Network Security Threats and Attacks

Question 1

What is IP spoofing?

Answer 1

When an IP packet has a modified (falese) source address in order to hide the identity of the sender or impersonate another computer system. Often used for DDoS attacks.

Question 2

In what 4 broad categories are threats usually classified?

Answer 2

Interception or unauthorised viewing

Modification or unauthorised change

Fabrication or unauthorised creation

Interruption or prevention of authorised access

Question 3

What are some threats to network security?

Answer 3

Remote Intrusion
DoS
Malicious Code
Masquerade
Content release and modification

Question 4

What different malicious code attacks are there?

Answer 4

Virus

Worm

Trojan

Logic bomb

Backdoor

Rootkit

Scripts

Question 5

What is remote intrusion?

Answer 5

A remote attack.

Illegal access:
connect to the internal network and gain access to the internal resources.

Illegal visiting: use the resources through remote login or hacking tools

Question 6

What is a passive attack versus an active attack?

Answer 6

Passive attack: attempts to learn or make use of information from the system but does not affect system resources.

Active attack: attempts to alter system resources or affect their operation.

Question 7

What are two types of passive attacks?

Answer 7

Traffic analysis: Guessing the contents of the data by looking at the location, identity of hosts, frequency and length of messages.

Release of message contents

Question 8

How can we deal with passive attacks?

Answer 8

As they are difficult to detect the emphasis in dealing with them is on prevention rather than detection.

Question 9

What are the four categories of active attacks?

Answer 9

Masquerade

Replay: unauthorised passive capture of data and subsequent retransmission.

Modification of messages

DoS