P1 - Describe How Networks Can Be Attacked
Trojans & Backdoors
A Trojan is a destructive program that is hidden inside an application, at first glance it will appear to be useful software but will actually damage your computer once installed or run. For example the hacker would upload a file to the Internet called "Photoshop Cs5 For Free", within that application he would attach a Trojan Horse, anybody that downloads this file and runs it will be infected meaning the hacker could have access to thousands of computers. The Trojan can then create a backdoor by opening some of the computer ports without the user realising, these ports will then be used by he hacker to gain access to the users computer. Trojans do not reproduce by infecting other files and unlike viruses they do not self-replicate.
Viruses
Viruses are the most common type of threat to system security, they are man-made and can spread from computer to computer and across networks without the users even noticing. Almost all viruses are attached to an application, which means the virus can only effect your computer once you run or open the malicious program. viruses cannot spread without human action to keep them going, this means people will unknowingly continue to spread the virus by sharing infected files and forwarding emails with the viruses attached.Viruses can also replicate themselves, meaning a virus can copy itself over and over until it has used all available memory, this will bring the computer to a halt. This type of virus is very easy to produce which is part of the reason they are so dangerous. Viruses vary in severity, meaning some viruses can just contain annoying side effects such as continuously opening and closing the disk tray on your computer, and some can seriously damage you hardware, software and bring down your entire computer.
Worms
Worms are very similar to viruses and are sometimes considered a type of virus. Worms can spread from computer to computer, just like a virus, however, worms have the capability to travel and spread without any human action. Worms are extremely dangerous because they can also self-replicate, meaning if a single worm gains access to your computer it could send out thousands of copies of itself. For example a worm could send a copy of itself to everyone in your E-mail address book. Then, the worm will replicate itself once again and send itself out to everyone listed in each of the receivers address books, this continues to happen over and over and can cause a huge devastating effect. When the worm is on your computer it could consume so much system memory that it will cause the computer to stop responding, they can also take down web servers by consuming too much network bandwidth.
Off The Shelf Software
Buying off the shelf software from a third party can be risky because you have no idea what the code is like, if the software is from a small company the code may not be 100% correct and could have programming flaws. These flaws could allow hackers to gain access to your computer. It is also possible that the software you download is not 100% genuine meaning it could contain malicious software, again allowing the hacker to gain access to your computer or network. Many off-the-shelf programs also come with extra features the common user isn't aware of, these features can be used to exploit the system. Macros in Microsoft word, for example, can allow a hacker to execute programs from within the application.
OS Configuration
Many system administrators install operating systems on all the PC's within their network using the default settings, resulting in many potential vulnerabilities remaining unpatched. These systems can also be misconfigured or left at the lowest common security setting to increase ease of use for the user; this may result in vulnerability.
Coding Error In Customised Software
Customised applications usually aren't tested thoroughly for security vulnerabilities when developers are writing the code, this can leave many programming flaws that a hacker could exploit allowing them to gain access to your computer system or network. It is not uncommon for a team of people to work on the code for an application, meaning when all of their code is put together it makes it even easier to overlook errors.
Spyware
Spyware is a type of malicious software used to monitor user activity and gather information to send back to the hacker. It is possible for spyware to gather information such as email addresses passwords and even credit card numbers. Spyware is usually spread through email attachments or hidden within software, just like Trojan horses. Hackers can also monitor keystrokes, scan files on the hard drive and look through other applications and files using spyware.
Keylogger
A Keylogger is a type of surveillance software used to record every keystroke you enter. These keystrokes will automatically be written into a log file and can be sent to a specified receiver. keyloggers are often used by employers to ensure employees are not doing anything they shouldn't on their work computers, however keyloggers can easily be embedded into spyware allowing hackers to see everything you type, including usernames and passwords. This will then enable them to gain access to your account.
Rootkits
Rootkits are another type of malicious software, they are activated before your system's operating system has completely booted up making them difficult to detect. Rootkits can get onto your computer hidden within software you download or attached to emails you open. A Rootkit will allow somebody to administratively control your computer, meaning they can install files, monitor user activity, create hidden user accounts, access logs and even change the computers configuration; all without you even noticing, this is what makes them so dangerous. Rootkits are also able to intercept data from terminals, network connections and even the keyboard.
Denial Of Service (DoS)
Denial of service is a malicious attack designed to bring down a website or network by flooding it with too much traffic. Hackers use DoS attacks to prevent users from accessing the website or network they are attacking, while these attacks do not usually result in any financial gain for the hacker, they will cost the organisation time and money while their network is down, the hackers usually perform these attacks to show off or just to see if they could do it.
Distributed Denial Of Service (DDoS)
Distributed denial of service is a malicious attack very similar to DoS, again designed to bring down a website or network by flooding it with traffic. However, it is done in a slightly different and more effective way. The hacker will usually upload a file to the Internet or send out mass emails to try and infect as many people as possible with Trojans, these Trojans will usually have no effect on the computer so that the end user is completely unaware their computer is infected. The hacker will then essentially be in control of all the computers he has infected, this could be hundreds of thousands. He can then use all of these computers to target a single website or network to perform a Denial of service attack, this effectively makes it impossible to stop the attack by simply blocking a single IP. It is also very difficult to tell legitimate user traffic from the attackers as the infected computers are spread all over the world.
Dictionary Attack
A dictionary attack is a method hackers use to try and gain access to an account by trying every word in the dictionary as the users password. This is done using software that will repeatedly try to guess the password from a pre-arranged list of words.
Brute Force Attack
A Brute force attack is similar to a dictionary attack in that the hacker will try to gain access to an account by using software to repeatedly guess their password. Instead of just trying every word in the dictionary, a brute force attack will try literally every combination possible, out of all of the characters, letters and numbers there are on your keyboard. This type of attack is usually more successful than the dictionary method, but does however take longer to do.
Phishing
Phishing is the act of sending out mass emails, usually claiming to be the users bank or a trusted company such as Facebook or Paypal, in an attempt to scam the user into entering their personal details. The email will direct the user to a website where they will be asked to update personal information such as credit card details, usernames, passwords etc. The website will look identical to the organisations website, however it will be fake and will send the details straight to the hacker. These types of attacks are usually done so that the hacker can get some sort of financial gain.
For example the hacker would send an email out using an email address very similar to 'Info@Paypal.co.uk', the email would contain professional looking formatting and text including the company's logo etc. It would say something like "The connection between your bank account and paypal has expired, please log on to our site here and update these details", the user will then click on the link and it will look identical to the paypal website, the user will then enter their details and the hacker will then be able to gain access to their account.
A Trojan is a destructive program that is hidden inside an application, at first glance it will appear to be useful software but will actually damage your computer once installed or run. For example the hacker would upload a file to the Internet called "Photoshop Cs5 For Free", within that application he would attach a Trojan Horse, anybody that downloads this file and runs it will be infected meaning the hacker could have access to thousands of computers. The Trojan can then create a backdoor by opening some of the computer ports without the user realising, these ports will then be used by he hacker to gain access to the users computer. Trojans do not reproduce by infecting other files and unlike viruses they do not self-replicate.
Viruses
Viruses are the most common type of threat to system security, they are man-made and can spread from computer to computer and across networks without the users even noticing. Almost all viruses are attached to an application, which means the virus can only effect your computer once you run or open the malicious program. viruses cannot spread without human action to keep them going, this means people will unknowingly continue to spread the virus by sharing infected files and forwarding emails with the viruses attached.Viruses can also replicate themselves, meaning a virus can copy itself over and over until it has used all available memory, this will bring the computer to a halt. This type of virus is very easy to produce which is part of the reason they are so dangerous. Viruses vary in severity, meaning some viruses can just contain annoying side effects such as continuously opening and closing the disk tray on your computer, and some can seriously damage you hardware, software and bring down your entire computer.
Worms
Worms are very similar to viruses and are sometimes considered a type of virus. Worms can spread from computer to computer, just like a virus, however, worms have the capability to travel and spread without any human action. Worms are extremely dangerous because they can also self-replicate, meaning if a single worm gains access to your computer it could send out thousands of copies of itself. For example a worm could send a copy of itself to everyone in your E-mail address book. Then, the worm will replicate itself once again and send itself out to everyone listed in each of the receivers address books, this continues to happen over and over and can cause a huge devastating effect. When the worm is on your computer it could consume so much system memory that it will cause the computer to stop responding, they can also take down web servers by consuming too much network bandwidth.
Off The Shelf Software
Buying off the shelf software from a third party can be risky because you have no idea what the code is like, if the software is from a small company the code may not be 100% correct and could have programming flaws. These flaws could allow hackers to gain access to your computer. It is also possible that the software you download is not 100% genuine meaning it could contain malicious software, again allowing the hacker to gain access to your computer or network. Many off-the-shelf programs also come with extra features the common user isn't aware of, these features can be used to exploit the system. Macros in Microsoft word, for example, can allow a hacker to execute programs from within the application.
OS Configuration
Many system administrators install operating systems on all the PC's within their network using the default settings, resulting in many potential vulnerabilities remaining unpatched. These systems can also be misconfigured or left at the lowest common security setting to increase ease of use for the user; this may result in vulnerability.
Coding Error In Customised Software
Customised applications usually aren't tested thoroughly for security vulnerabilities when developers are writing the code, this can leave many programming flaws that a hacker could exploit allowing them to gain access to your computer system or network. It is not uncommon for a team of people to work on the code for an application, meaning when all of their code is put together it makes it even easier to overlook errors.
Spyware
Spyware is a type of malicious software used to monitor user activity and gather information to send back to the hacker. It is possible for spyware to gather information such as email addresses passwords and even credit card numbers. Spyware is usually spread through email attachments or hidden within software, just like Trojan horses. Hackers can also monitor keystrokes, scan files on the hard drive and look through other applications and files using spyware.
Keylogger
A Keylogger is a type of surveillance software used to record every keystroke you enter. These keystrokes will automatically be written into a log file and can be sent to a specified receiver. keyloggers are often used by employers to ensure employees are not doing anything they shouldn't on their work computers, however keyloggers can easily be embedded into spyware allowing hackers to see everything you type, including usernames and passwords. This will then enable them to gain access to your account.
Rootkits
Rootkits are another type of malicious software, they are activated before your system's operating system has completely booted up making them difficult to detect. Rootkits can get onto your computer hidden within software you download or attached to emails you open. A Rootkit will allow somebody to administratively control your computer, meaning they can install files, monitor user activity, create hidden user accounts, access logs and even change the computers configuration; all without you even noticing, this is what makes them so dangerous. Rootkits are also able to intercept data from terminals, network connections and even the keyboard.
Denial Of Service (DoS)
Denial of service is a malicious attack designed to bring down a website or network by flooding it with too much traffic. Hackers use DoS attacks to prevent users from accessing the website or network they are attacking, while these attacks do not usually result in any financial gain for the hacker, they will cost the organisation time and money while their network is down, the hackers usually perform these attacks to show off or just to see if they could do it.
Distributed Denial Of Service (DDoS)
Distributed denial of service is a malicious attack very similar to DoS, again designed to bring down a website or network by flooding it with traffic. However, it is done in a slightly different and more effective way. The hacker will usually upload a file to the Internet or send out mass emails to try and infect as many people as possible with Trojans, these Trojans will usually have no effect on the computer so that the end user is completely unaware their computer is infected. The hacker will then essentially be in control of all the computers he has infected, this could be hundreds of thousands. He can then use all of these computers to target a single website or network to perform a Denial of service attack, this effectively makes it impossible to stop the attack by simply blocking a single IP. It is also very difficult to tell legitimate user traffic from the attackers as the infected computers are spread all over the world.
Dictionary Attack
A dictionary attack is a method hackers use to try and gain access to an account by trying every word in the dictionary as the users password. This is done using software that will repeatedly try to guess the password from a pre-arranged list of words.
Brute Force Attack
A Brute force attack is similar to a dictionary attack in that the hacker will try to gain access to an account by using software to repeatedly guess their password. Instead of just trying every word in the dictionary, a brute force attack will try literally every combination possible, out of all of the characters, letters and numbers there are on your keyboard. This type of attack is usually more successful than the dictionary method, but does however take longer to do.
Phishing
Phishing is the act of sending out mass emails, usually claiming to be the users bank or a trusted company such as Facebook or Paypal, in an attempt to scam the user into entering their personal details. The email will direct the user to a website where they will be asked to update personal information such as credit card details, usernames, passwords etc. The website will look identical to the organisations website, however it will be fake and will send the details straight to the hacker. These types of attacks are usually done so that the hacker can get some sort of financial gain.
For example the hacker would send an email out using an email address very similar to 'Info@Paypal.co.uk', the email would contain professional looking formatting and text including the company's logo etc. It would say something like "The connection between your bank account and paypal has expired, please log on to our site here and update these details", the user will then click on the link and it will look identical to the paypal website, the user will then enter their details and the hacker will then be able to gain access to their account.