MAIN TYPES OF NETWORK ATTACKS - NETWORK VULNERABILITIES

Types of Network Based Attacks

Network attacks are often used to open the door to other kinds of cyberattacks. For example, attackers may start by penetrating the network and then move on to compromising endpoints, spreading malware, and/or looking for vulnerabilities they can exploit. This means that businesses, even SMBs, need to know about the various common types of network attacks and how to protect their network against them.

Let’s take a closer look at each of these types of network vulnerabilities.

Types of Networking Attacks

1.Code and SQL injection attacks

Code and SQL injection attacks use data-input fields to enter malicious code instead of the expected data value. The way to guard against these attacks is to keep data-input fields to a minimum and to perform robust validation on the data entered. Additionally, each application should have its own database access and this should have the minimum level of privilege necessary to perform its task.

2. Distributed Denial of Service (DDoS) attacks

DDoS attacks can be at either infrastructure-level (levels three and four of the OSI 7 layer model) or application-level (levels six and seven of the OSI 7 layer model). Strictly speaking, only the former are classed as network attacks. Infrastructure-level DDoS attacks aim to bring down an entire website by flooding it with traffic, usually from spoofed IP addresses.

The most obvious defense against DDoS attacks is plenty of bandwidth and a robust website vulnerability scanner with an integrated website applications firewall. The less obvious defense against DDoS attacks is flexible, scalable infrastructure which makes effective use of services such as smart DNS lookup, content delivery networks, and load-balancers.

3. Insider threats

These are exactly what the name suggests. The best way to guard against these threats is to be rigorous about vetting staff with any sort of privileged access to your network. Sad as it may seem, you also have to monitor how employees in trusted positions use their network accesses. Pre-vetting employees only tells you what has happened in their past. This is not necessarily a reliable guide to their future.

4. Man in the middle attacks

MitM attacks intercept traffic either between your network and the internet or within your network. The way to put a stop to them is to use secure communications protocols. For completeness, MitM attacks are also used to steal data from websites. The way to guard against this is to implement HTTPS, preferably on all pages, at the very least on pages where people have to enter sensitive data.

5. Privilege escalation

Privilege escalation basically means that once attackers gain any sort of hold in your network, they can work on expanding the extent of that privilege. This can be done either horizontally (moving into other systems) or vertically (increasing the level of privilege within any given system). If an attack goes undetected for long enough it will probably end up as being both.

6. Unauthorized access

You could argue that most network attacks involve unauthorized access. DDoS might be the exception, depending on how you view it. The term “unauthorized access” is, however, generally used to mean when a hacker compromises legitimate login credentials.

The first line of defense against this is to make sure that you have robust anti-malware protection on all devices which connect to your network. All means all, servers, computers, and mobile devices.

If you have other smart devices (i.e. ones which connect to the internet of things) then take a look at them too. You may not be able to get anti-malware protection for them, but you can at least make sure that they’re behind a firewall, put their security settings as high as they will go, and if they take passwords, make sure that they are genuinely strong and unique.

The second line of defense against unauthorized access is to have a robust user-management process. Anyone with privileged access to your network must have their own credentials and must be explicitly banned from sharing them.

They should also be instructed to use a genuinely strong and unique password and, insofar as possible, this should be enforced with password-setting policies. Wherever possible, you should also use two-factor authentication.

All privileged accounts should be issued on an “as-needed” basis. They should be promptly revoked if that access ceases to be required. There is a bit of a gray area here in that sometimes people are absent from companies for extended periods but do intend to return. This is a judgment call but lean towards revoking the access and recreating it when they return.