Computer attacks: some types and methods of struggle.
Computer attacks: some types and methods of struggle
Computer attacks
Today, there are so many dangers that lie in wait for the user on the network that it is difficult to classify them all, however, we will try to do this. The security of personal data is under constant threat from hackers. Computer attacksvary in complexity. To identify the types of attacks threatening the Internet, it is necessary to take into account some limitations inherent in the TPC/IP protocol. Computer attackscalled «Packet sniffer» is an application program that uses a network card in promiscuous mode. The sniffer intercepts all network packets that are transmitted through a certain domain. Sniffers are used today for troubleshooting and traffic analysis. It is important to remember that with the help of a sniffer you can find out both useful and confidential information, for example, user names and passwords. Interception of names and passwords creates a great danger, since users often use the same login and password for many applications and systems. Many users generally have a single password for accessing all resources and applications. If the application operates in the «client-server» mode, and the authentication data is transmitted over the network in a readable text format, then this information can most likely be used to access other corporate or external resources.
Computer protection tools
Specialists are developing various methods for detecting viruses. There are computer protection tools against sniffers, for example, authentication. One-Time Passwords (OTP) are a fairly strong authentication. OTP is a two-factor authentication technology that combines what you have with what you know. Computer protection toolsusing two-factor authentication, a PIN code and a personal card are required. Such a card is a hardware or software tool that generates a unique one-time password. If a hacker finds out this password using a sniffer, this information will be useless, since at that moment the password will already be used and out of use. But such computer protection tools are effective only in cases of password interception. Sniffers that intercept other information cannot be “neutralized” in this way. Computer protection toolsfrom network attacks through a switched infrastructure allows you to combat packet sniffing in your network environment. A switched infrastructure does not eliminate the sniffing threat, but it significantly reduces its severity. Anti-sniffers are another way to combat sniffing, which consists of installing hardware or software that recognizes sniffers operating in your network. These tools cannot completely eliminate the threat, but, like many other network security tools, they are included in the overall protection system. Anti-sniffers measure the response time of hosts and determine whether hosts have to process unnecessary traffic. Cryptography is the most effective way to combat packet sniffing, although it does not prevent interception and does not recognize the work of sniffers, but makes this work useless. If the communication channel is cryptographically protected, then the hacker intercepts not the message, but the encrypted text.
Computer Attacks «IP spoofing» is when an attacker, inside or outside a corporation, impersonates an authorized user. This can be done in two ways: the hacker can use either an IP address that is within the authorized IP range, or an authorized external address that is allowed to access certain network resources. Computer AttacksIP spoofing is often the starting point for other attacks. Typically, IP spoofing is limited to inserting false information or malicious commands into the normal flow of data between a client and server application or over a peer-to-peer communication channel. The threat of spoofing can be mitigated by:
— access control. To reduce the effectiveness of IP spoofing, configure access control to reject any traffic coming from an external network with a source address that should be located inside your network;
— RFC 2827 filtering. You can stop users on your network from spoofing other people's networks (and become a good network citizen) by rejecting any outgoing traffic whose source address is not one of your organization's IP addresses.
Detecting Network Attacks
The most effective preventative measure for protecting your computer is early detection of network attacks. To do this, you need to install a software package that monitors the content of the traffic. Thanks to timely measures, it is possible to identify various types of malware. Such packages operate at the network level according to the OSI model, monitoring the established connections, analyzing the structure and content of network packets. Detection of network attacks occurs through the analysis of all passing traffic both on a separate computer and on a dedicated server. Detection of network attacks in this way activates the mechanism for responding to this type of threat. The mechanism for monitoring and analyzing the statistics of established connections allows you to identify an attempt to scan the system or carry out an attack of the <denial of service> type (multiple connections to a service are opened simultaneously). Traffic content control is implemented by searching for certain data sequences transmitted in a network packet.