Managed IT

The Anatomy of a Network Attack

The Anatomy of a Network Attack

by Robert Bruce - February 18, 2014

"Know your enemy." In the sixth century BC, Chinese general and philosopher Sun Tzu wrote this in The Art of War. This book is still relevant—in fact the U. S. Naval Academy even quotes Sun Tzu in reference to cyber security.

The enemy referred to here is of course Internet hackers. Many people have experienced a network attack to some degree, but have you ever wondered what goes on in the mind of a hacker? Mind reading is not in my skill set, but with a little research I have been able to formulate an outline for the hacker’s M.O.

Basically, a network attack has five stages—probing, penetration, persistence, propagation, and paralysis. Understanding the existence of these phases is essential for any network defense because the sooner an attack is neutralized, the less damaging it is

The Probe

The Navy calls this stage “cyber-recon.” In this initial phase, network hackers are trolling for potential victims. And, like any other predator, cyber criminals look for weak, vulnerable victims. The hacker uses pings and port scans to find unguarded computers, identify their operating systems and any applications they may be running.

This early stage of an attack is often stopped in its tracks by a properly configured firewall that protects against sweeping probes. These are also called network scans. They are highly automated and the hacker uses them to do his own recon, or intel gathering. He is looking for software vulnerabilities and ways to bypass passwords. If the hacker is successful here, he has reached the next attack phase—penetration.

Penetrating the Network

If he gets past the firewall, a hacker’s potential for damage increases exponentially. Now he or she can go into their toolbox and start pulling out an array of pernicious weapons. First, they try to get explicit code onto the victim’s machine. Virus infected e-mail attachments, buffer overflows, activeX controls, compressed messages and network installs will penetrate an improperly secured network. To stop an attack at this level requires signature-based security that filters malicious traffic at the packet level. As you can see, an ounce of prevention is worth a pound of cure because the hacker has now become a persistent problem.

Persistence

Now the attacker wants to ensure that the malicious code sticks to his victim’s network and will be available and running—even after a reboot. To do this, hackers create new files, modify existing files, weaken registry security settings, and create trap doors for further attacks. He hopes to become a permanent resident on the invaded network. Not only that, he wants to create a family and propagate.

Propagation

They are called viruses for a good reason. Just like their biological namesakes, computer viruses usually replicate themselves, sometimes rapidly. And, they are also contagious. They look for neighboring machines with similar vulnerabilities and infect them. Sometimes the attack is spread through e-mail contacts garnered from contact lists. Or, they may simply hack the next victim through common web connections. At this point, the invaded network may be paralyzed.

Paralysis

Hopefully, a hack attack will have been stopped and fixed long before this point. If not, it will most likely be an IT disaster. Data has probably been corrupted or destroyed. New security holes have been bored in the network. Wholesale denial of service (DoS) is almost definitely happening. The best cure for this fiasco is to prevent it with a properly configured and managed network security system.

Is your network safe from network attacks? A thorough managed services assessment analyzes your technology environment and business processes to identify areas that could be improved and ensure complete network protection. Click on the image below to request an assessment today.

Subscribe to the Meridan blog

Sign up to receive the latest news about innovations in the world of document management, business IT, and printing technology.

New call-to-action
(855) 948-5679