Network Security
Methods for creating network security
Access control, antivirus, software security, traffic analysis analysis, secure backup information, firewalls
Types of DOS attacks
SYN Flood,Smurf Attack,Ping Flood,Teardrop,DDoS
Types of Network Attacks
Port Scanne, Man in The Middle
,Arp Poisoning or Arp Spoofing,Denial-of-service attack
Types of Network Attacks
Port Scanner
A software that sends successive requests from a client to the server to identify active ports. This is usually done by network administrators to find server open ports. Hackers, with the help of this tool, are able to identify the services provided by this server with respect to open ports and, based on this information, design their attack process.
Man in The Middle
Midnight Attack (MITM) is one of the most dangerous attacks on computer networks. The attack’s structure is such that the attacker uses communication methods such as Arp Poisoning to interact with each other and begin to hedge, manipulate, and aggregate information without knowing the parties.
Arp Poisoning or Arp Spoofing
As you know, the task of the Arp protocol is to convert an Ip to a Mac. Hackers use this protocol to create a fake GArp packet and introduce the Ip Address Gateway to the network with their Mac, and network systems update their Arp Table based on this package, and hence traffic The attacker sends off the network to the attacker, and the attacker sends the traffic to the main gateway after the MITM (MITM) to prevent the attack from users and managers.
Denial-of-service attack
A series of actions that are used to suspend or permanently suspend or suspend a network-connected host are called DOS attacks. DOS attacks usually target sites or web server hosting with appropriate features like banks, credit cards, and even root servers. In this type of hacker attack, the hacker speeds up the server by using many methods such as flooding requests and excessive use of resources (CPU, database, bandwidth, etc.), and even this may result in server failure. The purpose of these attacks is to prevent or stop the normal functioning of a website, server, or other network resources.
Types of DOS attacks
SYN Flood
In the tcpip protocol, a TcpSyn packet is sent to the server first to communicate between the two network members (the client and server), and as soon as the server receives this code, the client will notice that the client intends to communicate if the server confirms this connection. , Sends a Syn / Ack packet, and this code is meant for the client to accept communication from the server, and the client also sends an Ack packet to the server to connect it, hence the hackers are using this mechanism and using ip Fake sends multiple requests, and at the end does not provide the server response to close the session, There is a lot of fog, and given the fact that the server is capable of answering a limited number of connections, it is no longer able to respond to other clients.
Smurf Attack
In this type of attack, ip spoofing and icmp protocols are used. In this type of attack, with the ip spoofing tactic, the hacker fake the victim’s ip and uses the ping command to start generating the traffic of the Icmp echo to the Broadcast destination, resulting in a large number of ICMP Reply traffic for the victim, resulting in an increase in this traffic. The server is unable to respond and may even crash.
Ping Flood
In this type of attack, the ICMP protocol is used. In the ping flood attack, as it is known, it is attacked by the computer’s ping command. In this way, the hacker will overload using a large number of high-volume ping packs. The most common type of attack is the Ping Flood attack that operates under the ICMP protocol and is now known as Ping. Under normal circumstances, the Ping command is used to check the authenticity of the connection between the two computers, but it triggers the Ping Flood attack. To send a huge flood of high-volume packages to the victim’s computer for overloading. You can see the following image. To do this, we can use the following two options in the ping command.
Teardrop
Hackers are exploiting bugs that attack the victim’s network layers and some operating systems, such as Windows 3.1, 95, NT, Linux 2.0.32 and 2.1.63. As you know, when transferring information from one computer to another, packets are identified using offset and sequence numbers, and hackers, by changing the order of packets and offsets, cause the destination computer to encounter and even crash when enclosing packets.
(Distributed Denial of Service (DDoS
DDos attacks can be the most devastating type of Dos attack. This kind of attack is very similar to the ping flood attack, but with the difference that it is used by several computers. In this way, the hacker uses an infected machine as the master device and coordinates the attack on other devices known as zombies.
The attacked service and resources (the first victims) and the computers used in the attack (secondary victim) are called. DDoS attacks are generally more effective in disabling large companies’ sites from DoS attacks.
Methods for creating network security
Access control
Network administrators should have sufficient knowledge of the users and equipment used by the network resources, and using this information and enforcing security policies and controlling the access of users to access network resources from attacking hackers and attackers. So, you can briefly say the Network Access Control (NAC) access control process.
Antivirus
Antivirus software, also known as Virus and Virus and Anti-Malware, is one of the most important tools for fighting against viruses, worms and Trojans, and in general malicious code. The Virus Virus application uses the Signature Matching technique. Identify viruses. This process identifies them according to the nature of the viruses that contain malicious code. Anti-virus software performs three major tasks:
1 Inspection or Discovery 2. Identification or Identification 3. Pollution or purification
Software security
Any software you use for your business should be trusted in security. It is very important that this software is written or purchased by your IT staff! Unfortunately, any program you create may have security holes that will open the way for attackers to infiltrate. Software security includes hardware, software and processes to close security holes
Traffic behavior analysis
Traffic analysis by the security team can be one of the appropriate methods for network security and detection of abnormal behavior in the network.
Secure backup information
In the past, Data Loss Prevention was an important topic, but today, new data backup technologies provide us with the ability to back up our organization’s information and to use it with cryptographic methods from the hands of profiteers. We reserve the right to.
Firewalls
A firewall is a wall. We control exchange traffic between our trusted network and untrusted outside networks, such as the Internet, which uses a set of rules. Firewall is one of the most important security layers of computer networks whose lack of it triggers Hackers and spoilers can work without having to restrict access to the network.