Running head: MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities CIS 341 February 2, 2014 Strayer University

MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities In this paper we will analyze and assess any potential malicious attacks and threats that could be carried out against our clients network, then discuss what might be the conceivable impact of all the identified malicious attacks and threats to the network and the organization. Next, we will interpret and determine what potential vulnerabilities that might exist in the documented network, and then talk about how the potential impact of all the vulnerabilities identified to the network and the organization. A malicious attack on a computer or network is that someone is trying to exploit the vulnerabilities within that system. There are four general types of attacks, which are fabrications, interceptions, interruptions, and modifications. Fabrications could be that the attacker has created some type of deception as to deceive unsuspecting users into divulging sensitive information. Interceptions could involve what we call eavesdropping on transmissions and redirecting them for unwarranted use, meaning they try to listen in on Voice over Internet Protocol (VoIP) or telephone lines, then take and use that information for unlawful purposes. Interruptions is pretty much trying to interrupt the network flow of data by blocking with Denial of Service (DoS) attacks, and finally, modifications, which means the alteration of data within the network transmissions or data in the file servers, email servers, Web and FTP servers, or the Domain Controller servers. Some other known types of malicious attacks are brute-force attacks, dictionary attacks, address spoofing, hijacking, which has a few types, such as man-in-the-middle, browser, and session jacking. We also have Phishing attack, Spear phishing, Pharming, Replay attacks, Masquerade attack, and Social Engineering.

MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

Now, the threats that they can impose on the network could be denial or destruction in that they potentially make our assets or resources unusable or unavailable to some or all users. Another threat is that of alteration, which seeks to tamper with the integrity of the network, thus making unauthorized changes to data on the system intentionally or unintentionally. Lastly, could be the threat of disclosure in that the attacker is able to gain access to private or sensitive information that is stored on network resources, such as the file and web servers or while it is in transit to another network resource. Lets talk about what the potential impact could be to our network from the malicious attacks and threats that we identified already. A significant impact to our email server could be carried out using Phishing or Spear phishing in that they will attempt to carry out identity theft via email or instant message and/or to target a specific sector in our network. Using these types of attacks is to try and gather sensitive information about users or the organization. If any of the information they gathered from gaining access to the network from an attacker, this could result in DoS, alteration or disclosure. Our wireless access point (WAP) could be a target of these attacks, for they could use eavesdropping in which they try to read and capture packets as they are transmitted through the network. Spoofing is another attack on our WAP in that a person, program, or computer is disguising itself as someone else, person, computer, or program. If the WAP is not configured correctly to filter out external traffic with internal addresses, then the attack might be successful. If they use a Brute-Force attack, which is they are trying all the different possible combination of passwords on our network until one is successful and is done by using a software program. If they should succeed with this attack, then they have gained access to our network totally and can access everything.

MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

Hijacking was another that we spoke of, which could result in the attacker taking control of a session between two computers and then masquerade as one of them. The potential impact of this type of attack is that it could get a user to unknowingly go to a Web site in which the user might provide the attacker with private information, such as their password. We move forward now to analyze and assess the potential vulnerabilities in our network. We will discuss each part of the network, from the firewalls, Email server, the Network Intrusion Detection System (IDS), Web and FTP server, the WAP, Server 2008 DCs, File servers, the desktop/laptop computers, and the VoIP telephone system. There are three potential vulnerabilities or weaknesses to networks, which are technology, configuration, and security policy weaknesses. Firewalls are the cornerstone of most computer and network security defenses (Peisert, Bishop, & Marzullo, 2010). Firewalls are very useful in any network, but if the network Administrators do not configure them correctly, they are an open invitation to attackers. If the firewalls have any open ports, rules are set correctly, such as inbound, outbound, connection security to enforce protection for sites, access to file and printer shares. The Firewall would fall into the configuration weakness to a network. Since we have the Email server located in between the firewall, which is the Demilitarized Zone (DMZ), it still is vulnerable to receiving emails that if a user does not recognize the sender, they could potentially download a virus onto the network, which could interrupt services or shut down the entire network. To mitigate this, we need to ensure that SMTP authentication is setup to control user access, limit the number of connections to the server, and employ reverse DNS to fight off bogus mail senders. Another good measure would be to maintain a local IP blacklist to counter specific spammers.

MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

The main purpose of the IDS is to inspect all inbound and outbound traffic network activity to identify any suspicious activity that makes it through the initial firewall and the real vulnerability to this part of the network would be that if it is not configured properly. A Web/FTP server that has unnecessary protocols, open ports, providing configuration information in banners can lead to Profiling or host enumeration, where the attacker attempts to gather information about the Web site. To mitigate this, we would need to block all unnecessary ports, block Internet Control Message Protocol (ICMP) traffic, and disable NETBIOS and SMB protocols. If it is determined that the server has a weak TCP/IP stack configuration or unpatched servers, which can lead to DoS that include attacks such as Network-level SYN floods, buffer overflows or flooding the Web server with requests from distributed locations, but these can be countered by hardening the TCP/IP stack and constantly applying the latest patches and updates to system software. The WAP is most vulnerable if it is not secured properly, which can lead to attacks of Snooping, Brute-Force or Eavesdropping. This can be mitigated by using 802.11 wireless protocols and using Wi-Fi Protected Access (WPA2, which will provide the network with strong security. Also, we could turn off the broadcast ID, so that we do not advertise that we have a wireless network. The main purpose of the domain controllers are to respond to security authentication requests within the assigned domain. The biggest vulnerability to the domain controllers I that they are linked directly to the WAP, even though they are located behind the IDS and the internal firewall, but someone with enough knowledge to gain access, could shut the network down.

MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

A file server can be vulnerable if unauthorized access has been obtained by an internal or external source, therefore, controlling access to them is essential. Assigning users the proper permissions as to what they can do with files is one way to secure the resources on this server. When it comes to the computers, the way they would be most vulnerable in this network would be that users are not following the security policies set and proper use of system resources. Also, if somehow a user was given administrative privileges instead of limited, they could possibly cause severe damage in that they have access to the network than they should. In conclusion, we have identified some significant vulnerabilities and how they could impact the network. Malicious attacks happen to computer networks just about every day in our society. If we perform risk assessment and analysis on the network on a routine basis, it will aid in the health and security of the network. Network security is imperative and it should be monitored 24 hours a day, seven days a week, and 365 days a year.

MALICIOUS ATTACKS, THREATS, AND VULNERABILITIES

References Lavanya, R. (n.d.). How to Identify Potential Malicious Attacks on Firewalls. Global Post. Retrieved on January 29, 2014, from http://everydaylife.globalpost.com/identifypotential-malicious-attacks-firewalls-41533.html Kim, D., Solomon, M. (2012). Fundamentals of information systems security. Sudbury, MA: Jones and Bartlett. Manky, D. (November, 2010). Top 10 Vulnerabilities Inside the Network. Retrieved on January 29, 2014, from http://www.networkworld.com/news/tech/2010/110810-networkvulnerabilities.html?page=2 Network Attacks. (2013, October). Retrieved January 29, 2014, from http://www.techfaq.com/network-attacks.html Niang, B. (August, 2011). Top 10 tips to secure your email server. Retrieved on January 29, 2014, from http://www.vircom.com/security/top-10-tips-to-secure-your-email-server/ Peisert, S., Bishop, M. & Marzullo, K. (March, 2010). What Do Firewalls Protect? An Empirical Study of Firewalls, Vulnerabilities, and Attacks. Retrieved on January 29, 2014, from http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-8.pdf