NETWORK SECURITY

THREATS
LEARNING OBJECTIVES

• Explain the different types of malware

• Understand how phishing operates
• Discuss how data can be intercepted
• Understand the meaning of DoS and brute force attacks and how to protext
against them
• Understand the concept of SQL injection
KEYWORDS

• Malware • Social Engineering • SQL Injection

• Virus • Data Interception
• Worm • Brute Force
• Trojan Horse • [Distributed] Denial of
• Spyware Service

• Phishing • Botnet
 MALWARE

• Malware is a catch-all term meaning

“malicious software”
• It refers to any software which can be
damaging to a computer or network, or
be used to illegally obtain data from a
computer or network
• Viruses, worms, trojan horses, and
spyware are all types of malware
VIRUSES
• Malware designed to cause harm to a network or
computer system
• Attaches itself to programs or files on a computer or
server
• Often received by downloading files from unsafe
websites, or opening attachments from malicious emails
• Around 82,000 viruses are created every day
• Famous viruses include Stuxnet and CryptoLocker
WORMS
• Worms are similar to viruses but replicate and spread
themselves to other computers using a LAN or the
Internet
• The worm does this by exploiting vulnerabilities
within the network
• Worms do not need to attach to a program, and a user
may not realise they have received one
• Mydoom was a worm which caused £38bn worth of
damage in 2004 (by adding infected machines to a
botnet for DDOS attacks) and was responsible for
25% of all emails sent that year
TROJAN HORSES

• So named because they are

designed to access a computer by
misleading users of their intent
• Very commonly attached to
phishing emails
 SPYWARE

• Designed to steal information rather

than cause damage
• Spyware might scrape data from a
system’s secondary storage, or log
keypresses, and send it to a separate
location so it can be used
• Can be harder to detect as it typically
does no damage
 SOCIAL ENGINEERING
• Also known as scamming
• This technique relies on human interaction,
usually tricking users into breaking normal
security procedures and revealing or
sending sensitive information to the
criminal
• This could happen via phishing emails or a
phone call claiming to be from a tech
support company or a bank, for example
• This method does not involve technical
cracking techniques
PHISHING
• A form of social engineering designed to acquire sensitive information such
as usernames, passwords, card details, etc
• Most commonly done via email
DATA INTERCEPTION

• Data travels across networks in packets

• These packets are technically accessible to anyone
connected to any device on their route
• If the packets are unencrypted, the information sent
alongside the packets can be used by the interceptor
to reassemble the original data
• If the packets are encrypted, the interceptor could still
do this, but the resulting data would be unintelligible
and therefore useless (as they would not have the
decryption key)
• Data interception can also be carried out physically –
for example by stealing a portable hard drive
 • This is using trial and error to gain access to password-based entry
systems
• The attacker tries possible passwords repeatedly until the correct
one is found
• The time this takes depends on the length and complexity of the
password used, and whether the user has chosen a common or
BRUTE guessable password
FORCE • Dictionary attacks are a common form of brute force attacks – using
ATTACKS a list of the most commonly used passwords (obtained from data
leaks) rather than trying every possible combination of characters
DENIAL OF SERVICE

• Every time a client makes a request to a server, the

server has to use processing time, RAM space, and
network bandwidth to service that request
• A DoS attack works by flooding the server with so
many requests that it cannot process them in a timely
manner
• This may fill up the RAM of the server and cause it to
crash, or simply cause it to take long enough to service
genuine requests that people give up
 DENIAL OF SERVICE
• These are usually malicious attacks intended to
prevent a website from being accessible
• This could be to take down a website the
criminal does not like
• Or to extort money by threatening a DoS attack
and the resulting downtime
• Or as a smokescreen to hide another malicious
attack happening at the same time
• Sometimes this can happen unintentionally –
e.g. when Glastonbury tickets are released, or
when a small website is linked on a large social
media site
 DISTRIBUTED DENIAL OF SERVICE

• A DDoS attack seeks to more effectively

carry out a DoS attack by using a large
number of computers spread over a large area
• This is more effective because more
computers can generate more traffic at once
• DDoS attacks make use of botnets –
collections of “zombie” computers that have
been infected with code giving a malicious
user control over that machine
 SQL INJECTION

• If a database system is not properly

secured, an attacker can use specific inputs
to execute malicious SQL statements
• Virtually all database-driven websites will
use SQL based databases
• Basic injection attacks are easy to protect
against but new vulnerabilities are being
discovered all the time
• SQL injection can be used to steal, access,
or destroy data