Threats and Risks

Designing a secure network requires an understanding of the types of attacks that can compromise system security and their associated risks. The threats to network security can be classified into the following three categories:

■ Reconnaissance: Reconnaissance is the active gathering of information about an enemy or target; the idea is to learn as much as possible about the target and the involved systems. In the network security area, reconnaissance is usually the prelude to a more focused attack against a particular target.

■ Gaining unauthorized system access: After information about the target system is known, the next step is gaining access to the system by exploiting the system or using social engineering techniques.

■ Denial of service (DoS): Even if direct access to a system is not possible, another type of threat is DoS. A DoS attack is used to make systems unusable by overloading their resources such as CPU or bandwidth. When multiple sources conduct a DoS attack, it is called a distributed DoS (DDoS) attack.

To provide adequate protection of network resources, the network procedures and technologies need to address the following security risks:

■ Confidentiality of data: Confidentiality should ensure that only authorized users can view sensitive information, to prevent theft, legal liabilities, and damage to the organization.

■ Integrity of data: Integrity should ensure that only authorized users can change sensitive information and guarantee the authenticity of data.

■ System and data availability: Availability should ensure uninterrupted access to important computing resources to prevent business disruption and loss of productivity.

Given the broad range of potential threats, everything in the network is a potential target. Hosts are typically the preferred target for worms and viruses. For example, host files could be corrupted in an attack, and the compromised host could be used to launch attacks against other hosts, creating a botnet. However, other high-value targets include the following:

■ Network infrastructure devices, including routers and switches

■ Support services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System servers

■ Endpoints, including IP phones, management stations, and user endpoints (such as PCs and laptops)

■ Network infrastructure, including the network capacity or bandwidth

■ Security devices, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)

The various threats and risks are described further in the following sections.

Was this article helpful?

0 0

Post a comment