ISP Network Potential Threats

Threat Identification

A danger is an event which could take benefit of the vulnerability and make a terrible effect at the ISP network. potential threats to the ISP network need to be diagnosed, and the associated vulnerabilities need to be addressed to reduce the danger of the threat.

Trends Driving Network Security

As in any rapid-growing enterprise, modifications are to be predicted. The varieties of capability threats to network protection are usually evolving. If the security of the network is compromised, there may be extreme effects, like lack of privateness, stealing of information, and even legal potential.

Figure (——) illustrates several threats and their potential consequences.

Figure (———)

https://lh5.googleusercontent.com/zJ-sRNupq7NtexAMX4IPMkMI6jCFUykCDc08qvsTFk71TnRzPhkOf6nkJoS5M17tPuPe0G0JBFj2it4GPLe3Uj0GZkg5Zna54k0h4r9e5GOiRvBVy8JAwo7b_lTp1ZnIEreVk0fx

Introduction to Vulnerabilities, Threats, and Attacks:

Although studying network security, the three usual terms used are as follows:

â-  Vulnerability-A weak point that is essential in every network and device. This contains routers, switches, desktops, servers, and similar security gadgets themselves.

â-  Threats-The people keen, prepared, and eligible to take advantage of each security flaw, and they frequently examine for new exploits and weaknesses.

â-  Attacks-The threats use a selection of kits, scripts, and software to release attacks towards networks and network devices. Normally, the network devices beneath attack are the endpoints, such as servers and PC.

The sections that comply with talk vulnerabilities, threats, and attacks in more detail.

First aspect: let’s talk about vulnerabilities in ISP

Vulnerabilities within ISP network security can be summed up as the “soft spots” which can be found in each network. The vulnerabilities are be found in the network and separate devices that build up the network.

Networks are classically troubled by unique or all of three main vulnerabilities or weaknesses:

â-  Technology weaknesses

â-  Configuration weaknesses

â-  Security policy weaknesses

The sections that follow inspect separately of those weaknesses in further detail.

Technological Weaknesses:

Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses. Table (——) describes these three weaknesses.

Table ( ——) Network Security Weaknesses

Weakness

Description

TCP/IP protocol weaknesses

FTP, HTTP, and ICMP are naturally insecure.

(SNMP), (SMTP), and SYN floods are linked to the naturally insecure building upon which TCP was created.

Network equipment weaknesses

Many types of network tools, such as switches, routers, IDS, and firewalls have security flaws that should be known and shielded against. Example of These flaws are as follows

Protocols Firewall Holes Password Protection Absence of authentication Routing

Configuration Weaknesses

Network administrators or network engineers must ­­­­­­­­discover what the configuration flaws are and perfectly setup their computing and network devices to balance. Table (—–) includes usual setup weaknesses.

Table ( —— ) Configuration Weaknesses

https://lh5.googleusercontent.com/cQWTjAXBnpkUy0kRonQEXNnEX47gCKHPXKkfDOYPPNx36n3deZuPyJCo9ccV4_AQVOFQQHrDy0zIOJVhJ-1gFAXKfqON0S2hmwffy__5BcuQ41f_5sv96gOqXaKzWXAYOpsDxasq

https://lh5.googleusercontent.com/RcruN97Nu6mHoRbM-gKU6KiZ6s83f1JE9gXSSBqYQ74DNE5Q7PK-2esqZLm28SzFaUJRBLLknNDhtEIycdbdxO9sJjUo5fUmLDci1hl5pUJaE_9Q_TfKhvahdSs3ioxUSV-fv87K

Security Policy Weaknesses

Security policy flaws can generate unexpected security risks. The network can pose security threats to the LAN if workers do not follow the security policy. Table (——) lists selected usual security policy weaknesses and how those flaws are misused.

Table (—–) security policy weaknesses

https://lh4.googleusercontent.com/etH8ivXGgtFah27lkX97k5gKFhKztTGzCdPzqcZUTAekZBkV_xYrNWPx3dQdQlqXxuFUetCLRMoaWfmcC9Fvl5HAi4relGL2A4NwJoQOMPmBoeL_0Idhbep4eipkqpHu7-VVS6fF

Threats

There are four main classes of risks to network security, as Figure (—-) depicts. The list that follows defines all class of risk in additional detail.

Figure (———) Variety of Threats

https://lh5.googleusercontent.com/KEJY-DDOtoCE8TNOSfy8VgOOmfejtu0YVOPLoTgirU5G8F_Xs6C8HFklme3u0fiKYkuRvmb0ggDTkgffCV1ipfF_htX8YeINRoVf7IuOtzvW15hJ3aGWf_sEtg-Zu2Ere9ourPQx

â- Unstructured threats– these types of threat happen when users with little experience try to be hackers by using some ready hacking software like shell scripts and knowing password. Even these types of threats which only comes hackers can form a significant harm to companies.

â-  Structured threats– the source of these threats are hackers who have more technical knowledge and with stronger drive. Such hackers are equipped with knowledge about the weaknesses in the system and are willing to misuse codes and programs. They study, make and use advanced hacking methods to enter business’ systems without their awareness of the hacking.

â-  External threats– these threats come from persons or groups outside the business without having an official and legal access to business’s system.

â-  Internal threats– these threats come from people with official access to the system by having an online account or physical access to the system.

Attacks:

There are four main types of attacks:

â-  Reconnaissance

â-  Access

â-  Denial of service

â-  Worms, viruses, and Trojan horses

each of the above-mentioned attacks will be explained in the next paragraphs.

Reconnaissance

It is the unapproved revelation or the systems’ vulnerabilities, planning, or services (see Fig …)

Read also  A Review On The CAD System Information Technology Essay

There are some elements of similarities between reconnaissance and a robber who watches areas to notice any easy target to enter like empty houses, unlocked doors and windows.

Figure (——–) Reconnaissance

https://lh3.googleusercontent.com/_etiHZj3_4SHO9SZgYy3Ym5nfIBFNiq1bgb90MGyEVG8Qm3kAg3VG9j_b1GFAUyj2p7q_f1ULxbdb1WW5kGIreNyUiisXbZY3f6Jr0Y8d2vvyz04jl3JuNBrI99bPrYW4w0MTgzV

Access

This attack can take place when an unapproved interloper gets an access to the system without an account or a password.

Denial of Service (DoS)

This attack is the most worrying type of attacks. It means that hackers make the intended users no longer able to access services, systems or networks. Dos attacks make the systems useless by damaging it or making it too slow. Mostly attacks happen by a hack or a script.

Worms, viruses, and Trojan horses

This type of attack is widespread online through an internet.

Attack Examples

The next section is dedicated to representing examples of attacks to elaborate and explain it more.

Access Attacks

Access attacks take advantage of recognized vulnerabilities in authentication services, FTP services, and internet services to benefit access to internet accounts, private databases, and different private info get entry to attacks can include the following:

â-ª Password attacks

â-ª Port redirection

â-ª man-in-the-middle attacks

â-ª Social engineering

â-ª Password attacks

Password attacks may be applied using multiple techniques, such as brute-force attacks, malicious program applications, IP spoofing, and packet sniffers. (see figure ——- for an example of a try to attack the use of the administrator’s profile) brute-force attacks.

Figure (——–) Password Attack Example


https://lh5.googleusercontent.com/2DZnp8EG-J1C_IJIqIfLojGT7B4CfUm5Nqe6GB-OcS6jL19obHcLi3hIphkfVqni5kWfuwN6MXc1si7HILh9J67X0oeh-8mnyUleYX8Ml28N-T5L2YztU0H2Bcnv8BCSQ-j5s_XG

Port Redirection

This type of attack (please see Fig …) happens when there a trust is taken advantage of through cooperated host to penetrate a firewall which originally is hard to penetrate. For example, when a firewall has a host for each of its three interfaces. External host can contact the public services segment host but not the internal host. The public service segment is also known as a demilitarized zone (DMZ).

Figure (——–) Protocol Analyser

https://lh4.googleusercontent.com/kAQ-imvoR-JRBBxNT9Abn_zGzPlrAFWdUCJ6aOhlny6mvaH9NQawRI3i8gZkULt5rjTRXWEA8D4n6Obu-Ylf89S6LBkCc2ZjhOozWnrXT8YhQqZDxJk40jtK5-xysR9FQMis5S0G

Port redirection may be mitigated typically via using right trust models, that are network (as referred to in advance). Assuming a system underneath attack, a host-based IDS can assist discover a hacker and save you set up of such utilities on a host.

Man-in-the-middle attacks

a person-in-the-middle attack calls for that the hacker has get admission to to net packets that come upon a net. A sample might be operating for (ISP) and has access to all net packets transferred among the ISP net and some other net.

man-in-the-centre attack mitigation is performed by encrypting traffic in an IPsec tunnel, which might permit the hacker to look only ciphertext.

Social Engineering

simplest hack (social engineering) If an outsider can trick a member of an corporation into giving over valued data, which includes places of documents, and servers, and passwords, the technique of hacking is made immeasurably simpler. 90 percent of workplace workers gave away their password in trade for a cheap pen.

Denial-of-Service (DoS) Attacks

This is definitely the most common method of attack. DoS are also one of the hardest attacks to remove entirely. Even amongst hackers, DoS hackers are seen unimportant due to the fact that this method is easy to perform. In spite of that, this form of threat requires high security attention because it can cause a possible huge harm using easy steps (also clarified in Fig…..).

Figure (———). Denial of Service

https://lh4.googleusercontent.com/KjmcYaWcYMPDsMMZvR6NPVewB4DmniCsr_x_NYZW2gw0xh_jsY--2s8__eD3asSYY-wWsXg8RsaJmg_UYNfv1JHzxvLBI3Lktigvt469HEwyBypES-7DlzhJKMJYZ9ekahvQC9xc

The next example of a some common type of DoS threats:

â-  Ping of death-This attack changes the IP part of the header to deceive others into thinking that there is extra data in the packet than the reality, as a result the system which plays the recipient part will fall apart, as explained in Figure (…..).

Figure (——–). Ping of Death

https://lh4.googleusercontent.com/P3x4Y2AFesn7TwXsZZ5D1Aa5CtysUnrv8-VJemu6Cl5kzZJv-cH1dl1varQs5GMRHfGexlaHlKYX3XfPzszSjfscvfH1WAb8n5W9S3knrwzIFfIHAih3QXn0XldBJSTqpSBZSWF8

â-ª Distributed Denial-of-Service Attacks

Distributed denial-of-service attacks (DDoS) these attacks take place by filling the network links with false data. This data can crush the internet link, which means that consequently the genuine traffic will be denied. DDoS attacks use similar techniques to those used by DoS attacks but the former is performed on a wider scale. They usually use thousands of attack centers to overpower a target (see an example in figure …..)

Figure (——) DDos Attack


https://lh6.googleusercontent.com/fadwY7lZtM3hfAoZZItXhKQDNN74_xWat5crC3MP2ZVYBpHYYrfHlJw-uK889qicWhROjOBKE_dUQOECA0XuO5JwMPv21MVRw0MU6s911ai-8kl3Rb91I6-o4KFPSEuXE-G5W0SS

Malicious Code

The main vulnerabilities for end-consumer workstations are next:

â-  Trojan horse-A software created to seem like something else that in reality is an attack app

â- Worm-A software that performs random program code and installs duplicates of itself within the RAM of the infected PC, which then infects different hosts

Read also  Ethical Hacking And Network Protection Information Technology Essay

â- Virus-Malicious program is connected to some other software to perform a specific undesirable function on the user computing device

Worms

The types of a worm attack is :

â-ª The enabling vulnerability-A computer virus installs itself the usage of an take advantage of the vector on a susceptible system.

â-ª Propagation mechanism-After having access to PC, a worm repeats and selects new devices.

â-ª Payload-After the PC or device is hit with a worm, the attacker has to get entry to the host- frequently as a privileged user. Attackers may want to use a local exploit to increase their privilege degree to the admin.

Vulnerability Analysis

It is vital to analyse and study the present state of network and the administrative practice to know their present amenability with the security needs. This step is needed before working on the addition of new security solutions to an established network. This study will create a chance to find potential enhancements and the possible requirement to reshape part of the system or reconstruct it entirely to meet the requirement. The study/analysis can take place through these steps identifying the policy, analysing the network and analysing the host.

The previous sections attempted to present different types of attacks and suggested some solutions. However, the next table summarises different attacks and presents more solutions to these attacks

Threats

Good practices

Assets, assets covered

Gaps (assets not covered)

Routing threats

AS hijacking

Internet protocol addressing, Routing protocols, Administrators

Administrators

Make use of useful resource certification (RPKI) to offer AS authentic validation. The reader needs to be conscious that on the time of writing, it’s far impossible to discover AS hijacking mechanically.

Internet protocol addressing, Routing protocols

Administrators

Address space hijacking (IP prefixes)

Routing, Internet protocol addressing, System configurations, Network topology

Make use of resource certification (RPKI) to offer AS authentic authentication.

Routing, Internet protocol addressing, System configurations, Network topology

set up the best Use policy (AUP), which promotes guidelines to safe peering.

Routing, Internet protocol addressing, System configurations, Network topology

set up access filtering from the edge router site to the net.

Routing, Internet protocol addressing

System configurations, Network topology

set up Unicast opposite direction path Forwarding to conform the legitimacy of the main sources IP address.

Routing, System configurations, Network topology

Internet protocol addressing

set up egress filtering on the boundary router to proactively clear out all traffic going to the client that has a source address of any of the addresses which have been assigned to that client.

Routing, Internet protocol addressing

System configurations, Network topology

filter out the routing announcements and apply methods that decrease the danger of placing an extreme load on routing created via illegitimate path updates/announcements. for example, Route Flap Damping (RFD) with a properly-described threshold might also make a contribution to lowering router processing time

Routing, Network topology

Internet protocol addressing, System configurations

filter out the routing announcements and apply methods that decrease the danger of placing an extreme load on routing created via illegitimate path updates/announcements. for example, Route Flap Damping (RFD) with a properly-described threshold might also contribute to lowering router processing time

Routing, Internet protocol addressing, System configurations

Network topology

Setup updates for the routing organization infrastructure may simply be accomplished via a described authority the usage of solid authentication.

Routing, System configurations, Network topology

Internet protocol addressing

Manage the status of BGP to discover uncommon activities like path modifications or uncommon announcement.

Routing, Internet protocol addressing, System configurations, Network topology

Route leaks

Routing, Network topology

Configure BGP Max-prefix to make sure the legitimacy of routes broadcast. If extra prefixes are received, it’s miles a signal of a wrong behaviour and the BGP session stopped.

Routing, Network topology

Utilize useful resource certification (RPKI) to offer AS source authentication.

Routing, Network topology

BGP session hijacking

Routing, Internet protocol addressing, System configurations, Network topology

set up prefix filtering and computerisation of prefix filters.

Routing, Internet protocol addressing, System configurations, Network topology

Use AS route filtering.

Routing, Internet protocol addressing, System configurations, Network topology

Employ (TCP-Authentication option) to safe & secure BGP Validation so that you can update TCP- MD5.TCP-Authentication option to make it simple to a trade of keys.

Routing, Internet protocol addressing, System configurations, Network topology

DNS registrar hijacking

Domain name system, Addressing units, Applications, Credentials, Administrators

Registrants need to defend account credentials and outline authorized customers, at the same time as registrars need to offer a secure and safe authentication technique.

Addressing units, Credentials, Administrators

Domain name system, Applications

Registrants need to defend account credentials and outline authorized customers, at the same time as registrars need to offer a secure and safe authentication technique.

Addressing units, Applications

Domain name system, Credentials, Administrators

Registrants need to keep documentation to “show registration”.

Addressing units, Applications

Domain name system, Credentials, Administrators

Registrants should usage isolated identities for the registrant, admin, technical, & invoicing contacts. therefore, registrars should permit an extra complicated user rights control.

Credentials, Administrators

Domain name system, Addressing units, Applications

Registrars have to set up an effective sector information control.

Domain name system, Addressing units, Applications

Credentials, Administrators

Registrars must keep in mind assisting DNSSEC.

Domain name system, Addressing units, Applications

Credentials, Administrators

Registrars can also manage DNS exchange events.

Addressing units, Applications, Administrators

Domain name system, Credentials

DNS spoofing

Domain name system, Addressing units, Applications, System configurations, Essential addressing protocols – DNS, Administrators

Administrators

Deploying DNSSEC ambitions to extra secure DNS customers (resolvers) source authentication of DNS information, authentic denial of existence, and info or data integrity.

Domain name system, addressing units, Applications, System Configurations, Essential addressing protocols – DNS

Administrators

DNS poisoning

Domain name system, Addressing units, Applications, System configurations, Executable programs, Essential addressing protocols – DNS, Administrators, Operators

Administrators, Operators

Deploying DNSSEC ambitions to extra secure DNS customers (resolvers) source authentication of DNS information, authentic denial of existence, and info or data integrity.

Domain name system, Addressing units, Applications, System configurations, Executable programs, Essential addressing protocols – DNS

Administrators, Operators

Restrict zone transmissions to decrease load on network & system

Applications, Executable programs

Domain name system, Addressing units, System configurations, Essential addressing protocols – DNS, Administrators, Operators

Limited active updates to only official sources to keep away abuse. Such abuse include the misuse of a DNS server as an amplifier, DNS cache poisoning…

Addressing units, applications, System configurations, Executable programs

Domain name system, Essential addressing protocols – DNS, Administrators, Operators

configure the trusty name server as non-recursive. Discrete recursive name servers from the trusty name server.

Domain name system, Addressing units, Applications, Executable programs

System configurations, Essential addressing protocols – DNS, Administrators, Operators

Permit DNS transference over TCP to provision non-standard demands. Furthermore, TCP could be essential for DNSSEC.

Addressing units, Applications, System configurations, Executable programs

Domain name system, Essential addressing protocols – DNS, Administrators, Operators

Domain name collision

Domain name system, Applications

Don’t use any domain names which you don’t own for your inner infrastructure. For instance, do not take into account non-public domain name area as top-level domains.

Domain name system, Applications

Stopping DNS demand for inside namespaces to leakage into the net via making use of firewall policies.

Applications

Domain name system

Usage booked TLDs such as. invalid, test, localhost, or. example.

Domain name system, Applications

Denial of Service

Amplification / reflection

Applications, security, Generic Internet provider, Hardware, Executable programs, System configuration, Application protocols, Administrators, Operators

System configuration, Essential addressing protocols, Administrators, Operators

Undertake source IP address deal with authentication at the edge of net organisation to avoid network address spoofing via egress & ingress filtering.

Applications, Security, Generic Internet provider, Hardware, Executable programs, Application protocols

System configuration, Administrators, Operators

Workers of official name server operative must apply (Response Rate Limiting).

Applications, Security, Generic Internet provider, Hardware, Executable programs

System configuration, Application protocols, Administrators, Operators

ISPs and DNS name server operatives must to deactivate exposed recursion on name servers and may just allow DNS requests from reliable sources.

Applications, Security, Generic Internet provider, Hardware, Executable programs

System configuration, Application protocols, Administrators, Operators

Flooding

Applications, Security, Generic Internet providers, Hardware, Executable programs, System configuration, Essential addressing protocols, Administrators, Operators

System configuration, Essential addressing protocols, Administrators, Operators

Industrialists and configurators of net tools must take footsteps to protected and secure all equipment . One option is to have them update by patching mistakes.

Applications, Security, Generic Internet providers, Hardware, Executable programs

System configuration, Essential addressing protocols, Administrators, Operators

Protocol exploitation

Applications, Security, Generic Internet providers, Hardware, Executable programs, System configuration, Essential addressing protocols, Administrators, Operators

Malformed packet attack

Applications, Security, Generic Internet providers, Hardware, Executable programs, System configuration, Essential addressing protocols, Administrators, Operators

Application

Applications, Security, Generic Internet provider, Hardware, Executable programs, System configuration, Application protocols, Administrators, Operators

Read also  Pipelining And Superscalar Architecture Information Technology Essay
Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)