You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Editor’s Perspectives<br />
Network <strong>Security</strong><br />
Threats & <strong>Solution</strong>s<br />
November 3, 1988, is considered as a turning point<br />
in the world of Internet. 25 Years ago a Cornell<br />
University graduate student created first computer<br />
worm on the Internet, “Morris Worm.” <strong>The</strong> Morris worm<br />
was not a destructive worm, but it permanently changed the<br />
culture of the Internet. Before Morris unleashed his worm,<br />
the Internet was like a small town where people thought<br />
little of leaving their doors unlocked. Internet security was<br />
seen as a mostly theoretical problem, and software vendors<br />
treated security flaws as a low priority.<br />
Today, there is a paradigm shift, Morris worm was<br />
motivated more by intellectual curiosity than malice, but it<br />
is not the case today. According to a 2015 Report, 71% of<br />
represented organizations experienced, at least, one<br />
<strong>success</strong>ful cyber attack in the preceding 12 months (up<br />
from 62% the year prior).<br />
According to survey report, discloses that, among 5500<br />
companies in 26 countries around the world, 90% of<br />
businesses admitted a security incident. Additionally, 46%<br />
of the firms lost sensitive data due to an internal or external<br />
security threat. On average enterprises pay US$551,000 to<br />
recover from a security breach. Small and Medium business<br />
spend 38K.<br />
Incidents involving the security failure of a third-party<br />
contractor, fraud by employees, cyber espionage, and<br />
network intrusion appear to be the most damaging for large<br />
enterprises, with average total losses significantly above<br />
other types of the security incident.<br />
Let’s Take a Look at Recurrent <strong>Security</strong> Threats Types-<br />
Denial of Service Attacks<br />
A denial of service (DoS) attack is an incident in which a<br />
user or organization is deprived of the services of a resource<br />
24<br />
they would normally expect to have. <strong>The</strong>se attacks are very<br />
common, accounting for more than one-third of all network<br />
attacks reviewed in the report. A standard approach is to<br />
overload the resource with illegitimate requests for service.<br />
Brute Force Attacks<br />
Brute force attack tries to kick down the front door. It’s a<br />
trial-and-error attempt to guess a system’s password. <strong>The</strong><br />
Brute Force Attack password cracker software simply uses<br />
all possible combinations to figure out passwords for a<br />
computer or a network server. It is simple and does not<br />
employ any inventive techniques.<br />
Identity Spoofing<br />
IP spoofing, also known as IP address forgery. <strong>The</strong> hijacker<br />
obtains the IP address of a legitimate host and alters packet<br />
headers so that the regular host appears to be the source. An<br />
attacker might also use special programs to construct IP<br />
packets that seem to originate from valid addresses inside<br />
the corporate intranet.<br />
Browser Attacks<br />
Browser-based attacks target end users who are browsing<br />
the internet which in turn can spread in the whole enterprise<br />
network. <strong>The</strong> attacks may encourage them to unwittingly<br />
download malware disguised as a fake software update or<br />
application. Malicious and compromised websites can also<br />
force malware onto visitors’ systems.<br />
SSL/TLS Attacks<br />
Transport layer security (TLS) ensures the integrity of data<br />
transmitted between two parties (server and client) and also<br />
provides strong authentication for both sides. SSL/TLS<br />
attacks aim to intercept data that is sent over an encrypted<br />
connection. A <strong>success</strong>ful attack enables access to the<br />
unencrypted information. Secure Sockets Layer (SSL)<br />
attacks were more widespread in late 2014, but they remain<br />
November 2016