Types of attacks that may be applied to a network
and the aims each type.
Denial of Service DOS
What is Denial of Service?
A DOS attack is a type of attack that stops a user from
accessing a service. This is because the attacker will send an excessive amount
of requests to the server or network that needs authentication. When trying to
return to ask for authentication the server will not be able to find the
attackers address, so the connection will be open for longer, taking processing
power. When it drops the request the attacker sends another one.
Another type of attack is a DDOS attack, this is a
distributed denial of service. The way it works is almost the same as a DOS
attack however, more machines are involved, usually bots. Instead of having one
request at a time a DDOS will have multiple machines sending requests at the
What is the aim of a DOS or DDOS attack?
An attacker would use a DOS or DDOS attack to ground the
network to a halt. They often want to extort money to gain financially. By
threatening an attack, they hope that companies would pay to avoid the
disruption. When a DOS attack occurs, it is impossible for the network to run
and so without the ransom that is been asked possible it costs the company for
A computer virus is much like a biological one. An attacker
will write a piece of code which can self-replicate to infect a specific
network or server. A virus can do different things depending on the code, for
example it can destroy data or corrupt a system. A virus is usually found on an
infected website or external device such as a USB stick. A virus needs human
interaction before been able to self-replicate. This could be opening an email
or downloading an executable file. Once the virus has got on to a machine it
can spread across the network. Viruses can start to replicate at any time, some
start immediately, whilst others are dormant for however long the attacker
wants. Some can stay dormant for 5 years before executed.
Worms are very similar to viruses for what damage they cause
however, they do not need human interaction to start replicating. Worms are a
specific type of malware that replicates itself to spread to other parts of the
network. Worms are only designed to replicate themselves, they usually don’t do
anything more. If they do they are referred to as ‘payload’. An example of a
payload worm is the Morris worm. This was the first worm that led to the
created to be convicted of a felony. Usually when a worm is replicating it asks
the computer if one is already been created, if the answer was ‘yes’ the worm wouldn’t
replicate this however, Mr Morris decided that in his code the worm would
replicate itself even if the answer was yes. The replication of the worm was so
rapid that it became out of control costing the infected infrastructure.
A Trojan or Trojan horse is another type of virus that can
be used in infect a network. It is usually masked by legitimate software. Hackers
will get a user to download the software using social engineering. One the file
is executed the trojan will start to infect that machine finding weaknesses
within the network. Typical actions of a trojan would be deleting, blocking,
editing, copying data this effects the performance of the network. There are
several different types of trojans. These are defined by what the do. For example,
A rootkit used to try and hide the malicious software that
has been installed. It helps the malicious software to infect the machine/
network undetected. The malicious software will then do what it has been coded
to do such as delete specific files from a specific location.
Spyware is another type of malware that is used by hackers
to access personal information about the computers owner. The most common types
of spyware will log a user’s internet history, usernames and passwords as well as
credit card information. When spyware was first created its purpose was for the
marketing and licensing as it was a report that told the owner of the spyware
when a user had used their application. Spyware is still used today but usually
for more malicious intentions.
For example, hackers may want spyware to be installed for fraudulent
reasons such as credit card information. They would use a type of spyware
called a keylogger, this logs every keystroke pressed by the user. They will
often have also logged all websites visited so they can see what passwords and
credit information has been used. This information is usually used by the
hacker or sold to the highest bidder on the dark web.
Adware is a type of malware that causes unwanted pop-ups of advertisements.
Adware however, can be legit. Most free software have advertisements but if you
pay for it and are provided with a licence key the ads are removed. There are
two types of software however the dynamic functioning ads also have spyware
within them. This means that it can see you recent searches and relate the advertisements.
For example if you have recently been looking at a product with different
online retailers you may find when searching for something completely unrelated
at a later time there are ads relating the products that you viewed earlier.
Sources of attack
Attacks coming internally are becoming more prevalent. Internal
sources of attack could be an employee purposely wanting to cause damage to the
network or and employee that has accidently opened an email or has malware on
an external device.
There is always a risk when you have a web server that it
will be targeted for attackers to send spam email. Span makes up a large
proportion of all network traffic worldwide. There are different ways that can
be used to secure your network from attackers.
MIME = Multi-purpose Internet Mail Extensions
MIME is an internet, email protocol
This is a method used to protect emails however, it can be
used on anything that supports MIME data. It encrypts data from the email when
it is sent and can decrypt the mail that is been received.