Network-based attacks

Network-based attacks are threats that are launched and controlled from a device or devices other than those under attack. Denial-of-service (DoS) attacks and distributed-denial-of-service (DDoS) attacks are examples of network-based attacks. These attacks use one or more devices to overwhelm the targeted server with so much network traffic or demands for services that the target cannot respond to legitimate requests. Firewalls and intrusion prevention systems (IPSes) are countermeasures to these types of attacks. They use a few different techniques to detect and inhibit attacks. Some work by detecting patterns in network traffic indicative of an attack. These are analogous to using virus signatures in antivirus software; a large number of TCP connection requests, for example, can indicate an attack known as SYN Flooding, a crude but sometimes effective DoS attack.

IPSes can also use statistical techniques to analyze typical patterns of system use on a server or a network. These patterns are then used as a baseline for comparing with ongoing system use; any significant deviation for the baseline could indicate an attack. Complementing statistical technique are rule-based approaches that use heuristics, or rules of thumb, for detecting anomalies in system activity.

Figure 3.2: In a DDoS attack, multiple devices (red) flood a server with requests, overwhelming the server and blocking legitimate users (green).

How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

BROWSE BY TAG Malware, Viruses, Trojans and Spyware,   Information Security Threats,   Application and Platform Security,   Application Attacks (Buffer Overflows, Cross-Site Scripting),   Network Intrusion Prevention (IPS),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Malware, Viruses, Trojans and Spyware How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises PCI compliance requirement 5: Antivirus Hacker attack techniques and tactics: Understanding hacking strategies Rootkit Hunter demo: Detect and remove Linux rootkits Botnet threats and countermeasures Conficker worm much smaller than feared Application Attacks (Buffer Overflows, Cross-Site Scripting) PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw How to detect input validation errors and vulnerabilities Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Network Intrusion Prevention (IPS) Lesson 1 quiz: Risky business Hacker attack techniques and tactics: Understanding hacking strategies SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security What are the best practices for IPS implementation? Host-based intrusion prevention addresses server, desktop security Intrusion detection vs. intrusion prevention IBM announcements mark two years of ISS marriage Network Intrusion Prevention (IPS) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary