2) Trust Exploitation
Trust exploitation is a situation where by an individual is taking advantage of a trustable and reliable relationship within a network. An example of such an attack is a perimeter network connected to a corporate network. Hacker leverages on the existing trust relationships. Several trust models that exist:
I. Windows
II. NIS+
III. Active directory
IV. NIS
V. Linux and UNIX
VI. Domains
3) Port Redirection
Port redirection attacks are a type of trust exploitation attack, which uses a host that is fragile in passing traffic that would otherwise be dropped via a firewall. A host on the outside can contact the host on the public services segment (mostly known as the demilitarized zone [DMZ]) (Host A), but not the host on the inside (Host B). The host on the public services segment can be reached by the host on both the inside and outside. If hackers successfully compromise the public services segment host, they will be able to install software to channel traffic from the outside host directly to the inside host. Even though neither communication fails to agree with the rules implemented in the firewall, the outside host has now achieved a good network connectivity to the inside host simply through the port redirection process on the public services host. A good example of an application that can render this kind of access is Netcat.
4) Man-In-The Middle Attack
A man-in-the-middle attack necessitates that the hacker possess access to network packets that come via a network. A man-in-the-middle attack could be implemented using network packet sniffers and routing and transport protocols.
Theft of information, hijacking of an ongoing session to gain access to internal network resources, traffic analysis to derive information about the network and its users, denial of service, corruption of transmitted data, and introduction of new information into network sessions are possible tools uses by man-in-the-middle attacks to attack a network. Someone working for an internet service provider (ISP) can gain access to all network packets and perform all of the above operations.
2.9.1 DENIAL OF SEVICE ATTACKS
A denial of service (DoS) attack damages or corrupts a computer system or denies all forms of access to the networks, systems or services even within the hacker’s community. Denial of Service (DoS) attacks is regarded as less important and considered a bad form because they require little effort to execute. Although DoS implementation is easy and can cause little potential significant damage the attacks deserve special attention from security administrators. DoS attacks can consist of the following:
1. IP SPOOFING
IP spoofing; this is a technique used to acquire unauthorized access to computers. In this kind of technique, the intruder sends illegitimate messages to a computer with an IP address which shows that the message is coming from a reliable and trusted host. Engaging in IP spoofing, hackers firstly use a variety of techniques to look for an IP address of a trusted host, then they modify their packet headers to appear as though the packets are coming from that trusted host. Furthermore, attackers can also engage other unsuspecting hosts in order to generate traffic and make it appear like its coming from a trusted host, hence, flooding the network.
2. DISTRIBUTED DENIAL OF SERVICE
DDoS (Distributed Denial of Service) attacks refer to the next generation of DoS attacks on the Internet. TCP SYN flooding and UDP, ICMP echo-request floods, and ICMP directed broadcasts (also referred to as surf attacks) are similar to DDos attacks, however, the attack has a new scope. Victims of DDoS attack experiences packet flooding from various sources perhaps spoofed IP source addresses that brings their network connectivity to a grinding malfunction. In the past, an attempt to flood a target host with packets is the typical DoS attack. The hacker uses a terminal to scan for systems to hack. After handler systems are accessed, the hacker installs software on these systems. This software attempts to scan for, compromise, and infect agent systems. When the agent systems are accessed, the intruder then loads remote control attack software to accomplish the DDoS attack. [Bidou 2000]
2.9.2 WORM, VIRUS AND TROJAN HORSE ATTACKS
Some threat are categorized according to minor or primary vulnerabilities for the end-user, which could be handled by a layman by just explaining what he/she has to do. These attacks could be solved by the use of antivirus software or by restoring the affected machine to factory settings.
1. VIRUS
Viruses are known as malicious software, which are attached to other programs and execute a particular undesirable or unwanted function on a user workstation. Typically, a virus propagates itself by infecting other programs on the same computer where it resides. Viruses can do serious damage, like erasing an entire storage media or erasing and manipulating files. These kinds of viruses cannot affect a new computer without human aid such as introducing a virus-infected file on a CD, or as an email attachment and mostly through file sharing.
2. WORMS
A worm is a self-replicating malware, which executes arbitrary code and also installs copies of itself on memory of infected computer; it can then infect other hosts from the infected computer. A worm is also a program that propagates itself like viruses do, but a worm can as well spread itself automatically across the network from one computer to the next unlike viruses that need human media to spread. They always take advantage of features of automatic file sending and receiving, found on many computers to propagate.
3. TROJAN HORSE
A Trojan horse does two things at a go: it can infect and convert the infected, and a Trojan can attack on three levels. It can attack as virus, as worm and as itself. A virus known as the Love Bug is a typical example of a Trojan horse because a love bug pretends to be a love letter when it actually carries a harmful program. Love Bug is definitely a virus because it infects all image files on the attacked disk, and turns them into new Trojans. Finally, Love Bug is worm as it propagates itself across the Internet by hiding in the Trojan horses, which is sent out using addresses in the attacked email address contact.
