An Overview of IT Security Threats and Attacks

Before moving on to chapters that outline the steps necessary to secure networks and computer systems it helps to first have an understanding of the kinds of attacks and threats that need to be defended against. Armed with this information it will be clearer in later chapters not just how to implement particular security measures, but also why such measures need to be implemented.

There are a variety of different forms of attack to which a network or computer system may be exposed each of which will be covered in this chapter.

Denial of Service (DoS) Attacks

Denial of Service (DoS) are undertaken with the express purpose of preventing users from accessing and using a service they should otherwise be able to access. Such attacks make malicious use of a variety of different standard protocols and tools. There is no single DoS attack method, and the term has come to encompass a variety of different forms of attack, a number of which are outlined below:

• Ping flood - This attack uses the Internet Message Protocol (ICMP) ping request to a server as a DoS method. The strategy either involves sending ping requests in such vast quantities that the receiving system is unable to respond to valid user requests, or sending ping messages which are so large (known as a ping of death) that the system is unable to handle the request.

• Smurfing - As with Ping Flood attacks, smurfing makes use of the Internet Message Protocol (ICMP) ping request to mount DoS attacks. In a typical smurfing attack the attacker sends a ping request to the broadcast address of network containing the IP address of the victim. The ping request is sent to all computers on the broadcast network, which in turn all reply to the IP address of the victim system thereby overloading the victim with ping responses. The primary method for preventing smurf attacks is to block ICMP traffic through routers so that the ping responses are blocked from reaching internal servers.

• SYN Flood -