steal
sensitive data like credit card and login
information, or to install malware on the
victim's machine.
defense. Intrusion Detection
Systems (IDSs) are sometimes
used to detect ransomware
command-and-control to alert
against a ransomware system
calling out to a control server.
By default, F5’s BIG-IP
Application Delivery Services
protect against teardrop attacks
by checking incoming packets’
frame alignment and discarding
improperly formatted packets.
Teardrop packets are therefore
dropped, and the attack is
prevented before the packets
can pass into the protected
network.
Eavesdropping attacks can be
prevented by using a personal
firewall, keeping antivirus
software updated, and using a
virtual private network (VPN).
Using a strong password and
changing it frequently helps,
too. And don't use the same
password for every site you log
onto.
Deploy a SPAM filter that
detects viruses, blank senders,
etc.
Keep all systems current with
the latest security patches and
updates.
Install an antivirus solution,
schedule signature updates, and
monitor the antivirus status on
all equipment.
Develop a security policy