There are various types of attacks that can be carried out on a communications system, and depending on the type, the response that may be posed to them will also depend. This section will delve a little into this matter. If the attacks are aimed directly at the data being communicated, they can fall into the following categories:
this refers to when the normal flow of communications is completely interrupted because part or all of the system cannot be used. Example: physical destruction of equipment, deletion of applications, failure of the operating system, etc.
This refers to when there is some unauthorized access to the system, by a person, software or communication system, and because no data is lost, it is one of the most difficult attacks to intercept. Example: illegal reproduction of files, interception of cables for monitoring data on a network, etc.
unauthorized access to the system in addition to its modification. Example: database modifications, changes in system software configurations, etc.
authorized access to the system in addition to the addition of objects that previously were not. Example: inserting records in databases, adding transactions to a communication system, etc.
Types of Attack
Now we will give a slightly more comprehensive explanation of the attacks, many of these threats focus on what we know as Denial of Service (DoS), in this type of attack the fundamental goal is to deny the Computer under attack access to a certain resource or its resources, some examples of this type of attack are:
- Attempts to flood a network, thus avoiding Legitimate data traffic on it;
- Attempts to interrupt the connections between two machines, thus avoiding access to a service;
- Attempts to prevent a certain person from accessing a service;
- Attempts to interrupt a specific service to a system or a user;
It should be noted that the illegitimate use of resources can also lead to the denial of service. For example, a hacker can use an anonymous FTP area as a place to save files, thus consuming disk space and generating traffic on the network.
As a result, the attacks of denial of service can essentially inoperative leave a computer or network. In this way, an entire organization can be offline for a certain time.
There are three types of denial of service attacks:
Computers and networks need certain resources to function: network bandwidth, memory and disk space, CPU time, data structures, access to other computers and networks, among others. The attacks of denial of service are running, often against the connectivity of the net. Another attack is the consumption of network bandwidth, generating a large number of packets addressed to it, thus preventing the use of the said network. All this type of attack is based on codes that generate, so to speak, noise in the system, for example, if what is consumed is memory space, the attack is based on:
- A program that “reproduces itself”, that is, it creates infinite copies of itself the same as what saturates the memory of the equipment.
- Destruction or alteration of configuration information: this type of attack is based on the fact that an incorrectly configured computer may not work well or may not directly boot.
- Physical destruction or alteration of network components: The physical cybersecurity of the network is very important. Itmustprotectagainstunauthorized access to computers, routers, racks of network cabling, segments of the backbone network and critical component of any network.
Prevention and Response
Such as has been stated above, the attacks of denial of service can give place to lose significant time and money for many organizations so that several measures are recommended:
- Place access lists on the routers. This will reduce your exposure to certain denial of service attacks.
- Install patches to your operating system against TCP SYN flooding. This action will allow you to substantially reduce your exposure to these attacks even if you cannot permanently eliminate the risk.
- Override any unnecessary or unused network services. This can limit a hacker’s ability to take advantage of those services to execute a denial of service attack.
- If your system operating so allows you, implement systems of quotas. For example, if your operating system supports “disk Quotas” implement it for all logins. If your operating system supports partition or volumes, separate what is critical from what is not.
- Observe the operation of the system and establish base values for an ordinary activity. Use these values to calibrate unusual levels of disk activity, CPU usage, or network traffic.
- Include as part of your routine examining your physical safety. Consider, among other things, the servers, routers, terminal unattended, ports network access, and wiring closets.
- Use Tripwire or a similar tool to detect changes in configuration information or other files.
Encryption is a method of transforming plain text into encrypted text, with the possibility of later retrieving the plain text from the encrypted text. Encryption can be used on a network device through a Virtual Private Network (VPN). A VPN provides secure connections between points where encrypted information can travel on a public network like the Internet. This process of transformation/recovery is carried out following one method present known as an encryption algorithm, which depends primarily on one parameter called a key or secret key. Figure 4 shows a diagram of the encryption process.
- The information Original is processed by one algorithm for encryption, using an encryption key to encrypt the text.
- The result of this process is called encrypted text.
- The receiver receives the encrypted text and decrypts it using a secret key to obtain the original message.