CPE321 – Computer Networks and Security
Module 7: Network Security Threats and Attack Techniques
Module Overview
Modern computer networks connect billions of devices and support critical systems such as banking, healthcare, transportation, and government services. While networking technologies provide efficiency and connectivity, they also expose systems to various security threats and cyberattacks.
Attackers may attempt to steal sensitive data, disrupt services, manipulate information, or gain unauthorized access to systems. Understanding how these threats work is essential for computer engineers responsible for designing secure networks.
This module examines common network security threats, attack methods, and vulnerabilities, including malware, denial-of-service attacks, social engineering, and network intrusion techniques. Students will also learn the importance of identifying and mitigating these threats in real-world systems.
Module Learning Outcomes
At the end of this module, students should be able to:
Identify and explain common network security threats and attack techniques.
Analyze how attackers exploit vulnerabilities in computer networks.
Evaluate strategies used to prevent or mitigate network-based attacks.
1. Understanding Network Security Threats
1.1 What is a Security Threat?
A security threat is any potential activity or event that can compromise the confidentiality, integrity, or availability of information systems.
Threats may originate from:
External attackers (hackers)
Insider threats (employees or contractors)
Malware infections
System vulnerabilities
Human errors
These threats can lead to:
Data theft
System damage
Service disruption
Financial loss
Loss of organizational reputation
1.2 Threat vs Vulnerability vs Attack
Understanding these three concepts is important in cybersecurity.
| Term | Description |
|---|---|
| Threat | A potential danger that can exploit a weakness |
| Vulnerability | A weakness in a system or network |
| Attack | An attempt to exploit a vulnerability |
Example:
Threat: Hacker attempting to steal data
Vulnerability: Weak password system
Attack: Brute force login attempt
2. Types of Cybersecurity Threats
Cyber threats can be categorized into several types.
2.1 Malware
Malware refers to malicious software designed to damage systems, steal data, or gain unauthorized access.
Common types of malware include:
Virus
A virus attaches itself to legitimate programs and spreads when the program is executed.
Characteristics:
Requires user action
Replicates by infecting files
Can damage data or programs
Example: Infected email attachments.
Worm
A worm is a self-replicating malware that spreads across networks without user interaction.
Characteristics:
Rapid propagation
Consumes network bandwidth
Can disrupt network operations
Example: The WannaCry ransomware worm that affected global networks.
Trojan Horse
A Trojan disguises itself as legitimate software but contains hidden malicious code.
Example:
Fake antivirus software
Malicious game downloads
Unlike viruses, Trojans do not replicate themselves.
Ransomware
Ransomware encrypts a victim's data and demands payment for its release.
Impact includes:
Data loss
Financial damage
Operational disruption
Example: Attacks targeting hospitals or government systems.
3. Network Attack Techniques
3.1 Denial-of-Service (DoS) Attack
A DoS attack attempts to make a network or service unavailable by overwhelming it with traffic.
Consequences:
Server crashes
Network congestion
Service interruption
3.2 Distributed Denial-of-Service (DDoS)
A DDoS attack uses multiple compromised devices (botnets) to flood a target system.
Characteristics:
Large-scale attack
Harder to block
Uses infected devices worldwide
Example: Botnets using infected IoT devices.
3.3 Man-in-the-Middle (MITM) Attack
In a MITM attack, an attacker secretly intercepts communication between two parties.
The attacker may:
Eavesdrop on data
Modify transmitted information
Steal credentials
Example:
Intercepting communication on an unsecured public Wi-Fi network.
3.4 Spoofing Attacks
Spoofing occurs when attackers impersonate legitimate devices or identities.
Types include:
IP spoofing
Email spoofing
ARP spoofing
DNS spoofing
Example: Fake email pretending to be from a bank.
4. Social Engineering Attacks
Not all cyberattacks involve technical exploits. Many rely on human manipulation.
4.1 What is Social Engineering?
Social engineering is the psychological manipulation of people to reveal confidential information.
Attackers exploit human behavior such as:
Trust
Fear
Curiosity
Urgency
4.2 Common Social Engineering Techniques
Phishing
Fraudulent emails or messages designed to trick users into revealing sensitive information.
Example:
Fake login pages for banking websites.
Spear Phishing
Targeted phishing attacks directed at specific individuals or organizations.
Example:
Emails pretending to be from a company executive.
Pretexting
Attackers create a fabricated scenario to obtain information.
Example:
Pretending to be IT support requesting passwords.
Baiting
Offering something attractive to lure victims into downloading malware.
Example:
Free software downloads containing malicious code.
5. Password Attacks
Passwords are often the weakest point in security systems.
Common password attack methods include:
Brute Force Attack
The attacker attempts every possible password combination.
Dictionary Attack
Uses a list of common words and passwords.
Credential Stuffing
Uses previously leaked username-password combinations.
Keylogging
Malicious software records keystrokes to capture passwords.
6. Network Sniffing and Eavesdropping
Packet Sniffing
Packet sniffing involves capturing network traffic to analyze transmitted data.
While useful for network diagnostics, attackers may use sniffers to capture:
Passwords
Emails
Sensitive data
Example tools:
Wireshark
Tcpdump
Unencrypted communication is especially vulnerable.
7. Insider Threats
Not all attacks come from outside the organization.
Insider threats originate from individuals who have authorized access to systems.
Types include:
Malicious employees
Negligent staff
Former employees with access
Examples:
Data theft
Unauthorized system access
Information leaks
8. Security Vulnerabilities
A vulnerability is a weakness in a system that attackers can exploit.
Common sources include:
Unpatched software
Weak authentication
Poor network configuration
Misconfigured servers
Outdated security protocols
Regular security updates and vulnerability assessments help reduce these risks.
9. Defense Strategies Against Network Attacks
To protect networks from threats, organizations implement several security measures.
Firewalls
Control incoming and outgoing network traffic.
Intrusion Detection Systems (IDS)
Monitor network activity for suspicious behavior.
Encryption
Protects data during transmission.
Access Control
Restricts system access to authorized users.
Security Awareness Training
Educates users about phishing and social engineering threats.
Module Summary
In this module, you learned that:
Network security threats can originate from external attackers, malware, or insider activities.
Malware includes viruses, worms, trojans, and ransomware.
Network attacks include DoS, DDoS, spoofing, and man-in-the-middle attacks.
Social engineering exploits human behavior rather than system vulnerabilities.
Password attacks and packet sniffing can expose sensitive data.
Security mechanisms such as firewalls, encryption, and IDS help defend against cyber threats.
Understanding these threats is essential for designing secure and resilient network systems.
End-of-Module Review Questions
Define the terms threat, vulnerability, and attack and explain how they relate to each other.
Differentiate between virus, worm, and Trojan malware.
Explain how a Distributed Denial-of-Service (DDoS) attack works.
What is social engineering, and why is it effective against organizations?
Describe two methods attackers use to obtain passwords.
No comments:
Post a Comment