Categories
Technology

A Threat Analysis to Enterprise Computer Networks and how to mitigate them

Abstract

The network threats demonstrate the malicious behavior and can result the same amount of damage – whether through intention or not. Regrettably, most networking infrastructures need to deal with the growing concern of malware and viruses that are available on compromised networking resources and cause unintended security threats from gullible employees. It is significant to comprehend that the attacks and vulnerabilities are quite common and there are some things that they can do at a strategic level to assure some levels of secured networking.

The main objective of this research study is to examine the computer network threats highly seen in organizations. The study evaluates the network vulnerabilities which cause high impacts on the company business. The study will review various academic papers and literatures published in this context proposing the solutions of recognizing the security threats and implementing them.

TABLE OF CONTENTS

  1. Introduction. 4

1.1.     Research Aim.. 7

1.2.     Research Objectives 7

  1. Literature Review.. 8

2.1.     Managing Security Threats and Vulnerabilities in Assets 9

2.2.     Risk Assessment of Computer Network. 15

References 18

  1. Introduction

In today’s modern world, there is an ever-increasing reliance on computer networks when it comes to business transactions. This is due to the free flow of unlimited information and the soaring accessibility of a lot of resources. The enterprises need to be aware of every potential threat to their business networks. Such threats come in different forms, and they all cause loss of privacy to businesses at some degree and perhaps malicious obliteration of resources or information that can result to huge financial losses. If the organization knows which network areas are more vulnerable to network intruders and the identity of the attacker then the possibility of network intrusion can be prevented. The past trend in the business was to trust the networks’ internal users and to mistrust connections accessed online or those that originate from remote access networks with the use of VPNs or virtual private networks, dial-in modems, and ISDN or Integrated Services Digital Network lines (Marshall, 2005).

It is imperative to put trust in the employees that work inside the network and trust the people that are authorized to use internal network resources taken outside the company. Trust, however must be weighed with reality too. Some sources though indicated that at least 60 % or more network attacks are perpetrated by people who work inside the corporations. Currently, there is a growing trend to distrust internal users and stricter security measures have been put in place for better information security. Wireless networks now have become used more widely with more severe security reflections being required in these instancing such situations. Restricted network infrastructure equipment use and critical resources utilization is essential. This limits network access for people really needs access thus coming up with a smart way to dissuade many threats that violate the security of computer network.

Different types of network threats are different types of threats that do exist; some of those threats belong into three basic categories unauthorized access, impersonation and service rejection. Unauthorized access happens when there is an unauthorized entity that gained access to a business asset and poses the prospect of tampering with that accessed asset. Getting access is generally the outcome of interrupting information during transit over an unreliable channel or utilizing an intrinsic flaw in a product or technology. Gaining access to business network resources is generally completed by performing a few exploration works. Most probably, the business network will be accessed online, getting entry into the offline cable, access through remote dial-in modem, or access through the network. In reconnaissance work, a very common component is information social engineering (Philips, 1995).

Impersonation is highly connected to unauthorized access but is significant enough to be discussed independently. Impersonation refers to the ability to display credentials of someone or using an identity another person. These attacks come in different forms: robbing a classified key or copying an authorization series to play again in the future. Such attacks are usually called the man-in-the-middle attacks, in which an intruder has the ability to interrupt traffic and may result in hijacking an accessible session, change the transmitted information, or infuse counterfeit traffic into the business network. In huge business networks, impersonation may be distressing since it evades the trust relationships generated for prearranged authorized access.

Impersonation has the ability to emerge from packet replay attacks and spoofing attacks. Spoofing attacks offers bogus information regarding a principal’s personality to acquire unlawful access to services and systems. A replay attack can be a kind of spoofing since messages are recorded to be sent again later, this is usually used to utilize errors in authentication ideas. Both replay and spoofing attacks are typically an effect of information gathered from snooping. Many packet-snooping programs have packet-generating capabilities too that can gather data packets to be played later. Individual impersonation is common. The majority of such scenarios are pertinent to getting access to verification series and with the use of this information, to acquire unauthorized access (Ec-Council, 2010).

As soon as access is attained; the generated harm will depend on the motives of the intruder. If you are lucky enough, the interloper could be just a curious entity browsing over the net. Nonetheless, most may not be really lucky and some intruders may find confidential information and then compromise then until they can be eventually damaged. Denial of Service or DoS is a disruption of service maybe due to destroyed system or maybe because the system is unavailable temporarily. A good example is a hard disk of a computer; dissolving the physical structures, and utilizing available resource memory.

This research study attempts to evaluate the threat to project computer networks by delineating the different vulnerability points on the network and describing the myriad of threats that currently exist and that is becoming a menace and putting the business infrastructure in jeopardy.  In addition, the project will identify and enlighten some key points, like recognizing major factors required for business network security; recognizing and cataloging attack examples; describing main vocabulary used in computer networks; recognizing vulnerability points in networks; evaluate and distinguish encryption systems and their susceptibility to attacks; clarify the allegations of executing encryption at various levels; illustrate the employment of mixed up functions;  clarify the responsibility of third-party representatives in authentication services; talk about the efficiency of passwords for access control and the manipulation of individual behavior; recognize the devices utilized in the execution of safety in networks (Shinder, 2001).

1.1.Research Aim

The study aims to examine the computer network threats of enterprises by examining the various vulnerabilities of the network which are likely to jeopardize the business.

  • Research Objectives
  • To examine the computer network threats of enterprises
  • To study the impacts of network threats on business
  • To study and propose solutions for recognizing security features of enterprise computer network

2.     Literature Review

Research work on the vulnerabilities and threats of the computer systems is fast becoming popular because it has a significant impact on the economy of the organization and also has an evolving nature.

Marshall (2005) studies various models addressing the vulnerabilities and threats contained in ISO/IEC 15408 showing the relationships and representations of the security concepts in context with assets, risks, safeguards and owners. The entire perspective of the common criteria (CC) Model is restricted because it does not comprise of the vulnerabilities in assets and relationships of vulnerabilities in its representations or any security concept. The CC Model helps in evaluation of the engineering products and is required in its rights and also the models have to evolve for including other security notions required for protection of the assets when the incidents of asset vulnerabilities are increasing and given. A specific model for control measures and threat classification was proposed aiming at identification of the potential results of an attack. This model focused on the attacks and their results but relationships of the security issues like vulnerabilities in assets could not be covered (Marshall, 2005).

The literature comprises of other contributions but majority of them focus specifically on threats or vulnerability issues. Therefore, frameworks possessing the ability to model vulnerabilities and threats issues simultaneously and associate their relationships with the security concepts are much ahead.

Computer Security is nothing but protection given to the computer networks so as to achieve fundamental objectives of safeguarding the availability, integrity and confidentiality of the information system resources including telecommunications, data, information, firmware, software and hardware. Therefore, the main objective of dealing with vulnerabilities and threats of a system are to safeguard the computer networks and communications for preserving those (Virus threat forces military to ban computer flash drives., 2009).

Gilmer (2005) asserts that confidentiality of communications and systems is safeguarded. This is needed for avoiding unauthorized disclosure of communications and systems either inadvertently or intentionally. It is also important to safeguard the integrity of information, data and computer networks. This is needed for ascertaining that the computer networks along with the services offered are timely, authentic, consistent, complete and accurate. The availability of computer networks along with the services offered is also to be protected. This is needed for ensuring that the systems and the services offered are available at the acceptable levels to the legitimate entities (Gilmer, 2005).

Computer network threats are referred to as circumstances, events and entities having the ability to distort or harm the normal security activities by exploitation of the system vulnerabilities. The term harm refers to breach or abuse of the availability, integrity or confidentiality of the computer networks by way of service denial, data interruption, modification, disclosure and destruction. The term asset refers to which is valuable and significant for the owner including communication infrastructures, data networks, programs and information (Gilmer, 2005).

2.1.Managing Security Threats and Vulnerabilities in Assets

The security conceptual structure which is the investigated framework by Bartels (2008) has been adapted from ISO/IEC 15408 which gives a logical definition of 7 security concepts and associated relationships like asset’s owners, threat agents which generate threats, vulnerabilities in assets, risks which result because of vulnerabilities and threats, threats which exploit the vulnerabilities in assets, valued assets of SMEs and countermeasures that are imposed for mitigating and preventing threats, risks and vulnerabilities (Bartels, 2008).

The conceptual structure helps organizations in understanding the requirements to stay protected, what needs protection and the ways in which they can be safeguarded. First, this structure helps SME to identify the assets which are significant to them determining what needs to be protected and the weaknesses which exist within or in the assets. Second, it also helps in assessing the factors that exploit the weaknesses addressing the risks linked with potential threats and vulnerabilities which exploit the vulnerabilities. Finally, they help in deciding what can be implemented for mitigating and preventing identified vulnerabilities ad threats (Bartels, 2008).

An intruder attempting to get unauthorized access to the Internet, firstly some information must be gathered to identify the resources or networks which are susceptible to the vulnerabilities. There are a number of methods which have been used for identifying the potential targets. Reachability check implements tools which verifies that the given device or network is reachable. For instance, DNS queries provide information like who is the owner of a specific domain and the addresses that have been allocated to that domain. The ping command follows that is the simplest way of verifying the reachability of a potential target. There are other significant network utilities which can identify a reachable target like NSLOOKUP, Telnet, Whois and Finger. (Philips, 1995)

When any live system is discovered, attempts are made by the attacker to identify the services which can be exploited. This is achieved by a method usually known as Port Scanning. Details about the UDP and TCP protocol have been given clarifying the ways ports are used which show that each application has a particular port number linked with it which identifies an application. By using port scanners, the intruders get access to the information on the availability of network services and applications which can be exploited (Philips, 1995).

As per the study conducted by Robinson (2005) the difficulty or ease of packet snooping on any network depends on the implemented technology. Common media networks are specifically susceptible to packet snooping as it transmits packets all through the network while travelling from its origin to final destination. When hubs or connectors are used within the common media environment, it becomes simple to incorporate a novel mode having a packet-capturing ability for snooping the network traffic. Any intruder can hit the Ethernet Switch with the help of a packet-decoding program like TCPDump or EtherPeek reading the data which crosses the Ethernet (Robinson, 2005).

There are individuals using popular exploits like war dialing for getting unauthorized access. The term war dialing became popular from the movie ‘War Games’ which refers to a method involving exploitation of the organizations private exchange system (PBX), dial and telephone for penetrating internal computing resources and networks. The attacker just needs to look for a user internal to the organization via an open connection with the help of a modem which is unknown to IT staff or which has worst or minimal or no security services supported. It must be noted that any unknown modem bypassing the IT security measures like authentication servers, virus checkers, firewalls etc. and using unauthorized modems must be taken as critical security breach (Robinson, 2005).

There are corporations which set up modems which can auto-answer and permit unauthenticated access from any Public Switched Telephone Network (PSTN) in to a protected infrastructure. There are various war-dialer programs that are available freely on the Internet simplifying the attackers attack methodology and minimize the time needed for discovering the vulnerabilities. Majority of the programs spontaneously dial a given list of phone numbers and enter and log into the database the numbers which connect successfully to the modem. There are programs having the ability to recognize specific modem manufacturers and when the modem is connected to the computer, it can recognize the operating system conducting automatic penetration testing. In this situation, a war dialer searches a given list of passwords and usernames so as to access the system. In case the program does not offer automatic penetration testing, attempts may be made by the intruder to hit a modem with the help of unprotected logins and passwords which can be cracked easily (Eric Cole, 2005).

Wireless networks are particularly susceptible to get accessed in an unauthorized manner. Wireless access points have been implemented in various corporate LANs as they extend connectivity easily to the corporate users without making the expense and spending time for installation of wiring. Such wireless access points (Aps) perform as bridges extending the network till 300 yards. Some coffee shops, hotels and airports offer free wireless access and thus anyone having a wireless card on their mobile device can be considered an unauthorized user. There are certain wireless networks which permit restricted access and are unaware of the ways in which their networks can be accessed (Thermos & Takanen, 2008).

The wireless networks having no security measures installed are very huge. Most of the people have their Aps run effectively in an open mode showing that they are wide open having zero encryption enabled. A large number of people also have their Aps run on IP ranges and default Service Set Identifier (SSID) implying that no or little configuration is being used while setting up the wireless LAN (Bartels, 2008).

It has been mentioned before that computers getting damaged with botware are controlled remotely for controlling other criminal activities like DoS attacks. A DoS attack can be defined as a traffic flood sent which results in the websites to become inaccessible for the legitimate users and overwhelmed. DoS attacks target both software and hardware applications, for instance, they can shut down the main power supply. 4% of the small businesses experiencing computer security incidents in 2006 and 2007 reported DoS attacks (Shinder, 2001).

These attacks can be made against various businesses for different reasons like revenge, protest, competition or extortion. Online extortion can be referred to as a DoS attack which signals that another attack on a bigger scale may approach if payment is not made. Sometimes business competitors also deploy DoS attacks against the opponents so as to get financial benefits by stealing their clients. Sometimes protestors make use of a DoS attack to revolt against practices like animal testing. The best example of revenge DoS attack is when a particular employee is fired or when a job applicant becomes unsuccessful.

Phishing and Spear Phishing

Phishing is nothing but obtaining the personal information or login credentials by fraudulent means by acting as a genuine company like a bank. Victims are mainly approached via emails and then they are lured to any bogus website where they end up entering their personal information. Small businesses had faced a number of computer security risks in 2006 and 2007 out of which 24% were phishing attacks. This might represent the business being fraudulent receiving regular phishing emails.

Spear phishing is done mainly to gain access to the computer system of a business. This is quite different from phishing because it does not target huge number of likely victims but a particular business employee or owner is selected. This attack is personalized in order to enhance its legitimacy like it would then seem to come from the service provider with which the business generally deals with. Later on as such spear phishing emails get directed towards smaller number of people and not too many recipients, they have fewer chances of being blocked or detected by email filters.

Today more types of vulnerabilities for the operating systems, business applications and internet browsers are being identified constantly. There are various security patches which fix the vulnerabilities of a computer program which can be used by the hackers to get unauthorized access. These patches also correct software bugs improving computer performance. Such patches are sometimes installed in a test computer so that it is sure that they do not remove or change functionality which can interfere with the regular business functions. It is mandatory to make sure that these patches get installed quickly after they are available in order to identify the vulnerabilities they will be fixing resulting in potentially increased attempts of exploitation. This can be made possible by making sure that an auto-update function is implemented. Nevertheless, only 7% of the small businesses had reported within the ABACUS survey that automated patch management was used for updating the security of their computers and 5% of the patches were managed manually (Bhatia, 2009).

A survey was conducted by ABACUS which showed that 70% of the small businesses had been using firewalls for protecting their computer systems. What firewalls actually do is that they provide fencing between the Internet and the computer which safeguards the system against unauthorized access. Firewalls are also used internally to a network for limiting access to specific services or systems. Hardware firewalls comprise of routers having firewall capabilities or computer systems which act like buffers being usually used for any computer networks. Software firewalls are different in the sense that they safeguard individual computers. There are various operating systems having firewalls which can be enabled and also have various antivirus programs having similar features. Thus, network threats are many and new vulnerabilities are being identified every new day which require rapid attention (Thermos & Takanen, 2008).

Wang (2009) explains four types of threats to which a hypothetical network is susceptible to like natural disasters, accidents, human non-malicious and human malicious and unexpected disruptions.  The computer networks of a hypothetical firm are vulnerable to various threats which are unpredictable and predictable human malicious varying in their occurrence frequency. Some of the common threats are computer viruses, black-hat hackers, sabotage, denial-of-service attacks, war dialing, terrorists and social engineering. These threats result in altered data, building collapse, bankruptcy, loss of life, ill will, network shutdown, websites and processing delays. Few of these threats are predictable like input errors in data entry and some are unpredictable like fires. The outcome of non-malicious threats is quite different from that of malicious threat like rerun costs, loss of life and inaccurate reports. Accidents generally take place randomly and their frequency of occurrence is very high rate resulting in major and minor problems. Unexpected disruptions and natural disasters are unpredictable and destructive. The frequency of occurrence of these threats greatly depends on the geographical location of a firm (Wang, 2009).

2.2.Risk Assessment of Computer Network

Identifying the population of the potential threats have to be reduced into smaller subsets of significance or the threats which are likely to take place in an IT environment. Identifying such risks makes sure that the firm will allocate the scarce resources optimally to the security measures which address the risks.

Pareto’s Law states that smaller percentage of an item within a population depicts the most important item of the population. This has been applied widely to accounting applications and business along with sales, purchasing, inventory, accounts receivable, credit, collections and accounts payable. For instance, this law demonstrates that 20% of firm’s goods make about 80% of its sales and 20% of the inventories accounts for 80% of the total cost of the inventory. In context with risk analysis, internal personnel or consultants can avoid misdirecting their hard work on the threats needing security measures. When used effectively, this law helps a firm to achieve the biggest returns in case of risk reduction for a limited total investment made in security measures. Therefore, reducing the possible high cost of a security effectively needs redistribution of the efforts so that they are focused on smaller number of important threats.

In a study conducted by Ec-Council(2010) majority of the firms that responded to the surveys done recently that there are threats subjected to the availability of business systems. The possibility of monetary losses and occurrence resulting from reported threats are often and seldom and either minor or major.  Insurance companies had formulated various tables which determine the rate at which various threats occurred. Such tables were left open to the public for helping them in carrying out risk assessments. These tables rank the possibility of risks which occur depending on categories like virtually impossible, may take place once in around 40 years, and may happen once in 100 days or once in a day (Ec-Council, 2010).

Risk scenario approach technique provides with a list of possible threats to the experts that take independent decisions of arriving at a list of threats that has been ranked and has the chances of occurring in a firm’s environment. The experts use automatic decision support software methods and brainstorming during the committee meetings for consolidating the risk ratings of individuals into a list which represents the participant consensus.  A statistical approach seems feasible when the company maintains sufficient historical records of the true occurrences of disasters and threats. It comprises of designing a frequency distribution chart for such historical risks. This approach requires inferring from the previous data for predicting the future. Therefore, it must be implemented with many approaches mentioned earlier specifically the approach of threat scenarios (Shinder, 2001).

It is sure that a firm cannot implement every potential security measure because this strategy is not feasible economically. Most of the measures are overlapping and safeguard against the various threats. Such a selection process is accomplished either quantitatively or qualitatively. The figure shows the party which will perform the risk assessment which does not conduct a justification analysis which is cost-effective. Rather, for mitigating the risks which occur frequently, security measures are selected depending on experience, intuition and judgment. The approach of cost-effectiveness justification tries to give a quantitative justification of each security measure and its benefits and costs for reaching an optimal mix of the security measures.

References

  1. Virus threat forces military to ban computer flash drives. (2009). Government Product News, 48, 7-7.
  2. Bartels, A. (2008). Assessing and addressing cyber threats to control systems. Power;, 152, 40-40.
  3. Bhatia, M. (2009). Introduction to Computer Network. London: MADHULIKA.
  4. Ec-Council. (2010). Network Defense: Security Policy and Threats. 2010: Cengage Learning.
  5. Eric Cole, S. R. (2005). Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft: Protecting the Enterprise from Sabotage, Spying, and Theft. London: SAGE.
  6. Gilmer, B. (2005). Network security. Broadcast Engineering;, 47, 30-34.
  7. Marshall, J. (2005). Networks Face New Email-Related Threats. Financial Executive, 21 , 78-90.
  8. Philips, K. (1995). Without adequate safeguards, corporate data lies exposed to outside and inside threats. . PC Week, 12-69.
  9. Robinson, B. (2005). Intrusion Prevention: A Better Way To Spot Trouble? Securities Industry News, 17, 20-25.
  10. Shinder, D. L. (2001). Title Computer Networking Essentials. london: Cisco Press.
  11. Thermos, P., & Takanen, A. (2008). Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures. New York: Routledge.
  12. Wang, J. (2009). Computer Network Security. London: Springer.