Today, running successful networks requires that you make Internet security a top priority. Customers need to feel confident that their personal information and credit card numbers are safe from hackers. That’s why securing network is most inevitable entity in the real-time world..
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become “wired”, an increasing number of people need to understand the basics of security in a networked world. This was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.
Attacks Against IP
A number of attacks against IP are possible. Typically, these exploit the fact that IP does not perform a robust mechanism for authentication , which is proving that a packet came from where it claims it did. A packet simply claims to originate from a given address, and there isn’t a way to be sure that the host that sent the packet is telling the truth. This isn’t necessarily a weakness, per se , but it is an important point, because it means that the facility of host authentication has to be provided at a higher layer on the ISO/OSI Reference Model. Today, applications that require strong host authentication (such as cryptographic applications) do this at the application layer.
This is where one host claims to have the IP address of another. Since many systems (such as router access control lists) define which packets may and which packets may not pass based on the sender’s IP address, this is a useful technique to an attacker: he can send packets to a host, perhaps causing it to take some sort of action.
Additionally, some applications allow log in based on the IP address of the person making the request (such as the Berkeley r-commands ). These are both good examples how trusting un-trustable layers can provide security that is — at best — weak.
IP Session Hijacking.
This is very dangerous, however, because there are now tool kits available in the underground community that allow otherwise unskilled bad-guy-wannabes to perpetrate this attack. IP Session Hijacking is an attack whereby a user’s session is taken over, being in the control of the attacker. If the user was in the middle of email, the attacker is looking at the email, and then can execute any commands he wishes as the attacked user. The attacked user simply sees his session dropped, and may simply log in again, perhaps not even noticing that the attacker is still logged in and doing things.
This can be solved by replacing standard telnet-type applications with encrypted versions of the same thing. In this case, the attacker can still take over the session, but he’ll see only “gibberish” because the session is encrypted. The attacker will not have the needed cryptography key(s) to decrypt the data stream from G, and will, therefore, be unable to do anything with the session.