• Choose a category
• All
• Classic-Fiction

TCP/IP is particularly vulnerable to attacks at the Host-to-Host (or Transport) layer and the IP layer. Transport layer attacks are designed to take advantage of the synchronization method used by TCP, the unsynchronized characteristics of UDP, and the maintenance messages generated by ICMP.

Common attacks on TCP include the SYN or ACK flood attack, TCP sequence number attack, and TCP/IP hijacking.

UDP is vulnerable to flooding attacks. Flooding attacks are DoS attacks, and they’re designed to prevent access by authorized users.

TCP/IP uses protocols and services at each layer of the network model. These protocols and services offer ports to receive and send messages to other services or applications. The ports are vulnerable to attack depending on the protocol. Thousands of ports are available for use in TCP/IP. The ports numbered below 1024 are considered well known, and they usually require administrative access to be used.

Applications interface with the TCP/IP suite using either APIs or Windows sockets. These interfaces are well established and published.

Each layer of the protocol suite communicates with the layers above and below it. The process of preparing a message for transmission involves adding headers as the packet moves down this stream. This process is called encapsulation.

Malicious code describes an entire family of software that has nefarious intentions for your networks and computers. This includes viruses, Trojan horses, logic bombs, and worms. Viruses and worms are becoming a major problem on the Internet. The best prevention methods available include antivirus software and user education.

The process of using human intelligence to acquire access to information and systems is called social engineering. Social engineering involves someone contacting a member of an organization and attempting to con them out of account and password information. The best method of minimizing social engineering attacks is user education and positive verification of the identity of the person committing the attack.

Audit files and system logs are very effective for tracking activity in a network or on a server. They should be reviewed regularly to identify if unauthorized activity is occurring. Systems should be routinely inspected to verify whether physical security procedures are being followed.

Exam Essentials

Be able to describe the various types of attacks to which your systems are exposed. Your network is vulnerable to DoS attacks caused by either a single system or multiple systems. Multiple system attacks are called DDoS. Your systems are also susceptible to access, modification, and repudiation attacks.

Be able to describe the methods used to conduct a back door attack. Back door attacks occur using either existing maintenance hooks or developmental tools to examine the internal operations of a program. These hooks are usually removed when a product is prepared for market or production. Back door attacks also refer to inserting into a machine a program or service that allows authentication to be bypassed and access gained.

Know how a spoofing attack occurs. Spoofing attacks occur when a user or system masquerades as another user or system. Spoofing allows the attacker to assume the privileges and access rights of the real user or system.

Be able to describe a man-in-the-middle attack. Man-in-the-middle attacks are based on the principle that a system can be placed between two legitimate users to capture or exploit the information being sent between them. Both sides of the conversation assume that the man in the middle is the other end and communicate normally. This creates a security breach and allows unauthorized access to information.

Be able to describe a replay attack. A replay attack captures information from a previous session and attempts to resend it to gain unauthorized access. This attack is based on the premise that if it worked once, it will work again. This is especially effective in environments where a user ID and password are sent in the clear across a large network.