The first and only download manager/accelerator built inside Firefox!
More about this add-on
DownThemAll is all you can desire from a download manager: it features an advanced accelerator that increases speed up to 400% and it allows you to pause and resume downloads at any time.
DownThemAll is fast, reliable and easy-to-use! It lets you download all the links or images contained in a webpage and much more: you can refine your downloads by fully customizable criteria to get only what you really want!
DownThemAll is absolutely freeware and open-source. No Adware, no Spyware.
For more information, http://www.downthemall.net/howto/features/
Now that we have the basic Denial of Service Attacks (aka DoS attacks) and the Reconnaissance Attacks out of the way, let’s talk about other types of network attacks.
Today I’ll focus on:
Access Attacks
Worms, Viruses and Trojan Horse attacks
Application Layer Attacks
I hope that this article, along with my previous ones, will shed some light on vulnerabilities in security and help you with your concerns regarding your network’s security needs. It may even inspire you to get your CCNA Security Certification.
Access Attacks
Access attacks are performed by intruders that illegally gain access to account databases and any other type of personal and confidential information. In order to achieve their destructive intentions, access attackers try to “dig” in well known “holes” of all basic text messages that might occur during an FTP or web service.
Keep in mind that not all attackers originate from the outside world. A lot of intrusion incidents have been reported as jobs from within the organization. So don’t think that all attackers have to first overcome the constraints of accessing the system’s boundary.
They may already be logged into the system. They may be the people sitting right next to you, sharing the same resources, asking you for advice.
The main types of access attacks are:
Password attacks
Port redirection
Man-in-the-middle attacks
Let’s examine each one of these malicious attacks in more detail.
• Brute-Force Attacks
The attacker is repeatedly trying to guess the administrator’s password with the help of sophisticated software that uses time-consuming, advanced computational methods to compute the encrypted password.
The end result is that the attacker equipped with the decrypted administrator password is now capable of fulfilling all of his malicious plans.
• Port Redirection
IP redirected traffic has been always a security headache. An attacker that is familiar with the network of the victim could install a special application on a user’s computer that could redirect traffic towards a specific user via the hacked user. This is accomplished without violating firewall rules in the network.
• Man-In-The-Middle Attack
This type of attack can be implemented when someone working for your ISP gains access to all the traffic that originated from your network towards any other network. And if you didn’t implement security protocols, then the attacker could examine and analyze your traffic in order to obtain information regarding your network and users in it.
But that’s not all the attacker is capable of. Corruption of transmitted data is something even worst, and the attacker can even alter your data.
In my opinion, password attacks are extremely dangerous. They’re all about obtaining a user account password, and having the password at hand the attacker can invade the system pretending to be an authorized user and cause catastrophic effects on the system’s operations.
I have a few suggestions for minimizing the chances of being exposed to these types of attackers. But before we move on to that, let’s take a look at more network attacks — worms, viruses and Trojan horse attacks.
What you need to remember about viruses and Trojan horses is that they can be effectively eliminated with the use of an up-to-date antivirus system, or even better by implementing a host-based intrusion prevention system (HIPS) like Cisco’s Security Agents (CSAs). CSAs is a specialized software that monitors all kinds of activity performed on a given host and protects the host by implementing a state of the art antivirus and network firewall.
Application Layer Attacks
Unfortunately, application layer attacks cannot be completely eliminated. More and more application vulnerabilities are constantly being discovered, which in turn provides more and more harmful capabilities to attackers.
Application layer attacks are actually like any other attack on your network. The purpose of this attack does not differ from others; it’s nothing more than exploiting the network of the victim, acquiring access and performing malicious plans on the system.
What actually differs is the method of performing the attack. Attackers try to take advantage of well-known application vulnerabilities like for example sendmail or FTP.
More and more software weaknesses are discovered. The software production companies take correction measures against these weaknesses but unfortunately the evil mind of an attacker is always capable of discovering fresh new software malfunctions.
5 Network Security Tips To Live By
Do you think that danger is all around your network? Do you feel that you are about to be the next victim of an attackers malicious plot? Do you fully understand the consequences of overlooking your network’s security needs?
I hope you will take this article along with all other security related articles really seriously for the sake of your network and your career. I would like to close this article with a quick reminder about all those little things that MUST be followed if you want to be able to sleep peacefully at night and your network to operate safely.
ALWAYS keep your operating system and antivirus software up-to-date
Keep your eyes open — make sure that you’re aware of the newly discovered vulnerabilities and don’t hesitate to request advice and guidance from others
Pay attention to your system — observe and analyze your system’s log files (operating system logs, network device logs etc) on a daily basis
Don’t use plain text passwords — encrypt your passwords where possible using strong encryption algorithms and keep your passwords safe. If you need to have them in an electronic file or even on a piece of paper make sure you keep them in a safe place, somewhere where only you have access to.
Set appropriate policies to both host computers and network devices to lock login accounts after 3 consecutive unsuccessful login attempts. This way you eliminate the chance of having someone continuously try to resolve the password.
If you have any good tips for securing your network share them in the comments.
Most network attacks are well documented and investigated. The behavior of these attacks and the various stages that these attacks are progressing have already being examined and clarified. In this article I’ll provide you with all the necessary details concerning the behavior and attack strategy of the most dangerous malicious attacks that could invade your system and cause harmful irreversible effects.
Getting to Know Your Enemies
The few minutes that you’ll spend reading this article will save you hundreds of minutes and possibly hundreds of dollars that you might need to repair the ruins that your attackers leave behind — if they find you unprepared for them.
Today I’ll focus mainly on the reconnaissance methods that the attackers exploit and present in detail how these methods achieve their goals (which in this case is about how the enemy learns about YOU!)
The Various Stages of an Attack
All malicious attacks go through a couple of stages.
In the first stage, the attacker collects and evaluates information from the prospective “victim.” In the second stage, the actual attack is performed while at the same time the attacker tries to hide evidence about its operation.
You’re probably wondering “what kind of information does the attacker try to collect?” Just to give you an idea, below is a small list of information about a given network that would make an attacker really happy:
IP addresses of active hosts
The actual port numbers that are active on the active hosts
The topology of the network
The operating system of the hosts
Let’s start by introducing basic Reconnaissance Techniques that attackers exploit.
Reconnaissance Methods
• IP Address Sweep
A malicious agent is sending continuous ICMP packets (echo requests) to different hosts within a defined interval (5 milliseconds is the default). The purpose of this is to have at least one host replying back, thus exposing itself to the attacker.
The easiest way to preclude an attacker from performing an IP address sweep is to disable all ICMP traffic., but this could mean that you lose network diagnostics. More advanced systems can monitor sessions and identify IP address sweeps by monitoring the rate of transmission of ICMP messages originating from a particular source.
• Port Scanning
An attacker is trying to find an active service on a remote host by sending TCP SYN segments to different ports at the same destination IP address within a defined interval.
Similar to an IP address sweep, this can be avoided by applying access control lists. Sophisticated systems (such as Cisco IPS) can monitor the number of ports scanned by a given remote source and block all further requests when the number of port scans reaches a predefined value within a defined interval.
• Network Reconnaissance Using IP Options
IP standard supports a set of options that provide special routing functionality and diagnostics. These options are rarely used and if they are, they are probably added for evil use.
Therefore, in a secure network it is advisable to drop IP packets that contain IP Options headers. Cisco Intrusion Prevention signatures can identify such packets and discard them. You can find more details about the intended use of these options in RFC 791.
• Discovering Victim’s Operating System
A great advantage for an attacker is to discover the Operating System of its potential target. Equipped with this knowledge, the attacker could launch the appropriate vulnerability. A few ways exist for identifying the os of a host:
1. SYN and FIN Flags Set
Those of you who didn’t read my article on TCP-IP, now is a good time to do so to refresh your memory about the TCP header.
Normally, in a given TCP segment, the SYN and FIN flags are not set together. A SYN flag is used when initiating a TCP connection and a FIN flag is used when terminating a TCP connection. Therefore, a TCP header with both these flags set is an up normal situation which causes various responses from the recipient host based on the operating system.
An attacker could set these Flags on, as seen in the figure below, causing the recipient party to reveal its operating system and open the way for the attacker to launch the next possible vulnerability attack.
2. Only FIN Flag is Set
Normally, TCP segments with the FIN flag set also have the ACK flag set to acknowledge reception of the last packet. Having a FIN flag without ACK flag is an up normal behavior which may lead in revealing the recipients operating system according to the response provided.
3. No Flag is Set
A normal TCP header has at least one flag set. Having a TCP segment with no Flags set is again an up normal condition leading to various responses according to the operating system.
• IP Spoofing
An old method of malicious attacks is having a source host injecting a fake IP source address pretending to be a trusted host. This is called IP Spoofing and the most common way to deal with it is to properly configure an ACL to block traffic from the untrusted network that has a source address which should reside in the trusted network.
