Network Attacks: Parsing and Countering
Hackers Academy last edited by admin
In the last article, we examined the classification and main types of network attacks. In the same, we will analyze in detail the essence of each attack, as well as methods of counteracting such. Let's get started.
For ease of perception, I will immediately describe what each concrete attack is, and how to counteract it. Detection technologies will be a separate heading.
Denial of Service Attack
She is DoS - Denial of Service. The most primitive and little respected attack in the hacker environment, however, is one of the most accessible, and there is no one hundred percent protection against it. Its accessibility is explained by the fact that DoS is not designed for software errors or security holes, but for the general weaknesses of the system architecture.
Unlike other attacks, DoS does not aim to get any data or access to the network. DoS makes the attacked network inaccessible for normal use by exceeding the permissible limits of the network, operating system or application. During a DoS attack, attackers try to take all the connections available for Web applications, which keeps them busy and does not allow serving users.
This type of attack is difficult to prevent, as this requires coordination with the provider. If you do not stop the provider’s traffic intended for overflowing your network, you will not be able to do this at the entrance to the network, since the entire bandwidth will be occupied. If an attack of this type is carried out through many devices, this is called a distributed DoS attack (distributed DoS, or DdoS).
There are three main ways to prevent DoS:
Anti-spoofing features. First of all, it is worth setting up the correct configuration of the anti-spoofing function on routers and firewalls. In particular, RFC 2827 filtering should be enabled. In this case, if a hacker cannot disguise his true identity, he is unlikely to dare to carry out an attack.
Anti-DoS Features. You can also reduce the effectiveness of DoS attacks through firewalls and the proper configuration of anti-DoS features. These functions often limit the number of half-open channels at any given time.
Traffic limit limiting And finally, you can ask the provider to limit the amount of traffic passing through the network. Alternatively, reduce the amount of ICMP traffic used for diagnostic purposes. Since usually DoS attacks are carried out precisely through it.
Password brute force attack
The next primitive, but quite effective way to find the path to the system can be brute force password (aka brute force attack). If successful, the hacker is given access to the system, albeit with minor capabilities. If this user has significant access privileges, the hacker can create a “pass” for future access, which will be valid even if the user changes his password and login.
An even bigger problem arises if users use the same (albeit very complex) password to access many systems: corporate, personal and Internet systems. Since password strength is equal to the stability of the weakest host, the hacker who learns the password through this host gains access to all other systems that use the same password.
Although in reality it is not necessary to use brute force to intercept a password. You can try to find out the password using Trojan software, IP spoofing or packet sniffing. It is even possible through social engineering. However, in some cases this may be the easiest way. Especially if there is a weak password, or one of the most common passwords, such as “password”.
This attack can be avoided if you do not use passwords in text form. One-time passwords and / or cryptographic authentication nullify the threat of such attacks. But unfortunately, not all applications, hosts, and devices support these authentication methods.
Therefore, at least it is always worth using passwords that will be difficult to pick up. The minimum password length should be at least eight characters, and ideally more than sixteen. The password must include uppercase characters, numbers, and special characters (#,%, $, etc.).
Such passwords are hard to pick up and hard to remember, which forces users to write them down. It is better to store them on paper, or in encrypted form on the device. Otherwise, there is a risk of password leakage in other ways. Alternatively, you can use one of the password managers - then it remains to remember only one complex password from the manager itself.
And of course, training of employees is required so that, firstly, no one uses any personal data in passwords that can be easily learned by reconnaissance. Secondly, so that nowhere and never disclosed access data, which may be in the case of an attack by social engineering.