[Marvin Hugley] (Day/Day 0:00 – 0:00)
[Sec 200 [Intro To Security
Instructor: Q Miller
10/21/15
System Attack
Security in this day in age is very important. Almost everyone is being attacked. There is the Target attack that affected millions of Americans. There is also the Tmobile attack that recently happened. It affected 15 million Americans. In this paper today I will be talking about the different Network Security Attacks that you might just face. According to nextgov.com The Pentagon gets 10 million attack attempts a day and The National Nuclear Security Administration, an arm of the Energy Department, also records 10 million hacks a day. Im going to tell you the top five network attacks. Number one DOS Denial Of Service Attack A denial of service (DOS) attack attempts to make a resource, such as a web server, unavailable to users. These attacks are the most common attacks out there. Our hands on with Java is a prime example of a Denial Service Attack. Andrew, Jeremy and Tom decided to attack me. My CPU usage spiked and I couldn’t do anything on the internet. Such as check my email or log into web class. Number two is a Brute Force Attack . A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. You can think of a brute force attack as a key cracker. Number three is browser attacks . Browser-based attacks target end users who are browsing the internet. The attacks may encourage them to unwittingly download malware disguised as a fake software update or application. Internet Explorer use to be the number one browser to attack for a very long time. But now hackers are going after Safari. Number four is shellshock attacks. A shellshock attack is a security bug that is found in Linux. It is used in the bash prompt command line. Number five SSL attacks SSL Secure Socket Layer. A SSL attack will SSL attacks aim to intercept data that is sent over an encrypted connection. A successful attack enables access to the unencrypted information. There is a attack called Eavesdropping . Eavesdropping allows an attacker who has gained access to data paths in your network to “listen in” or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.
You have sniffer attacks which is a application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. You have phishing attacks the Nigerians are really good at this. A phishing attack will look just like that site almost an exact replica but it’s really not the site. I have been phished once on Craigslist. Phishing attack – this type of attack use social engineering techniques to steal confidential information – the most common purpose of such attack targets victim’s banking account details and credentials. Phishing attacks tend to use schemes involving spoofed emails send to users that lead them to malware infected websites designed to appear as real on-line banking websites. Emails received by users in most cases will look authentic sent from sources known to the user (very often with appropriate company logo and localised information) – those emails will contain a direct request to verify some account information, credentials or credit card numbers by following the provided link and confirming the information on-line. The request will be accompanied by a threat that the account may become disabled or suspended if the mentioned details are not being verified by the user. There are a lot of attacks out there , but you can avoid them by paying close attention and looking at all the signs.
References
http://www.nextgov.com/cybersecurity/2013/03/how-many-cyberattacks-hit-united-states-last-year/61775/
http://www.calyptix.com/top-threats/top-7-network-attack-types-in-2015-so-far/
https://technet.microsoft.com/en-us/library/cc959354.aspx
http://www.symantec.com/connect/articles/security-11-part-3-various-types-network-attacks
