Internet attacks on computer networks
Information security in computer networks is one topic that focuses on all organizations and institutions these days. In a computer network, many services and protocols are installed and configured to provide services to users. Some services have the necessary talent for all kinds of attacks. In the first stage and during their installation and configuration, it is essential to observe security issues and in the second stage to avoid installing unnecessary services and protocols. Indeed, identifying unnecessary services and the types of attacks that attackers use to target computer networks will better establish and maintain safe and secure computer networks.
Attacks on a computer network link three essential elements of active services, protocols used and open ports. One of the most critical IT professionals’ tasks is to ensure that the network is secure and resistant to attacks. When providing the servers, a set of services and protocols were enabled by default, and several others were disabled. This is directly related to the operating system policies and their approach to security.
The first step in securing a network environment is to formulate, implement, and adhere to a security policy that is central to network security planning. Any planning in this regard requires attention to the following:
- Examine the role of each server along with the configuration performed to perform the relevant tasks in the network
- Compliance of installed services, protocols and programs with the requirements of an organization
- Check the necessary changes for each of the current servers (add or remove unnecessary services and protocols, fine-tune the security of active services and protocols).
The duty of a server
After determining each server’s position and role in the network, it is possible to decide on the required services and protocols. Some of the servers with their function in a computer network are as follows:
- Logon Server: This type of server is responsible for identifying and verifying users when entering the network. The above servers can perform their operations as a part along with other servers.
- Network Services Server: This type of server is responsible for hosting the services required by the network. These services include:
- - Dynamic Host Configuration Protocol (DHCP)
- - Domain Name System (DNS)
- - Windows Internet Name Service (WINS)
- - Simple Network Management Protocol (SNMP)
- Application Server: This server type is responsible for hosting applications such as the Accounting software package and other software required in the organization.
- File Server: This type of server is used to access users’ files and directories.
- Print Server: This type of server is used to access shared printers on the network.
- Web Server: This type of server is responsible for hosting internal or external web applications and websites.
- FTP Server: These types of servers are responsible for storing files for downloading and uploading operations. The above servers can be used internally or externally.
- Email Server: These servers are responsible for providing email service and can also host public folders and Groupware applications.
- News / Usenet (NNTP) Server: This type of server is a newsgroup server, and users can send and receive messages on them.
To identify the services and protocols required of each service provider, one must first answer the question of how to access each of them, the internal network, the global network, or both. This question provides the background for installing and configuring essential services and protocols and eliminating unnecessary services and protocols associated with servers on a computer network.
Vital and required services
Every operating system needs to use different services to provide services. Ideally, a server’s installation and configuration should include only the services and protocols necessary to perform each server’s tasks.
Operating system manufacturers usually refer to the documentation for these services. Using the documentation and following the standard methods provided for configuration and preparation of service providers provides a better installation and configuration with safety considerations.
When a computer is provided to you, it usually has several software installations and unique configurations applied to it. One of the safest ways to make sure your system meets you’re expect to perform a clean install using pre-defined policies and lists. Thus, in case of problems, it is possible to quickly check each issue in its specific area and choose a solution.
Specify the required protocols
Some network administrators are accustomed to installing unnecessary protocols on the system because they are not familiar with each protocol’s role and function in the network and, in some cases, believe that these protocols may be needed in the future. Will be. Protocols, like services, should not be installed unless they are required. By examining a network environment, it deals with several questions about the needed protocols and the answers to identify and establish the necessary protocols.
What kind of protocol or protocols are needed to communicate clients (desktops) with servers?
What kind of protocol or protocols are needed to communicate between the server and the server?
What kind of protocol or protocols are needed for remote desktop communication with service providers?
Do the selected protocol or protocols require us to install additional services?
Do the selected protocols have specific security issues that need to be addressed?
Many computer networks use multiple operating systems, such as Windows, Unix, or Linux. In such cases, the TCP / IP protocol can be used as a standard chapter between them. Then you have to decide on assigning IP addresses statically or dynamically with DHCP’s help. If it is agreed that assigning IP addresses dynamically with DHCP’s help, add it to a service called We will need DHCP. Although using DHCP makes network management more comfortable, it has a lower security level than static IP address allocation, as anonymous users can receive an IP address immediately from the source issuing the IP address after connecting to the network. Title as a client to work on the web. The same is true for unsecured wireless networks. For example, a person can be located in a building’s parking lot and use a laptop to connect to your network using a wireless connection. The TCP / IP protocol also uses a DNS server to “name-to-address.”
Combined networks include several operating systems such as Windows and Unix, and since Windows is 0.4 NT or 2000, WINS service is required in addition to DNS. Simultaneously, as selecting the protocols and services they need, the necessary research on each of them’ security challenges should be reviewed and the relevant information documented (documentation is respect for one’s own time and that of others). The solution of choice must be to reduce the threats associated with each of the services and protocols in a network.
Attacks on a computer network link three essential elements of active services, protocols used and open ports. Information security experts must establish and maintain a secure, network-resistant network.
Attacks
The following table shows some common attacks:
The purpose of DoS attacks is to disrupt the resources or services that users are trying to access (disabling services). The most crucial goal of this type of attack is to deprive users of access to a specific resource.
In this type of attack, attackers use various methods to harass authorized users to access and use a service and somehow disrupt the set of benefits that a network provides.
Attempts to create false traffic on the network, disruption of communication between two machines, obstruction of authorized users to access a service, disruption of services are examples of other goals that attackers pursue. In some cases, to carry out large-scale attacks, DoS attacks are used as a starting point and a lateral element to provide the basis for the main attack. Proper and legal use of some resources may also lead to a DoS-type attack. For example, an attacker could use an anonymous FTP site to access copies of illegal software, use disk storage, or create fake network traffic.
This type of attack can cause the computer or network to be disabled. The above episodes focus on the role and operations of each network protocol without the need for approval.
To perform this type of attack, various tools are used that can be obtained with little patience and searching the Internet. Computer network administrators can use this type of device to test the connection created and debug the network. DoS attacks have been realized in various forms so far. In the following, we will get acquainted with some of them.
- Smurf / smurfing: This type of attack is based on the Reply Function of the Internet Control Message Protocol (ICMP) and is more commonly known as ping. Called). In this type of attack, the attacker sends ping packets to the broadcast addresses of the network, in which the source address of each of the ping packets is replaced with the address of the victim computer. The possibility of using network resources is impaired.
- Fraggle: This type of attack is very similar to Smurf attacks, and the only difference is the use of User Datagram Protocol (UDP) against ICMP. In the above attacks, attackers send UDP packets to Broadcast addresses (similar to the Smurf attack). These UDP packets are routed to port 7 (echo) or port 19 (Chargen).
- Ping flood: In this type of attack, by sending Ping requests directly to Farbani computer, it tries to block services or reduce their activity. In a particular type of attack, known as the ping of death, the packets’ size becomes so large that the system (victim computer) will not be able to deal with such packages properly.
- SYN flood: In this type of attack, the three-way handshake benefits of TCP are used. The source system sends a large set of synchronization requests (SYN) without sending the final acknowledgment (ACK). This creates half-open TCP sessions. Because the TCP stack will wait before resetting the port, the above attack will cause a buffer overflow to connect to the destination computer, making it virtually impossible to communicate with trusted clients.
- Land: The above attack has been seen in different versions of Cisco Windows, Unix, Macintosh and iOS. In this type of attack, attackers send a TCP / IP synchronization (SYN) packet with the same source and destination addresses and the same source and destination ports to the target systems. Thus, the victim system will not be able to respond appropriately to the packet.
- Teardrop: This type of attack uses one of the UDP attributes in the TCP / IP stack of some operating systems (TCP implemented in one operating system). In the above attacks, attackers send fragmented packets to the target system with individual offset values in a sequence of packets. When the operating system tries to reconstruct the original fragmented packets, the sent parts are overwritten on top of each other, and the system will crash. Due to the lack of proper treatment of the above problem in some operating systems, the target system will crash or restart.
- Bonk: This type of attack mostly targets machines that use the Windows operating system. In the above attacks, attackers send corrupted UDP packets to DNS port 53, thus disrupting the system and crashing the system.
- Boink: These types of attacks are similar to Bonk attacks. With the difference that in front of using the port
The most common ports used in DoS attacks
Another DoS attack is a unique yet simple type of DoS attack known as Distributed DoS (DDoS). In this regard, you can use several software to perform this type of attack and from Used within a network. Dissatisfied users or malicious people can disable the services on the web without any influence from their organization’s outside world. In such attacks, attackers distribute special software called zombies. This type of software will allow attackers to control all or part of the infected computer system. After the initial damage to the target system using the installed Zombie software, the attackers will carry out their final attack using a wide range of hosts. This type of attack’s nature and manner is similar to a standard DoS attack, but the destructive power that attackers inflict on infected systems is affected by the total number of zombies under the attackers’ control.
To protect the network, filters can be configured on external network routers to remove packets subject to DoS attacks. Another filter that can view traffic (originating via the Internet) and an internal network address must be installed in such cases. Provides also be used.
The back door is a program that allows you to access a system without checking and controlling security. Developers usually anticipate such potentials in programs to enable debugging and editing of code written during software testing. Because many of the above features are not documented, after the end of the testing phase, it remains in the same condition and has several security threats.
Some of the most common software used as a back door is:
- Back Orifice: The above program is a remote management tool that will allow system administrators to control a computer remotely (for example, “via the Internet). The software is a dangerous tool created by a group called Cult of the Dead Cow Communications. This software has two separate parts: a client part and a server part. The client part runs on one machine and provides the background to monitor and control another device on which the client part runs.
- NetBus: This program, like Back Orifice, provides the possibility of remote access and control of a machine via the Internet. The above program runs under the Windows operating system (different versions from NT to 95 and 98), and in two parts It consists of a separate function: the server part (the amount that will be installed on the victim computer) and the client part (the program that is responsible for finding and controlling the server). The above program will infringe on users’ privacy while connecting to the Internet and will lead to several security threats.
- Sub7 (SubSeven): This program also runs under Windows and functions similar to Back Orifice and NetBus. After activating the above program on the target system and connecting to the Internet, any person who has client software will access the system indefinitely.
Back Orifice, NetBus, and Sub7 software have two essential parts: server and client. The server is installed on the infected machine, and the client part is used to control the server remotely. The above software is called “illegal servers.”
Some software is highly reputable but may be used by users with malicious intent:
- Virtual Network Computing (VNC): AT&T Lab provided the above software for remote control of a system. Using the above program, it is possible to view the desktop environment from any place, such as the Internet. One of the exciting features of this software is its extensive support for different architectures.
- PCAnywhere: The above software was provided by Symantec to control a system with encryption technology and authentication remotely. Due to the ease of use of the above software, many companies and institutions are currently using it to access a remote system.
- Terminal Services: Microsoft provides the above software in conjunction with the Windows operating system for remote control of a system.
Like other applications, the above software can be used for both optimistic and malicious purposes.
The best way to prevent back door attacks is to train users and monitor each available software’s performance. Users should be prepared to download and install software on their system only from trusted sources and sites. Installing and using antivirus programs can significantly help block such software’s performance (such as Back Orifice, NetBus, and Sub7). Antivirus programs must be continuously updated to enable the detection of new software.
I suggest you read these:
