Challenges to internal security through Communication Networks

Communication networks refer to an interconnection of communicating entities such as computers, laptops, mobiles, telephones etc. via which provides the basis for information exchange for all other sectors including voice, data, video, and Internet connectivity. Communication network should not be confused with the computer networks such as LAN, WAN etc. because they are merely one form of the Communication networks. Various communication networks are the backbone of much of the critical infrastructure in many sectors today such as civil aviation, shipping, railways, power, nuclear, oil and gas, finance, banking, IT, law enforcement, intelligence agencies, space, defence, and government networks. As such, communications systems serve part in parcel with other key internal and external security and emergency preparedness. Moreover, the communication networks are very much dependent on each other in a very complex way. The collapse of one communication network can affect adversely many sectors.

Key Security Threats TO Communication Networks

Some of the key security attacks via the Communication Networks and to the communication networks data theft, fraud, denial of service attacks, hacking, cyber warfare, terrorist and antinational activities. A cyber attack which can control the infrastructure can have debilitating effect. The attacks can be via viruses, malware, Trojans, hacking, network scanning, probing, phishing etc. Moreover, the Social network attacks can be one of the major sources of attacks in near future because of the volume of users and the amount of personal information posted on these networks. Various security threats via the communication networks are discussed below:

Network Packet Sniffers

When large information is sent via a network, it is broken into smaller pieces, which are called network packets. Generally these network packets are sent as clear text over the networks i.e. information sent across the network is not encrypted.

This poses a great security threat of packets getting processed and understood by any application that can pick them up off the network. So, a packet sniffer is an application that can easily interpret the network packets. The problem is compounded by availability of numerous freeware and shareware packet sniffers poses.

Social Engineering Attacks

Social engineering refers to psychological tricks used to persuade people to undermine their own online security. This can include opening an email attachment, clicking a button, following a link, or filling in a form with sensitive personal information.

All sorts of scams, and many methods used to spread malware, make use of social engineering techniques, and target human desires & fears as well as just plain curiosity to get past the caution of being online. All attack methods are called Social Engineering Attacks. These attacks pose a risk to meaningful and often sensitive information related to user account, databases etc.

IP Spoofing

When an attacker situated outside the targeted network pretends to be a trusted computer then the mode of attack is termed as IP spoofing. IP spoofing can be done either by using an IP address of targeted network pool or by using an authorized & trusted external IP address.

IP spoofing actually results into in injection of data or commands into an existing stream of data passed between a client and server application or a peer-to-peer network connection.

Phishing

Phishing refers to a technique used to gain personal information for the purpose of identity theft, using fraudulent e-mail messages that appear to come from legitimate organizations such as banks. These authentic-looking messages/ e-mails are designed to lure recipients into divulging account data like login details, passwords, credit card numbers etc

Denial of Service

Most popular form of attack, denial of service (DoS) attacks are also among the most difficult to completely eliminate. Among the hacker community, DoS attacks are regarded as trivial and considered bad form because they require so little effort to execute. Because of their ease of implementation and potentially significant damage, DoS attacks deserve special attention. These attacks include the TCP SYN Flood, Ping of Death etc.

When this type of attack is launched from many different systems at the same time, it is often referred to as a distributed denial of service attack (DDoS). DDoS is not actually hacking the website but is a common technique used to temporarily bring down websites. DDoS attacks are well-orchestrated ones on Web servers of a website, and on the domain name servers. The idea is to flood the servers with a humongous number of requests, resulting in the temporary outage of a website or shutdown of the servers. Once this is accomplished, the incoming traffic can be redirected to an intermediate page, where often the perpetrators of these attacks post their messages explaining the reason for why the website has been targeted.

Password Attacks

Password attacks usually refer to repeated attempts to identify a user account and/or password; these repeated attempts are called brute-force attacks. If this account has sufficient privileges, the attacker can create a back door for future access.

Password attacks can easily be eliminated by not relying on plaintext passwords in the first place. Using OTP or cryptographic authentication can virtually eliminate the threat of password attacks. Passwords should be at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters (#, %, $, etc.).

 Distribution of Sensitive Information

Most of the computer break-ins that organizations suffer are at the hands of troublesome present or former employees. Basically it results into leakage of sensitive information to competitors or others that will use it to organization’s disadvantage.

Man-in-the-Middle Attacks

Man-in-the-middle attacks refer to access to network packets that come across the networks. An ISP can gain access to all network packets transferred between one network and any other network. It can launch such an attack. Implemented using network packet sniffers and routing and transport protocols these attack can result in information theft, control over an ongoing session to gain access to one’s internal network resources, traffic analysis to derive information network and its users, denial of service, corruption of transmitted data, and introduction of new information into network sessions.

Application Layer Attacks

Application layer attacks are performed by identifying the well-known weaknesses in software that are commonly found on servers, such as sendmail, Hypertext Transfer Protocol (HTTP), and FTP etc.

The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. For example, a TCP port 80. Application layer attacks can never be completely eliminated.

Virus and Trojan Horse Applications

Viruses and Trojan horse applications are the primary vulnerabilities for end-user computers. Viruses refer to malicious software that is attached to another program to execute a particular unwanted function on a user’s workstation.

A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on the user’s workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every user in the user’s address book. Then other users get the game and play it, thus spreading the Trojan horse.

Scareware

Scareware is fake/rogue security software. There are millions of different versions of malware, with hundreds more being created and used every day.

This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to protect their system.

Spam

As spam expands into other areas online, traditional email spam still remains a significant problem, especially in business. Workers still need to keep their inboxes clear of junk, and advanced mail filtering systems are a necessity in any business hoping to use email efficiently. Email spam remains a significant path for threats, simply because the vast majority of computer users still use this medium. Spammed emails containing attachments remain a popular tactic for cybercriminals, often taking advantage of vulnerabilities in Office and PDF Reader software to launch malicious code from within innocent-looking document formats.

Emails containing links to malicious sites continue to increase as a major means of leading new victims to attack sites.

Ransomware

Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive, while some may simply lock the system and display messages intended to coax the user into paying. Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others. The first known ransomware was the 1989 “PC Cyborg” trojan written by Joseph Popp. Ransomware typically propagates like a conventional computer worm, entering a system through, for example, a downloaded file or vulnerability in a network service. The program will then run a payload: such as one that will begin to encrypt personal files on the hard drive

Malvertising

Malvertising refers to implantation of malicious advertisements onto websites. In many cases, the websites are entirely innocent and unaware of the threat they’re posing to their visitors.

Clickjacking

One of the common types of attacks hitting Facebook users is “clickjacking,” also called “UI redressing.” These attacks use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different. Clickjacking uses the social engineering techniques to lure new victims and trick them into clicking on the disguised links. Clickjacking attacks not only spread social networking link-spam, they also regularly carry out other actions such as granting access to valuable personal information and even making purchases.

Approach to Cyber Security

There are four major areas in dealing with the cyber security crimes viz. deterrence, prevention, detection and reaction. For deterrence, there is law. Focus needs to be on multilateral cyber-crime legislation. These include harmonization of the cyber-crime legislation and to make provisions of tougher penalties. Further, the e-commerce legislation needs to be improved. For prevention, there is a need of design and use of more secure systems, better security management. There is also a need to improve information security management in both public and private spaces. For detection, focus needs to be on policing mechanisms and early warning of attacks.  For reaction, there is a need for design of stronger information infrastructures, crisis management programs, and policing and justice efforts.

International Measures on Cyber Security

On the turn of the 21^st century, the International law enforcement agencies began to recognize the scope and the threat of the cyber crime, as the widespread potential for economic damage and disruption was demonstrated by the crippling MafiaBoy attacks on Yahoo, Amazon, eBay, and other high profile ecommerce sites in February 2000. The first step was of creation of cyber squads in many countries including US, UK, Australia, Canada etc. This was followed by establishment of specialized organisations for dealing with cyber security and cyber crimes:

• Australia: Trusted Information Sharing Network (TISN) for Critical Infrastructure Resilience (CIR).
• Canada:Public Safety and Emergency Preparedness Canada (PSEPC)
• Germany:Federal Office for Information Security (BSI)
• New Zealand: Centre for Critical Infrastructure Protection (CCIP)
• UK:  National Infrastructure Security Co-ordination Centre (NISCC)
• US:  Department of Homeland Security (DHS).