Stories
Slash Boxes
Comments

SoylentNews is people

Three Types of Network Attacks to Watch For

posted by martyb on Friday October 04 2019, @04:50AM   Printer-friendly
from the the-counting-of-network-attack-types-shall-be-three dept.

Fnord666 writes:

Cybersecurity is becoming more of a common tongue term in today's industry. It is being passed around the executive meetings along with financial information and projected marketing strategies. Here are some common attack vectors plaguing the industry when it comes to network infrastructure. It does not really matter the infrastructure type you have. If there is value to the data you are transferring within, someone wants to get it.

  1. Reconnaissance Attacks
  2. Access Attacks
  3. Denial of Service Attacks

It is a pipe dream to believe a network infrastructure is invulnerable; however, the possibility of being protected is within grasp. Fundamentally, it comes down to knowledge of what can happen to your network, knowing your equipment and training up the staff.

Source: Tripwire.com

Original Submission

 
This discussion has been archived. No new comments can be posted.
Three Types of Network Attacks to Watch For | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by NotSanguine on Friday October 04 2019, @03:14PM

    by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Friday October 04 2019, @03:14PM (#902638) Homepage Journal

    Since when is pinging and port scanning an attack? Especially if it's done only a few times, and is clearly not an attempt at DoS. Reminds me of the story of a teenager getting in trouble with his school for pressing F5 repeatedly while looking at the school website.

    It's not an attack to try a car door handle to see if it's locked, or a key to see if it unlocks the door. If it was, we'd be busting people all the time for mistaking another car as theirs. Nor is it an attack to just glance through the car window to see if the lock is engaged. Nor is photographing a car on the street an attack.

    Context is important. Trying a door handle isn't an "attack" per se, but if the individual is trying *all* the door handles in a parking lot, is that potentially suspicious/malicious? If not, why not?

    What is reconnaisance [thefreedictionary.com]?

    An inspection or exploration of an area, especially one made to gather military information.

    Often, reconnaisance is covert, or attempts to be. In this context, that would be low-volume port/ping scans. Are those types of activities generally disruptive? No. However, they can, and do, provide information concerning the breadth and depth of attack surfaces, which can be quite useful when planning (or identifying targets for) an access or DDOS attack.

    Besides, this isn't about (not for me, at least, I didn't read TFA) calling various types of connection attempts "bad" or "crimes". It's about being aware of the activity at the perimeter and within your network.

    Which is why any network that has significant assets should be monitoring for such caresses (is that a better term than attack?), both internally and at perimeters.

    On small/home networks, reviewing firewall logs (if your firewall even provides them -- if not, get a real firewall) and web/file sharing logs on systems with shared resources is often sufficient.

    In larger environments an SIEM* [wikipedia.org] implementation (note, I don't say system, as there are multiple discrete components to a functional SIEM implementation) can allow you to identify potential incursions in near real-time, by aggregating and correlating (in a variety of ways) log data from firewalls, routers, switches and servers.

    tl;dr: Port/ping scans aren't necessarily malicious, nor are they, generally, disruptive. However, if there are vulnerable points in your network perimeter, such activity can give an attacker the information needed to exploit such vulnerabilities.

    *SIEM related links:
    https://www.sans.org/reading-room/whitepapers/incident/paper/33689 [sans.org]
    https://kalilinuxtutorials.com/a-beginners-guide-to-siem/ [kalilinuxtutorials.com]
    https://learn.techbeacon.com/topics/introduction-siem [techbeacon.com]
    https://logz.io/blog/what-is-siem/ [logz.io]
    https://logz.io/blog/open-source-siem-tools/ [logz.io]

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3