Cyber Threats - Assignment Example

? Cyber threats Number: Lecturer: Introduction With cybercrime becoming a threat to many organizations, there are many threats that have been recognized and pose to be a threat to the normal operations of an organization. There are various types of attacks that have been recognized. This paper will focus on the threats that are normally found to be common on the internet and suggest the possible mitigation strategies that can be applied. ARP poisoning Address Resolution Protocol spoofing, also referred to as ARP flooding, or ARP poisoning/ARP poison routing is a mechanism that is employed when one wants to attack an Ethernet wireless or wired network. This technique may allow the attacker to undertake packet sniffing. In case of email, the attacker will sniff the traffic sent by one host to another host ion the network (Tan & Ruighaver 2005). In the normal operations of ARP, there will be broadcasting of host IP address and MAC addresses. When some host wants to send some information to a certain host, it will send a broadcast asking who has a certain IP address. The host with the respective IP address will reply to the request and will do so with the correct IP address and the MAC address. This communication happens with a lot of gullibility (Salomon &Cassat 2003). This is because, ARP does not have authentication. The reply and the host which replies that it has the said IP address and MAC address will not be authenticated. In ARP communication, there is no authentication of the hosts. The host replying will be taken to be correct. ARP does not have a mechanism of correcting the information that it gets from the hosts which are communicating in the network (Salomon & Cassat 2003). Since there is no authentication of the ARP requests and replies, the attacker will insert a wrong IP address to a computer cache. The ARP request will then be fed with the wrong IP address. This is called ARP poisoning, that is the ARP table has been poisoned with wrong information. The attacker manages to lie to the machines and to the people in the network (Russell & Gangemi 2011). What these attacks do is that they will get what is taking place with the two parties. When the parties communicate, the attacker will get the packets and get the email password of either parties or even both parties. They can then use the passwords to undertake attacks (Peltier 2005). The possibility for an IP address to be associated with any given MAC address is another loophole for attacks. They are able to undertake many forms of attacks to the unsuspecting users and hosts in the network. In this state, other forms of network attack can be experienced. Other common forms of attacks that can be experienced include man-in-the-middle attacks, MAC flooding, and denial of service attacks (Orebaugh, Ramirez & Beale 2007). Man-in-the-middle attacks This is an attack which is common in local area networks. This attack is a form of active and aggressive eavesdropping where the attacker will create independent connections between the parties communicating so that the attacker will feign either parties communicating. In the end, the parties communicating will think that they are having a private communication and yet in the real sense, the communication is being controlled by eth attacker (Neumann 2006). A hacker can make use of ARP spoofing/poisoning to attack the communication between communicating parties. This can sim0ply be undertaken by having the attacker sending ARP reply to a router. The router could be communicating with computer A. The router will send information regarding its IP address and the MAC address thinking that the requesting agent is computer A. After getting this information, the attacker will also send an ARP replies to machine A. Machine A will respond to the reply thinking that the machine is a router. It will then send information to the attacker. After getting the IP and MAC address, the attacker will then use the operating system characteristic that is referred to as IT forwarding. This feature will enable the attacker to forward any information to the hosts in the network (Matt 2003). MAC flooding MAC flooding is ARP cache poisoning technique that is targeted at switches. There is a difference between switches and hubs. Switches send network packets to particular host that was meant to get the information. Hubs just rebroadcast all the information and traffic they get. They do not have a mechanism which will enable them to check where the traffic is headed. There are some switches which go to hub mode when they become overloaded. Hackers will take advantage of this by ensuring that traffic is overloaded to the switch so that they get access to the traffic and therefore be able to packet sniff the network. This is possible when the switch is in the hub mode (Lindup 2006). Denial of service attack A hacker can maliciously associate an IP address which is very important to a MAC address which is false. An example is that a hacker can send an ARP reply by associating the IP address of the router to a MAC address that ha nor relation or association with any host. With this, the computers in the network will be thinking that they know the default gateway and will be sending packets to this false gateway. In other words they will be sending packets to the wrong “router”. The email which is purportedly sent in a network will then be sent to the wrong destination. The email details will therefore be disclosed to the wrong people. This is how denial of service attacks takes place (Layton 2007). Mitigation strategies There are mitigation strategies that are used to eradicate the risks that are associated with email communications. For spoofing and ARP poisoning, one way on which this can be mitigated is by using IP addresses which are static. Also the network administrator should make use of ARP tables which are static. By exploiting CLI commands in UNIX and windows operating systems, the network administrator will have an understanding of all IP addresses that are found in the organization's network. These commands include such commands like ipconfig/all in Windows and ifconfig in UNIX, the network administrator will get all address of hosts ion the network (Baskerville 2008). For the large networks, the network administrator will be required to have port security features that are available for the switch. Switches should be protected with this approach. One example of a port security feature is to have one MAC address to be associated with each of the physical ports of the switch. This will prevent the attackers from changing the MAC address of their machines. This way, switch security features will have been eradicated as the attackers will not have a chance to change the MAC addresses. The issue of spoofing will also be eradicated with this move. This is because it will be hard for attackers to change the MAC addresses of the computers which are being used (Badenhorst & Ellof 2007). Another mitigation strategy is to have ARP monitoring tool installed in the network. It is important to have network administrators understand what ARP tool will do. With the use of this tool, attacks from ARP poisoning will be avoided. It will make it easier to safeguard the security and the operation of the switches because ARP reporting and replies will be protected (Angell 2007). To prevent phishing and other email security vulnerabilities, organizations should install enterprise level security software in the network. It is advisable that this security software be able to check messages which are going out of the network and also those that are coming into the network. This will prevent messages from transmitting spam from networks that have been compromised (Aceituno 2005). Also, users should be advised to change passwords frequently. This will prevent attackers from using brute force attack and, therefore, making it easier to guess passwords that are used by staff. Users should also be advised to use passwords that are strong. They should not use dictionary words or any combination of their names. Staff should also be trained about the internet security issues so that they are knowledgeable. Most users are attacked because they are not aware of what is going on. Training should be conducted about the importance of securing their passwords. References Aceituno, V. (2005). On information security paradigms. ISSA Journal , 6 (3), 2-34. Anderson, R. (2001). Security engineering: A guide to building dependable distributed systems. New York: John Wiley and Sons. Angell, I. (2007). Computer security in these uncertain times: The need for a new approach. The Tenth World Conference on Computer Security, Audit and Control, (pp. 34-65). London. Badenhorst, K., & Ellof, J. (2007). Computer secutity methodology: Risk analysis and project definition. Computer and Security , 8 (9), 339-346. Baskerville, R. (2008). Designing information systems security. New York: John Wiley and Sons. Layton, T. (2007). Information security: Design, implementation, measurement, and compliance. Boca Raton, Florida: Auerbach Publications. Lindup, K. (2006). The role of information security and corporate governance. Computers and Security , 54 (15), 447-485. Matt, B. (2003). Computer security: Art and science. New York: Pearson Education, Inc. Neumann, P. (2006). Computer-related risks. New York: Addison-Wesley. Orebaugh, A., Ramirez, G., & Beale, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress. Peltier, T. (2005). Information security policies, procedures, and standards: Guidelines for effective information security management. Boca Raton, Florida: Auerbach publications. Russell, D., & Gangemi, G. (2011). Computer security basics. Sebastopol, CA: O'Reilly and Associates. Salomon, K., & Cassat, P. (2003). Electronic information security: A legal perspective. New York: Lohnes and Albertson. Tan, C., & Ruighaver, A. (2005). A framework for investigating the development of security strategy context in organizations. Conference Proceedings of the 6th Australian Information Warfare and Security Conference: Protecting the Australian Homeland (pp. 216-226). Sydney: Deakin University. Read More