Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

pdf

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

DOI: http://dx.doi.org/10.26483/ijarcs.v8i8.4641 ISSN No.

0976-5697
Volume 8, No.8, September-October 2017
International Journal of Advanced Research in Computer Science
RESEARCH PAPER
Available Online at www.ijarcs.info
NETWORK THREATS, ATTACKS AND SECURITY MEASURES: A REVIEW
Ruzaina Khan Mohammad Hasan
M.Tech (CSE) Research Scholar
Department of Computer Science and Engineering Department of Agricultural Economics and Business
Jamia Hamdard Management, AMU
Delhi, India Aligarh, India

Abstract: Network security has become vital for securing sensitive and confidential information of organizations which is being
shared and transferred across global networks. Various studies have explored different aspects of network security and have listed
common threats and attacks that have been damaging the networks globally. The methodology adopted in this paper is a review of
papers with keywords network security, network attacks and threats and network security measures. The aim of this paper is to
critically review the studies on networking security, categorizing various attacks and threats and measures that need to be
implemented for protection. The paper also describes various concepts related to security including network security,
cryptography and encryption.
Keywords: Network security, Information security, Cryptography, Network threats and attacks, Network security measures

I. INTRODUCTION transfer data for useful purposes. With increased cybercrime


and hacking, the organizational networks have come under
Recent advancements in the field of information and great security threat. Therefore, knowledge, awareness and
technology and competitiveness on real time data have led training is essential for securing the information [3].
to an increase in the transmission of data and information
globally. As a result the organizations have become more IV. NETWORK SECURITY
vulnerable to network threats and attacks and are facing
invasions in information security and computer networks [1] Network security is a vital component of information
as the sources of bypassing and breaking through security technology and can be categorized into four major areas
have increased. The sensitive information being transmitted including secrecy, authentication, nonrepudiation and
within the network can easily be accessed by an integrity control [5]. It is a concept of securing and
unauthorized user for malicious purposes [2]. The protecting network and data transmission from unauthorized
organizations have been facing interruption, interception, users who can use the information for malicious purposes. It
modification and fabrication [3] of their sensitive data from focuses on securing variety of networks including both
unauthorized sources which break into their security codes. public and private transactions and communications among
As a result, the information security has become an businesses, government institutions and individuals [2].
extremely important aspect in ensuring safe and secured Network security has become a major component in the
transmission of data through global networks [4]. organization structure because the information maintained
passes through large number of systems and devices such as
II. SECURITY computers and routers and becomes very vulnerable to
threats and attacks [6]
Security has been described as a secure environment which
is free from danger posed by adversaries who can afflict V. CRYPTOGRAPHY
harm both intentionally or accidently. Data security has
become of the major challenges for business organizations Cryptography is the art of coding the information in such a
including securing communication channel, encryption way that it becomes difficult for an unauthorized person to
techniques and maintaining the databases. With recent capture, disclose or transfer it. It is a science of writing
advances in technology the networks are no longer safe from secret code by constructing and managing protocol in order
attackers and any unprotected system can easily be breached to block the adversaries. It is a vital component of computer
from unauthorized sources with an intention to steal and communication network and an emerging technology
information for malicious purposes. A successful which protects the information from eavesdropping. The
organization needs to implement six kinds of layers of process of securing the information is known as encryption
securities namely physical, personal, operational, and a secret or disguised way of writing a code is known as
communication, network and information[2]. a cipher. The encrypted information can be transferred back
to its original form by an authorized user who has the
III. INFORMATION SYSTEMS cryptographic key. Different kinds of ciphers have been
used for encryption namely traditional and modern
Information system is a combination of hardware and symmetric key ciphers. Traditional ciphers include
software components which enable personnel working substitution and transposition ciphers and DES (Data
within as well as outside an organization to share and Encryption Standard) and AES (Advanced Encryption

© 2015-19, IJARCS All Rights Reserved 116


Ruzaina Khanet al, International Journal of Advanced Research in Computer Science, 8 (8), Sept–Oct 2017,116-120

Standard) come under the category of modern symmetric VII. TYPES OF THREATS
key ciphers[3], [5], [7].
Network security is highly threatened by the presence of
VI. ENCRYPTION various threats and attacks that can lead to disclosure of
sensitive and confidential information. The basic difference
There are two types of encryptions: symmetric and between a threat and an attack is that while threat is a
asymmetric in nature. Symmetric encryptions use single key presence of a constant danger to the integrity of information,
for encrypting as well as decrypting the code while an attack is an actual act of breaching the security of the
Asymmetric encryptions work with two keys, public and network.
private for encrypting and decrypting respectively [7].
Below are the top 10 threats which have affected Small and
Medium Enterprises Data security. The following table
summarizes the details of important threats.
Table 1: Network Threats

Threats Description Security measures


Insider attacks The insider is a part of the organization that has Implementing dual control principle helps more
full access and authorization of the network than one person to control login credentials for
system. The insider can be of malicious or organization’s servers.
accidental nature and can be a threat to
organization’s confidentiality and integrity.
Lack of Many organizations suffer due to lack of Developing sound information assurance
contingency planning for situations involving bad data methodologies helps develop personalized
failure. As a result they do not have a backup policies benchmarked from other organizations.
system for restoring the lost data.
Poor Many organizations with lack of funds and Automated vulnerability audit scan is a method
configuration experience often install networking gear without which performs check of the entire network and
leading to having skilled personnel to handle them. must be conducted at regular basis.
compromise
Reckless use of Many attackers leave a key logger to access Forbidding turning off defenses through certain
hotel networks passwords and credential information from anti-virus solutions which are configured in
and kiosks personal devices connected in an infected hotel such a way that they cannot be turned off
network that are not much protected enough without proper authorization.
counter such attacks.
Reckless use of Similar to key logger in hotel networks, the Using encrypting connections which can be
Wi-Fi hotspots attackers put up an unsecured Wi-Fi network to connected via Virtual Private Networks and
capture secured information such as username encrypts the communication streams preventing
and passwords of employees without making eavesdroppers to listen to the data wirelessly.
them aware of any threat to their computer.
Data lost on It is a common problem with most of the users Centralized management of mobile devices
portable device who accidently leave their storage devices such through servers and software such as RIM’s
as mobile phones, pen drives or USB stick in Blackberry Enterprise Server help the
hotel rooms, taxis or trains making it easily organization ensure encrypted transmissions
available for attackers to retrieve sensitive and are capable of remotely wiping out data of
information. lost devices.
Web server Poorly written customer application on websites Auditing web app code is a measure which
compromise have made easier for the attackers to penetrate helps the users identify whether the developed
thousands of servers with automated SQL code has been performing proper input
injection attacks. validation or not.
Reckless web Various spams, Trojans and viruses penetrate Web content filtering such as WatchGuard’s
surfing by into the organization’s network systems when WebBlocker which maintains updated URL of
employees the employees surf websites other than related blocked websites
to their business and end up getting victimized
by pool of malware.
Malicious HTML This is a common email attack which links the Implementation of outbound web proxy which
email user to a malicious website and triggers a drive- includes setting up of LAN system redirecting
by download by a single click. all HTTP requests and responses to a web proxy
server which monitors all the web traffic.
Automated Such kind of attacks affect the SMEs who are 1. Investing in patch management which
exploit of a not able to install Windows patches within the maintains the network up to date by
known same month their release and later on fall prey scanning the systems and identifying
vulnerability to attacks in the form of malicious patches. missing patches and software updates

© 2015-19, IJARCS All Rights Reserved 117


Ruzaina Khanet al, International Journal of Advanced Research in Computer Science, 8 (8), Sept–Oct 2017,116-120

2. Building an inexpensive test network


which helps the organization to simulate a
patch by installing it into a test system and
studying its behavior.
Source: [8], [9]

VIII. TYPES OF ATTACKS encryption techniques to prevent these kinds of attacks


rather than inventing techniques to detect them.
The networking attacks can be grouped into two major
categories namely passive attacks and active attacks. B. Active attacks
Detailed description of both kinds of attacks is given below.
In active attacks, the attacker tries to circumvent or break
A. Passive attacks into protected systems in the on-going communication
networks. Such kind of attacks includes breaking into
In passive attacks the attacker eavesdrops or monitors the secured features, injecting a malicious code and stealing or
data transmitted to find the content of data transmitted or to modifying sensitive information[10]. In these kinds of
analyse the nature of communication. Such attacks analyse attacks the data transmitted can be altered by the attacker or
traffics, monitors unprotected communications, decrypts the whole data stream can be changed. Active attacks can be
weakly encrypted data and captures authentic information detected but these are difficult to prevent. Various error
such as passwords. Such attacks can lead to disclosure of detection and correction techniques are used at various
sensitive information without the knowledge or consent of network layers to acquire a safe data transmission. Active
the user [10]. These attacks are hard to detect as there is no attacks can take place in four ways: Masquerading, Replay,
loss and alteration of data. Therefore there are various and Modificationof message and Denial of Service.
Networking attacks that have been damagingcompanies
globally are listed below:
Table 2: Network Attacks

Network Attacks Percentage Description


Browser 36% In these kinds of attacks the hackers add scripts without altering website’s
appearance which may lead the user to another website and may cause
programs of malicious nature to be downloaded to the system. The attacker
can then control the user’s system remotely capturing personal information
such as credit card and banking details to perform identity theft.
Brute Force 19% It is a guessing technique of decoding password and pin number through
trial and error basis. The attackers use automated software to guess
thousands of combination of passwords. Locking account after failed
multiple login attempts is one of the ways to prevent such attacks.
Denial of service 16% These kinds of attacks block the user’s access to a particular network to
prevent them from retrieving information and services. The attacker creates
an overloading traffic through malicious bot to a targeted IP address and
floods network with more requests than the server can process.
SSL 11% It is a kind of attack in which the attacker interrupts the data before its
encryption and hence gets access to sensitive information of the system.
Scan 3% It is a kind of application software which tries to retrieve information
regarding open ports in server or host. They are combination of hostile
searches which an attacker uses in order to gain access to a computer.
DNS 3% It is an attack which redirects the network traffic to another system which is
being controlled by the attacker. This attack corrupts the DNS server by
introducing data into a domain name system cache to return an incorrect IP
address.
Backdoor 3% Such attacks bypass the intrusion detection systems and allow the hackers
to access the information remotely. Many strategies may be adopted in
backdoor attacks such as port-binding, connect back and connect
availability.
Others 9% The other attacks constitute to around 9% of the total attacks and may
include all attacks which may be of small in nature but have significant
impact on the security of network systems.

Source: [11]–[14]

© 2015-19, IJARCS All Rights Reserved 118


Ruzaina Khanet al, International Journal of Advanced Research in Computer Science, 8 (8), Sept–Oct 2017,116-120

Various attacks have been listed by [1] in their paper which IX. SECURITY MEASURES
includes e-mail containing virus, network virus, web-based
virus, attack on the server , service rejection attacks and A. Firewalls
network user attacks. They have mentioned that the major
problem faced by the IT infrastructure is the vulnerability of A firewall can be defined as a device which may be a
computer networks and such problems arise mainly due to computer or router acting between the internet and the
faulty implementation and design of information system organization network. Firewall lets only those packets to be
including security procedures and controls. Another kind of transmitted through it into an organization’s internal
security threat named insider attack which is being networkwhich fulfils its perimeters configured by the
mentioned by [8], [9], is capable of causing irreparable firewall administrator to be a safe data packet and filters the
damage to the activities and reputation of the organization. other packets. Firewall acts at network, transport and
application layers. Packet –filter firewall acts at network and
There are other kinds of networks attacks which pose transport layer and proxy firewall acts on the application
serious threat to the confidentiality of the organization. layer.Firewall checks the traffic according to the specific
Some these attacks are listed below: rules it has been configured for but there may be chances
when the attacker can portray the harmful data to have
A. Phishing attacks perimeters which firewall finds safe to be transmitted
through it.
These kinds of attackers pretend to be as trustworthy
persons with an intention to capture sensitive information
through fraud email and messages [15]. They often create a B. Antivirus Systems
fake website such as SBI bank or PayPal and try to trick the
users by getting them click on a link and later on record their These systems are used to detect and eradicate malware
personal information including username and password [6], from our systems. The antivirus system should be kept
[10]. Such kind of attacks take as much as 9 to 10 days to updated with the latest updates so that it would be easy for it
resolve [16]. to scan the latest virus signatures. Sometimes an antivirus
system is not able to detect the infected file if it is encrypted
B. Close in attacks/Social Engineering or zipped.

Known as bugs in the human hardware [12], these attacks C. Intrusion detection systems
involve physical interaction with the network, systems and
components for getting unauthorized access to the It is a network monitoring device or software application
information. The attackers establish social interaction with which keeps track of any malicious actions and policy
the victims through e-mail, messages or phone and tricking desecrations and if found it immediately reports about the
the latter to reveal personal information regarding the intrusion to the administrator.They are a set of programs
security of the system [6], [10]. The attackers try to exploit which help detect intrusions and save the system from
the emotional response of the victim who falls for their trust getting affected. There are two kinds of intrusion detection
revealing to them their username, passwords and email systems, namely Anomaly Intrusion Detection and Misuse
address [15]. These kind of attacks also take around 9 to 10 Detection or Signature Based IDS. The Anomaly Intrusion
days for getting resolved [16]. Detection system includes neutral networks and prediction
pattern generation, while the Misuse Detection or Signature
C. Viruses Worms and Trojans Based IDS includes state transition tables, pattern matching,
genetic algorithms, fuzzy logic, immune systems, and
Virus are programs that are written in order to alter the Bayesian method and decision tree[17]. These systems may
working of the victim’s computer without its permission and be Host –based IDS or Network –based IDS.The system
authorization [15]. There are three ways in which a virus can matches the traffic with the attack pattern and if match is
enter an organization’s system. Firstly, E-mail containing detected it gives the alarm to the administrator. However,
viruses which can infect system’s email and spread the attacker may be clever enough to change the signature of
throughout the organization. Secondly, Network viruses the malicious traffic which the IDS fail to detect.
which breach the system through unprotected ports and can
affect the entire network. Thirdly, Web based viruses that X. CONCLUSION
infect the system which visit their web page and also affects
other internal network systems[1]. Globally expanding information networks have become
vulnerable to emerging threats and attacks from malicious
D. Hijack sources and pose a serious challenge for business and create
research gaps for scholars. Researching and developing
This is a kind of an attack in which the hacker intercepts or counter measures is a dire need for the organizations to
takes over session between the user and another system and protect their sensitive data from getting infected from
finally disconnects the later from the communication. The unauthorized sources. Network security has now become an
user remains under the impression that system is still integral part of organization’s confidentiality as it prevents
connected and may send sensitive and confidential unauthorized users from accessing the network systems,
information to the hacker by accident [6], [10]. ensures safe transferring of sensitive data and provides a
robust system of warning against alarm and fixing issues in

© 2015-19, IJARCS All Rights Reserved 119


Ruzaina Khanet al, International Journal of Advanced Research in Computer Science, 8 (8), Sept–Oct 2017,116-120

case of security breach. This study provides a description of [7] S. Tayal, N. Gupta, P. Gupta, D. Goyal, and M. Goyal, “a
various kinds of threats and attacks on network systems and Review Paper on Ad Hoc Network Security,” Comput.
the common counter measures to mitigate the situation. Sci. Secur., vol. 1, no. 1, pp. 52–69, 2007.
Further studies can be conducted on organizations mapping [8] P. Scott, “Top 10 Threats to SME Data Security,” 2008.
[9] J. R. C. Nurse et al., “Understanding insider threat: A
the degree of damage they receive as a consequence of framework for characterising attacks,” Proc. - IEEE Symp.
becoming victims of such attacks. Case studies on network Secur. Priv., pp. 214–228, 2014.
organizations can also be conducted to understand the grey [10] M. S. Gaigole, S. Kamaltai, and M. A. Kalyankar, “The
areas of networking security and aspects which needs to be Study of Network Security with Its Penetrating Attacks
addressed. and Possible Security Mechanisms,” Int. J. Comput. Sci.
Mob. Comput., vol. 45, no. 5, pp. 728–735, 2015.
XI. REFERENCES [11] Calyptix, “Top 7 Network Attack Types In 2016,”
Calyptix Blog. 2016.
[1] F. S. Roozbahani and R. Azad, “Security Solutions against [12] C. Manimegalai and A. Sumithra, “An Overview of
Computer Networks Threats,” Int. J, pp. 2576–2581, Attacks in the Network Security System,” Int. J. Adv. Res.
2015. Comput. Sci. Softw. Eng., vol. 5, no. 10, pp. 816–819,
[2] S. Kaushik and A. Singhal, “Network Security Using 2015.
Cryptographic Techniques,” Int. J. Adv. Res. Comput. [13] D. O. of T. C. I. S. Officer, “Web Browser Attacks,”
Sci. Softw. Eng., vol. 2, no. 12, pp. 2277–128, 2012. Cyber Security Tips, vol. 3, no. 2, pp. 1–2, 2009.
[3] A. Singh, A. Vaish, and P. K. Keserwani, “Information [14] Diwakar Dinkar et al., “McAfee Labs Threats Report,”
Security: Components and Techniques,” Int. J. Adv. Res. 2016.
Comput. Sci. Softw. Eng., vol. 4, no. 1, pp. 2277–128, [15] A. Ahmad, “Type of Security Threats and It’s
2014. Prevention,” Int. J. Comput. Technol. Appl., vol. 3, no. 2,
[4] S. Tayal, N. Gupta, P. Gupta, D. Goyal, and M. Goyal, “A pp. 750–752, 2017.
Review paper on Network Security and Cryptography,” [16] A. Yassir and S. Nayak, “Cybercrime: A threat to
vol. 10, no. 5, pp. 763–770, 2017. Network Security,” IJCSNS Int. J. Comput. Sci. Netw.
[5] M. R. Joshi and R. Avinash Karkade, “Network Security Secur., vol. 12, no. 2, 2012.
with Cryptography,” Int. J. Comput. Sci. Mob. Comput., [17] M. K. Asif, T. A. Khan, T. A. Taj, U. Naeem, and S.
vol. 41, no. 1, pp. 201–204, 2015. Yakoob, “Network Intrusion Detection and its strategic
[6] P. Golchha, R. Deshmukh, and P. Lunia, “www.ijser.in A importance Network Intrusion Detection and its Strategic
Review on Network Security Threats and Solutions,” Int. Importance,” IEEE Bus. Eng. Ind. Appl. Colloq., pp. 140–
J. Sci. Eng. Res., vol. 3, no. 4, pp. 3–5, 2014. 144, 2013.

© 2015-19, IJARCS All Rights Reserved 120

You might also like