Challenges to Internal security through communication networks

 

  • Communication networks are a part of our critical information infrastructure. Communication networks refer to an interconnection of communicating entitiessuch as computers, laptops, mobiles, telephones etc. via which provides the basis for information exchange for all other sectors including voice, data, video, and Internet connectivity.
  • Communication network should not be confused with the computer networkssuch as LAN, WAN etc. because they are merely one form of the Communication networks. Various communication networks are the backbone of much of the critical infrastructure in many sectors today such as civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, IT, law enforcement, intelligence agencies, space, defence, and government networks. As such, communications systems serve part in parcel with other key internal and external security and emergency preparedness. Moreover, the communication networks are very much dependent on each other in a very complex way. The collapse of one communication network can affect adversely many sectors.
  • There numerous network threats that can have adverse impact on communication network:
Network Packet Sniffers

When large information is sent via a network, it is broken into smaller pieces, which are called network packets. Generally these network packets are sent as clear text over the networks i.e. information sent across the network is not encrypted.

Social Engineering Attacks

Social engineering refers to psychological tricks used to persuade people to undermine their own online security. This can include opening an email attachment, clicking a button, following a link, or filling in a form with sensitive personal information.

IP Spoofing

When an attacker situated outside the targeted network pretends to be a trusted computer then the mode of attack is termed as IP spoofing. IP spoofing can be done either by using an IP address of targeted network pool or by using an authorized & trusted external IP address.

Phishing

Phishing refers to a technique used to gain personal information for the purpose of identity theft, using fraudulent e-mail messages that appear to come from legitimate organizations such as banks.

Denial of Service

Most popular form of attack, denial of service (DoS) attacks are also among the most difficult to completely eliminate. Among the hacker community, DoS attacks are regarded as trivial and considered bad form because they require so little effort to execute.

When this type of attack is launched from many different systems at the same time, it is often referred to as a distributed denial of service attack (DDoS). DDoS is not actually hacking the website but is a common technique used to temporarily bring down websites.

Password Attacks

Password attacks usually refer to repeated attempts to identify a user account and/or password; these repeated attempts are called brute-force attacks. If this account has sufficient privileges, the attacker can create a back door for future access.

Password attacks can easily be eliminated by not relying on plaintext passwords in the first place. Using OTP or cryptographic authentication can virtually eliminate the threat of password attacks.

Distribution of Sensitive Information

Most of the computer break-ins that organizations suffer are at the hands of troublesome present or former employees.

Man-in-the-Middle Attacks

Man-in-the-middle attacks refer to access to network packets that come across the networks. An ISP can gain access to all network packets transferred between one network and any other network. It can launch such an attack.

Application Layer Attacks

Application layer attacks are performed by identifying the well-known weaknesses in software that are commonly found on servers, such as sendmail, Hypertext Transfer Protocol (HTTP), and FTP etc.

Virus and Trojan Horse Applications

Viruses and Trojan horse applications are the primary vulnerabilities for end-user computers. Viruses refer to malicious software that is attached to another program to execute a particular unwanted function on a user’s workstation.

Scareware

Scareware is fake/rogue security software. There are millions of different versions of malware, with hundreds more being created and used every day.

Spam

As spam expands into other areas online, traditional email spam still remains a significant problem, especially in business. Workers still need to keep their inboxes clear of junk, and advanced mail filtering systems are a necessity in any business hoping to use email efficiently.

Ransomware

Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed.

Exit mobile version