Types of Spoofing Attacks

Types of Spoofing Attacks 2.1 Distributed Denial of Service Attack The IP spoofing is mostly used in Distributed denial of service attacks (DDoS), in which hackers are concerned with consuming bandwidth and resources by flooding the target host machine with as many packets as possible in a short span of time. To effectively conducting the attack, hackers spoof source IP addresses to make tracing and stopping the DDoS as difficult as possible. Here the attacker scans internet and identifies the hosts with known vulnerabilities and compromise them to install attack program and then exploits the vulnerabilities to gain the root access. [6] 2.2 Non-blind spoofing This type of attack takes place when the hacker is on the same subnet as the target that can see sequence and acknowledgement of every packet. This type of spoofing is session hijacking and an attacker can bypass any authentication measures taken place to build the connection. This is achieved by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack host machine. 2.2 Blind spoofing This type of attacks may take place from outside where sequence and acknowledgement numbers are not reachable. Hackers usually send several packets to the target host machine in order to sample sequence numbers, which is suitable in previous days. Now a days, almost every OSs implement random sequence number generation for the packets, making it difficult to predict the sequence number of packets accurately. If, however, the sequence number was compromised, information can be sent to the target host machine. 2.4 Man in the Middle Attack This attack is also known as connection oriented hijacking. In this attack mainly the attacker or the interrupter will attack the legal communication between two parties and eliminates or modifies the information shared between the two hosts without their knowledge. This is how the attacker will fool a target host and steal the data by forging the original hosts identity. In the TCP communication desynchronized state is given by connection oriented hijacking. Desynchronized connection is that when the packet sequence number varies for the received packet and the expected packet.TCP layer will decide whether to buffer the packet or discard it depending on the actual value of the received sequence number. Packets will be discarded or ignored when the two machines are desynchronized. Attacker may inject spoofed packets with the exact sequence numbers and change or insert messages to the communication. By staying on the communication path between two hosts attacker can modify or change p ackets. Creating the desynchronized state in the network is the key concept of this attack. [12] 2.5 Conclusion Various types of IP spoofing and its attacks are explained in this chapter. Here we have discussed about four types of spoofing attacks like Distributed Denial of Service Attack, Non-blind spoofing, blind spoofing and Man-in-the-middle attack, and also how these attacks can create problems to destination machines. Various Security requirements are discussed in the next chapter. Chapter 3: Security Requirements 3.1 Network security requirements The Internet became the largest public data network, enabling both personal and business communications worldwide. Day to day the data trafficking is increasing exponentially over the internet world and also in the corporate networks. As the technology is developing the speed of communication is increasing via e-mail; mobile workers, telecommuters. Internet is also used mainly to connect corporate networks to the branch offices. As the technolgy developed the usage of internet has became more and also usage of different technologies became more at the same time security threat also became more and gave chance to more faulties to do there things .so the corporations using them should protect and increase the security.The network attacks became very serious as they are more effective for the businesses because they store the important and sensitive data ,as the personal banking records or the business and medical reports. If the attack is done on such kind of corporates it is very difficult to recover the lost data which also leads to loose the privacy and takes lot of time to recover .The internet would also be the safest way to do the business Despite the costly risks .For example, It is not safe to give the credit card details to the telemarketer through the phone or even a waiter in the restaurent this is more risky than give the details in the web because security technology will protect electronic commer ce transactions. The telemarketers and waiters may not be that safer or trustworthy because we cannot monitor them all the time . The fear of security problems could be harmful to businesses as actual security voilates. Due to the distrust on the internet the fear and the suspicion of computers still exists.For the organisations that depends on the web will decrease there oppurtunities due to this distrust. To avoid this security polices should be strictly taken by the companies and also instate the safeguards that are effective.To protect their customers Organizations should adequately communicate . Companies should take the security steps to not only protect there customers from security breaches but also there employers and the partners information which are important for them. Internet ,intranet and extranet are used by the employers and the partners for the efficient and the fast communication.These communication and the efficiency should be looked after because they are more effectd by the network attacks. Attackers do the attack directly because this takes the lots of time for the employers to recover and restore the lost data and takes much time even in the network damage control. loss of time and valuble data could greatly impact employee effectiveness and confidence. The other main reason for the need of network security is the Legislation. according to the serveys conducted by the government they came to know about the importance of internet for the worlds economic status, they also recognize that the attackers effect on the internet could also cause the economic damag e to the world. National governments are mounting laws to regulate the vast stream of electronic information. Companies developed the strategies to secure the date in the safe way in accordance to put up the regulations given by government.The companies which does not take security polices to protect the data accordance will be voilated and penalized. 3.2 System security requirements In these days providing security had became a tough task for all the bisiness and the different organisations. Security must be provided to the customers and the important data to safeguard them from the malicious and involuntary leaks.Information is very important for every enterprise, it may be the custom records or intellectual property. By the CIOs it became possible to customers,employees and partners to get the data in fraction of seconds.The cost of money also became more to do all these things.There are three reasons for which this data may fall in risk they are (i) when the business process breaks down (ii) employee error (iii) gaps in security. Risk is then from customer and competitive pressures, regulatory and corporate compliance, and the rising cost publicity of data leaks Information one of the important resources of financial institutions. To keep the trust between the partners or develop the confidence in the customers it is more important to provide the good security which will be helpful for the good going and the reputation of the company . At the same time authentic information is necessary to process transactions and comfirm customer decisions. A financial institutions profit and capital can be affected if the information leaks to unauthorized companies. Information security is one of important process by which an organization protects and secures its systems, media, and maintain information important to its operations. The financial institutions have a great responsibilities to protect the nations financial service infrastucture On a broad standard. The financial security of the customer will also depends on th e security provided to the industry systems and its informations.effective security plans should be taken by the Individual financial institutions and their service providersfor their operational complexity .there should be a strong and effective board to maintain and take care of these security policies in order to protect the company from the security threats or any other malicious attacks.there should be a regular counseling to the organisations on the security precations they take to provide the companies , so that we can get the more effective results and can improve the organisations security level aswell. organizations often inaccurately recognize information security as condition of controls. As the Security is an ongoing process in overall security stance the condition of a financial institution depends on the indicator. Other indicators include the power of the institution to continually evaluate its stance and react suitably in the face of rapidly altering threats, techno logies, and business conditions. A financial institution establishes and maintains really effective information security when it continuously integrates processes, people, and technology to extenuate risk in accordance with risk assessment and acceptable risk tolerance levels. By instituting a security process financial institutions secure there risks they recognizes risks, forms a scheme to manage the risks, implements the scheme, tests the execution, and monitors the atmosphere to manage the risks. A financial institution outsources all of their information processing. Examiners use this booklet while evaluating the financial institutions risk management process, including the obligations, duties, and job of the service source for information security and the inadvertence exercised by the financial institution. [3] 3.3 Information security requirements An information security strategy is a plan to extenuate risks while abiding by with legal, Statutory, internally and contractual developed demands. Typical steps to building a strategy include the definition of control objectives, the assessment and identification of approaches to meet the objectives, the selection of controls, metrics, the establishment of benchmarks and the preparation of implementation and testing plans. The choice of controls is typically depends on cost comparison of different strategic approaches to minimize the risk .The cost comparison typically contrasts the costs of different approaches with the potential gains a financial institution could realize in terms of increased availability,confidentality or integrity of systems and data. These gains may include reduced financial losses, improved customer confidence, regulatory abidance and positive audit findings. Any particular approach should consider the following Policies, procedures and standards Technology design Resource dedication Testing and Training. For example, an institutions management may be assessing the right strategic approach to the security supervising of activities for an Internet environment. There are two potential approaches identified for evaluation. The first approach utilizes a combination of network and host sensors with a staffed supervising center. The second approach consists of every day access log examination. The first alternative is judged much more capable of detecting an attack in time to reduce any damage to the institution and its data, even though at a much more cost. The added cost is totally appropriate when institution processing capabilities and the customer data are exposed to an attack, such as in an Internet banking domain. The second approach may be suitable when the primary risk is reputational damage, such as when the Web site is not connected to other financial institution systems and if the only information is protected is an information-only Web site.