Question

The followings are the most common security threats in networks.

a.	DoS Attack	[5 marks]
b.	Sniffer	[5 marks]
c.	Spoofing	[5 marks]
d.	Man-in-middle attack	[5 marks]
e.	TCP/IP Hijacking	[5 marks]

You are expected to carry out an analysis and discuss on the nature of each threats by addressing the following elements;

1. What it is all about?
2. How can such attack/threats take place in the network?
3. Why they do it?
4. When normally such attack take place (i.e. any specific time of the year, time of the day)
5. Where is such attack targeted? [Mark 25]

Answer 1

Answer :--

-------------------------------

a)Dos Attack

1. What it is all about?------Denial-of-Service (DoS) attack is an attack meant to completely shut down a service or network making it inaccessible to its intended users. DoS attacks are done by flooding the target with contineuos more traffic. Example of DOS Attack is Sending continuous more requests to website so that the service is inaccessible to normal users.
2. How can such attack/threats take place in the network?-----If company does not take specific security measures or security policies this type of Dos attacks are done.Company should allow good traffic to the website then company can stop Dos attacks.
3. Why they do it?----This DOS attack is done because of to loose the reputation of website.If the DOS attack is done on company website, that company will loose the reputation.
4. When normally such attack take place (i.e. any specific time of the year, time of the day)---------This attack is takes place whenever the service is needed by most users.For example University results are released in a website at (7 pm) of the day.The DOS attack is done at 7pm so that it website service is stopped.
5. Where is such attack targeted?----The attack is targeted on Large reputated companies to loose their reputation among users, so that the users cant trust the company anymore again.

b)Sniffer

1. What it is all about?---------sniffing is a technique of monitoring and capturing all data packets passing through given network. Network/system administrators use sniffers to monitor and troubleshoot network traffic. Attackers use sniffers to capture data packets containing sensitive information such as password, account information etc. Sniffers can be hardware or software installed in the system.
2. How can such attack/threats take place in the network?------The attack is done when ever company does not install network security devices And also follow security measures to the organization network.
3. Why they do it?------For stealing the sensitive information like user passwords, FTP passwords, Router configuration etc.
4. When normally such attack take place (i.e. any specific time of the year, time of the day)--------This attack is done whenever the communication is active in an organization.
5. Where is such attack targeted?-------On large reputated companies. Attackers steal company passwords use for financial gain.

c)Spoofing

1. What it is all about?------

   Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can be apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP).

   Spoofing can be used to gain access to a target’s personal information, spread malware through infected links or attachments, bypass network access controls, or redistribute traffic to conduct a denial-of-service attack.

2. How can such attack/threats take place in the network?------The spoofing attack is done using users or employee weakness. Users or employees trust that the call or email is coming from the trusted organization or friend.Then they immediatly open the email and the malware is attached to that email is infect the system and also steal the personal information.
3. Why they do it?-------Attackers do the spoofing to gain personal confidential inforamtion from the users like (Bank account details, credit card details, Name, phone number, Mail Id, etc).So that they use it for financial gain.
4. When normally such attack take place (i.e. any specific time of the year, time of the day)-----------There is a chance of spoofing attack on new organization or company. Because there is no complete knowledge on how cyber attacks are done to employees.In other situations there is no specific time to spoofing attack it can done any time.
5. Where is such attack targeted?-----------This spoofing attack is done mostly on normal computer or phone users.Attackers call as a trusted friend and ask for send the money, then the user send the money to attacker.On other side spoofing is done on large companies.

d)Man-in-middle-attack

1. What it is all about?--------------Man-in-the-middle-attack(MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within the reception range of an unencrypted Wi-Fi access point could insert themselves as a man-in-the-middle.
2. How can such attack/threats take place in the network?---------These man-in-the-middle attacks are done because of the communication network device like(Wi-Fi Hotspot) is unencrypted and publicly available to everyone. In this situation Attacker will listen every message between two parties.And also changes the message.
3. Why they do it?----------Attacker will listen every message between two people and also the alters it. Now Attacker get two parties personal information and use it for other purposes like(Applying for bank account, creating new online accounts ).
4. When normally such attack take place (i.e. any specific time of the year, time of the day)------------This MITM attack is takes place anytime at anywhere until network devices are not secure.
5. Where is such attack targeted?---------It is mostly done on public Wi-Fi available places. It targets normal users.

e)TCP/IP Hijacking

1. What it is all about?---------

   A form of cyber attack in which an authorized user gains access to a legitimate connection of another client in the network. Having hijacked the TCP/IP session, the attacker can read and modify transmitted data packets, as well as send their own requests to the addressee.

   TCP/IP hijacking is a type of man-in-the-middle attack. The attacker can determine the IP addresses of the two session participants, make one of them inaccessible using a DoS attack, and connect to the other by spoofing the network ID of the former.

2. How can such attack/threats take place in the network?----------This attack is done because Network Administrator does not monitor entire network regularly and also does not take security rules to protect the network.
3. Why they do it?---------------By gaining access to the network attacker can get personal information of two parties and use it for financial gain.
4. When normally such attack take place (i.e. any specific time of the year, time of the day)----------------This attack is takes place anytime at anywhere until paricular security measures are not followed.
5. Where is such attack targeted?------------This attack is targets the large unsecured organizations. And also normal wi-fi users.

Please wait i will add remaining answers.