Editor’s note: Ed Crockett writes on Mondays about the latest trends in technology. The network attack comes in ever-changing forms, packages, and delivery vehicles. Awareness of these variables and quick action helps ensure adequate defenses.

This article…part one of a three-part report on wired network security…concerns the actual kinds of threats and how they can be delivered. In addition, useful links provide a depth of information far beyond the scope of this report.

Upcoming reports cover detection, response, recovery, and prevention.

Types of Attacks

Knowledge is power, certainly when it comes to fighting malicious network attacks. Armed with knowledge of the workings of a given type of threat, you can better resolve network vulnerabilities.

“Malicious Code” is likely the most dangerous network security threat because it is designed to damage or destroy network software components and is concealed within a computer virus, worm, or Trojan horse. For more information on various kinds of malicious attack reports, see CERT® Incident Notes at:

www.cert.org/incident_notes/

“Denial of Service” (DoS) attacks are more prevalent and disruptive network security threats. A DoS attack comes with one objective…denial of network services to legitimate users. This type of attack may perform a variety of disrupting functions, including consumption of limited resources, destruction of configuration information, and alteration of network software components. DoS attacks can also be physical and can target key network components such as computers, routers, cables, and power supplies.
For comprehensive information on DoS attacks, see CERT® Advisory CA-2000-01 at:

www.cert.org/advisories/CA-2000-01.html

“Social Engineering” attacks are a threat to users of Internet Relay Chat (IRC) and Instant Messaging (IM) services that should probably not be found in the business network environment. For more information on social engineering attacks, see CERT® Incident Note IN-2002-03 at:

www.cert.org/incident_notes/IN-2002-03.html

Attack Vehicles

Currently, three vehicles can be used to launch a network attack. Sometimes a blend of all three is used.

“Virus” is a self-replicating and destructive program that requires operator action to get started. For more information about viruses, see the McAfee Virus Information web site at:

www.mcafee.com/anti-virus/

“Worm” is a self-replicating and destructive program that spreads through the network without human interaction. See “Type: Worm” at:

http://securityresponse.symantec.com/avcenter/refa.html#worm

“Trojan horse” is a destructive program that masquerades as a useful application. Human interaction is required to download and run Trojan horses. A good resource for Trojan horse information is:

www.cert.org/advisories/CA-1999-02.html

Organizations with expertise

In addition to a sound network policy and procedures that are adhered to by all employees, the best defense against network penetration is a concerted effort by the entire networking community…one that works in unison to identify and report attacks. The Computer Engineering Reaction Team/Coordination Center (CERT/CC) is a government-sponsored organization that acts as a clearinghouse for malicious network attacks. Keep abreast of current threats by keeping an eye on bulletins posted by CERT/CC at:

www.cert.org

CERT/CC publishes a useful resource list, which is found at:

www.cert.org/other_sources/

Area network hardware and software provider, Cisco offers security solutions and secure network tips as well:

www.cisco.com/warp/public/cc/so/neso/sqso/beggu_pl.pdf

Feedback? Contact Ed via email, ecrockett@nc.rr.com