Unformatted Attachment Preview
Network research project.
Student name: Kadi AMAH
Institution Name: UMGC
Course-name: CMIT 265
Network research project.
Network attacks are threats directed towards a network to affect its normal operations
(Pawar, & Anuradha, 2015). The invention and use of technology has many advantages ranging
from economic excellence to artificial intelligence. However, the efficiency and effectiveness of
the network depend on the protective measures used within an organization to ensure hackers
and eavesdroppers have no access to the internet without authorization. Notably, the security
measures implemented by the organization depends on the size of the network and the privacy of
the data. For instance, the network protective mechanisms implemented on a Local area network
(LAN) cannot be the same as that performed on a wide area network (WAN). To ensure the
system is protected, every organization should update its protective mechanisms to the latest
threat definitions to seal all the loopholes that might be used as a medium of attack to access the
organizational network. Therefore, this project identifies and elaborates the common network
threats that can affect normal operations within an organization.
Common networking attacks.
a. Denial of service.
Denial of services (DOS) occurs when the network is flooded with unwanted traffic such
that genuine network users cannot access its services. For instance, network within an
organization provides access to network-related application systems such as Gmail
accounts, websites and enterprise resource planning systems. To facilitate their
intentions, the requests have undefined return address which floods the services with
limitless requests, therefore overloading the serving, which makes it crush. Consequently,
DOS can cost an organization time and resources and affect its overall net returns. The
image below shows how DOS prevents genuine users from accessing the network.
Figure 1 DOS attack. Source: Denial of service (Dos) attack a DDoS (Distributed denial of...
Some of the frequent DOS attacks include;
Buffer overflow attack.
This type of attack targets to send multiple requests that are at the extreme level
of the system functionality, therefore flooding the system with requests that the
system cannot handle. This leads to a deadlock whereby the system cannot accept
more or respond to the already existing requests. Buffer overflow attack can also
use the loopholes in the system and install a bug in the code, therefore affecting
the functionality of the network.
This type of attack uses loopholes in misconfigured network devices by sending
threat infected data packets that pings all the network devices, therefore causing a
total lockdown that makes the network inaccessible.
iii. SYN attack.
It sends multiple requests to the network which are never executed or terminated.
The requests occupy any available port such that the whole network enters into a
deadlock whereby users cannot send requests or have their requests serviced.
b. Social engineering.
According to Krombholz, et al., (2015), social engineering attacks are a form of a
security breach that entails manipulation of people who have legal access to the system to
initiate attacks. Some of the common social engineering attacks include;
It is a form of attack whereby outsiders use deceptive websites and emails go
gain personal data and information. Users are deceived into believing there are
accessing certain websites; therefore, they log in with their data which is then
used by the hackers and eavesdroppers to initiate attacks on their accounts.
It is another form of social engineering attack whereby the attacker requests
bits of information from the targeted person which are later used for identity
theft. For instance, the attackers might obtain credit card information and then
use the data to access the victim's bank accounts and withdraw money.
It is almost similar to phishing; however, it entails enticement whereby the
attacker pretends to be offering free services to the customers. For example, the
attacker might be offering free movies or social media site that requires all
participants to create their accounts. Consequently, the users might believe the
information and use their email addresses which are linked to their banks,
credit cards. Therefore, their information will be used to initiate attacks on
This form of attacks entails unauthorized personnel following an authorized
person in a restricted area where they gain access to confidential data and
initiate attacks to the system. It is a common attack in small organizations that
have no advanced level of verification and authentication of the people who
have access to a restricted area.
c. Insider threat.
An insider threat is initiated and facilitated by people who work within the organization.
For instance, they can give outsiders their login credentials to gain access to the
organization network and get away with confidential data. Some of the common forms of
insider threats include;
A pawn is an employee who risks the organizational network by making a
mistake that is then utilized by outsiders to gain access to the organizational
network. For example, misplacing a laptop while logged in into the organizational
systems can act as an opportunity for outsiders to cause harm and render the
organization service inaccessible or get away with confidential data.
Turn cloaks are employees who sell organizational data for their benefit. Turn
cloaks can accumulate a large volume of data and sell it to outsiders or resign and
initiate attacks to the network using the already accumulated data.
According to Formby, Durbha, & Beyah, (2017), a logic bomb is a defective code that
can initiate malicious attacks by executing and deleting certain files or completely
formatting the storage devices in a computer. Notably, logic bombs are set to be triggered
by certain events within the organizational network. Therefore, an organization can
purchase software with a logic bomb and stay with it for an extended period of time until
when a certain condition to trigger the logic bomb is achieved. For instance, the logic
bomb can be set to be triggered by a specific number of files within the hard disk or at a
certain period of the year. Therefore, logic bombs are considered harmful because of the
negative effects they can cause to the network system.
Rogue access points.
It refers to Wi-Fi installed in a network without proper authorization and with the aim of
stealing information of the network users. Notably, many of the rogue access points are
open Wi-Fi without passwords which prompts users to access the internet without any
passwords. However, the user's devices are monitored by third parties, and every
confidential data used can be easily accessed by the third parties. The rogue access points
can also be automatically installed in an organization Wi-Fi such that they are
broadcasting signals anonymously without being detected, therefore accessing user's data
without their authorization.
Evil twin refers to a malicious wireless network that broadcasts the same service set
identifier (SSID) as the genuine WIFI network so that network users can connect without
any alert of intended threat. Notably, hackers use penetrative tools to access network
user's devices and get away with their confidential data. After connecting to the evil twin
network, the network disappears from its range, therefore, prompting the network users to
access to a genuine Wi-Fi whereby hackers can monitor data packets being sent in and
out of the network. The criminals duplicate all the data and passwords shared within the
network without user authorization, therefore risking their security.
It is a form of security breach initiated by hackers while on transit. Hackers Map all the
network SSID's within a given area and launch their attacks using software that identifies
loopholes within the security configurations of the networks. Therefore, war drivers map
the network with chalk to access confidential data about the network.
According to Formby, Durbha, & Beyah, (2017), Ransomware is a form of an attack that
encodes all data in a computer with a private code so that the owner can only access it
after paying a certain amount requested by the attacker. For instance, the hackers give the
owner of the data a certain deadline to make the payment, whereby failure to do so is met
by permanent deletion of the data.
i. DNS poisoning.
DNS poisoning is the act of entering wrong information to the DNS cache so that
network users can be directed to the illegal websites. For instance, internet protocol (IP)
address maps and directs users to the correct websites, therefore entering the wrong IP
directs the network users into a website used as a medium of attack by hackers and
eavesdroppers. However, the DNS has no mechanism to verify whether the data being
held in the cache is correct or not; therefore they only facilitate the communication which
directs the user to the wrong sites. Below is an image showing how DNS poisoning
j. Brute force.
It an attack that aims to decode a certain massage or gain access to users confidential
passwords using guess and error methods. Notably, brute force can be successful
depending on the user's length of passwords or type of the passwords used. For example,
persons who use their names or mobile numbers as passwords are the targets of brute
force attackers because the password credentials are easy to guess. Therefore, people are
encouraged to use strong passwords with unique characters to prevent brute force attacks
from taking place.
k. Exploits vs. vulnerabilities.
Exploits and vulnerabilities are the open loopholes in a system that can be used by
hackers and eavesdroppers. For instance, the coding process entails a sequence of
activities that must be tested to ensure they meet all security definitions. However, if the
system has defects, hackers can use the existing defects to initiate attacks and fain access
to confidential data. Therefore, network users should ensure they have the latest security
definition by updating their systems to seal all the loopholes that might be used by
In conclusion, hackers and eavesdroppers may either use existing loopholes or use
blackmail to access confidential data from network users. The can either flood the
network with unwanted traffic and initiate their attacks or use employees working within
the organization to initiate the attacks by giving out their login credentials. Evil twin
entails the duplicating of similar SSID to confuse the network users and gain access to
their devices. Ransomware entails the encoding of personal data by hackers to demand a
certain amount of money in order to decode the message. Therefore, network attack
threat incorporates all measures implemented by unauthorized personnel’s to access
organizational network and prevent normal operations within the network.
Formby, D., Durbha, S., & Beyah, R. (2017). Out of control: Ransomware for industrial control
systems. In RSA conference.
Figure 3: Denial of service (Dos) attack a DDoS (Distributed denial of... (2020, January 1).
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering
attacks. Journal of Information Security and applications, 22, 113-122.
Pawar, M. V., & Anuradha, J. (2015). Network security and types of attacks in
network. Procedia Computer Science, 48, 503-506.