Security attacks on information systems occur all the time and pertain to every aspect of the attacked system. In other words the attacks are directed against all components of a system. The attackers look for the weakest links in each component and using various tools exploit the potential vulnerabilities. The first step in establishing a secure information system is to consider the potential threats and the corresponding attacks. Next, the risk or the probability of a threat to cause damage to an asset should be evaluated. Once the threat definition and risk analysis are performed, the appropriate solution of defense can be devised.
In this paper, we will focus on typical attacks in the Internet affecting confidentiality, integrity and availability. Read through Session 5 Lecture Notes, and become familiar with the issues of vulnerabilities. attacks and countermeasures at different layers. We will focus on typical attacks in the Internet affecting confidentiality, integrity and availability mainly on the lower four layers: Layer 1, Physical; Layer 2, Data Link; Layer 3, Network; and Layer 4, Transport. For example, in the link layer, there is ARP spoofing and man-in-the-middle attacks. In the IP layer, there is packet sniffing. In the transport layer, there is the SYN flood attack causing Denial of Service.
- Your boss is asking each engineer from all departments to come up with the one or two sources of network threats and attacks you consider the most critical and why (mainly on the lower four layers: Layer 1, Physical; Layer 2, Data Link; Layer 3, Network; and Layer 4, Transport). He wants you to be able to fit your thoughts on an index card. He does not care if the same problem is addressed from several points of view or if you address a very specific “threat of the day” or one from the past that could come back. You are also asked to have an opinion about the potential risks of such threats and attacks.
Hint: Pick one layer and describe typical attacks in that layer and the controls that are employed in the layer to minimize the attack or vulnerability that leads to the attack. Be as complete as possible and cite your reference materials in your response. You may create a new topic for your response or respond to someone’s topics expanding upon it or challenging it. We have not talked much about the physical layer. In physical layer, for example, an attacker can cut a cable or jam a wireless signal affecting availability or wiretap affecting confidentiality. You need to dig up sources on the physical layer security.
Due June 19th
- Arora, H. (2012). TCP/IP Attacks – ARP Cache Poisoning Fundamentals Explained. Retrieved from http://www.thegeekstuff.com/2012/01/arp-cache-poisoning.
- Veracode. (n.d.). Spoofing Attack: IP, DNS & ARP. Retrieved from: http://www.veracode.com/security/spoofing-attack.
- Kapoor. K. (n.d.). Session Hijacking Exploiting TCP, UDP and HTTP Sessions. Retrieved from: http://www.infosecwriters.com/text_resources/pdf/SKapoor_SessionHijacking.pdf
Man-in-the-Middle (MITM) Attacks
OWASP. (Last Update: 2015). . Man-in-the-Middle Attack. Retrieved from: https://www.owasp.org/index.php/Man-in-the-middle_attack
Orange, L. (2014). Top Four Best Practices to Avoid Man-in-the-Middle Attacks. Retrieved from: https://blogs.forcepoint.com/insights/top-four-best-practices-avoid-man-middle-attacks
- PluralSight. (2009). The PING of Death and Other DoS Network Attacks.Retrieved from: https://www.pluralsight.com/blog/it-ops/ping-of-death-and-dos-attacks.