Types of Cyber Attacks and Mitigation Strategies

Technical Research Paper

Report

Contents

Attack

Types of Attack

TCP Attack

TCP Hijacking

IP Spoofing: Assuming the identity

Man in the Middle attack using Packet Sniffers

Blind Attack

Cross Site Scripting (XSS Attack)

Mitigation

Network layer Secure socket layer

Secure shell(SSH)

HTTPS

Application

Complex and strong session ID

Random session ID

Session ID generated by server

References

An attack is a security threat to the computer systems and its can be attacked through different ways of attack. Attacks take place to alter add or delete and fetch information from the network through unauthorized access. It is major vulnerability in information technology. This is also called cyber-attack. It can target computer systems, networks, infrastructure as well as the personal systems. [1]   
 

Attacks are of different kinds and the most common cyber-attacks are:

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

Man-in-the-middle (MitM) attack

Phishing and spear phishing attacks

Drive-by attack

Password attack

SQL injection attack

Cross-site scripting (XSS) attack

Eavesdropping attack

Birthday attack

Malware attack 

 TCP attack is known as Man in the Middle attack. IP spoofing is a technique which is used by attackers for hiding their IP and replacing it with random IP address which makes them untraceable. The man in the middle attack hits the transmission channel and steals the information or alter it for its own personal use or to harm any organization or the society. [1,2]

A TCP Hijacking is like a two-phased man-in-the-middle attack where the attacker waits in the circuit between a client and a server to get the information of the port and sequence number which is used in the connection. TCP hijacking is when an unauthorized user hijacks a network connection of another user for example the attacker monitors the network transmission and analyzes the source and destination IP addresses of the two computers once the attacker discovers the IP address of one of the users the attacker can knock one of the users off their connection using a denial service attack or other types of attack and then resume connection by spoofing the IP address of the disconnected user the other user is tricked into thinking that he is still talking to the same legitimate user when they actually he’s not to prevent this type of attack you can install some sort of encryption mechanism such as an IP security IP security works at the internet layer it secures the IP including everything within the IP packets data field IP security is a gold standard for virtual private network security it gives protection to both transport layer and application layer messages here’s an example of TCP IP hijacking so first you have system a who’s communicating with system B at this IP address of 192.168.0.0 zero and the system B IP address of 192.168.0.0 so as you can see in the TCP header you have your source destination sequence number acknowledgment number and length so the source is system at the destination is system B and over here you have the TCP header for packets going to system a from system B source system B destination system a again sequence number acknowledged among acknowledged mint number and length but here you have the attacker system by hijacking the session here the source has system a when naturality is sits the attacker system the destination going to system B and so that’s what TCP hijacking is he hijacks the IP address of the source pretending to be system a when naturally assists as the attacker stem and so system B will communicate with the attacker system unaware that actually again communicating with the attacker system and not with actual system.

A TCP/IP hijack is an attack that spoofs a server into thinking it is talking with a valid client, when in fact it is communicating with an attacker that has taken over (or hijacked) the TCP session. TCP session hijacks can be implemented in two different ways: Middle Man

Attack and the Blind attack. This is basically done using the following methods

IP Spoofing: Assuming the identity

IP Spoofing is a way of doing things used to gain unauthorized access to machines, within which/by which an attacker illegally (pretends to be) another machine by controlling/moving around/misleading IP packets. IP Spoofing involves changing the packet header with a spoofed source IP address, a checksum, and the order value. Internet is a packet switched network, which causes the packets leaving one machine may be arriving at the destination machine in different order. The receiving machine looks like the message based on the order value which is inserted in IP header. IP spoofing involves solving the set of computer instructions that is used to select the order sent values, and to change them correctly. [4]

 

Man in the Middle attack using Packet Sniffers

This technique involves using a packet sniffer to intercept the communication between client and the server. Packet sniffer comes in two categories: Active and Passive sniffers. Passive sniffers monitor and sniffs packet from a network having same collision domain i.e. network with a hub, as all packets are broadcasted on each port of hub. Active sniffers work with Switched LAN network by ARP (Address Resolution Protocol) spoofing, the acknowledgement number, the ports and the protocol numbers, so that hijacker can forge the packet and send it to the server before the client does so. Another way of doing so is to change the default gateway of the client’s machine so that it will route its packets via the hijacker’s machine. This can be done by ARP spoofing (i.e. by sending malicious ARP packets mapping its MAC address to the default gateways address so as to update the ARP cache on the client to redirect the traffic to hijacker).3

Blind Attack

If you are not able to sniff the packets and guess the correct sequence number expected by server, you have to implement “Blind Session Hijacking”. You have to brute force 4 billion combinations of sequence number which will be an unreliable task.

Cross Site Scripting (XSS Attack)

Attacker can also capture victim’s Session ID using XSS attack by using JavaScript. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker.

For defending the network on session hijacking there will have to secure application level and network level. Network level hijacks can be secured by encrypting the packets where the hackers can’t decrypt so that they will be safe. Providing with protocols like IPSEC, SSL, SSH etc. Internet security protocol (IPSEC) has the ability to encrypt the packet on some shared key between the two parties involved in communication. IPsec runs in two modes: Transport and Tunnel.  In the transport mode the data packets will be send and in the tunnel mode both the packets and the data will be encrypted. [4]

Find Out How UKEssays.com Can Help You!
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.
View our services

Network layerSecure socket layer

In this only secure socket layer should be used which uses end to end encryption for the data. When the data passes through the secure socket layer it will be in encrypted form and even if an attacker gets the data, it is very tough for him to find the real data from the packets. SSL channels use public key 28 bits and symmetric key 256 bits which make the encryptions method more complex, strong and more protected. [4]

Secure shell(SSH)

Secure socket shell is a network protocol used to access remotely situated systems or any remote computers.  This also provides a strong way of authentication and more of the encryption between the two systems in any insecure networks.

HTTPS

Usage of Hyper Text Transfer Protocol Secure connection whenever you are login to any website or even any servers where it makes the connection more secure and thus it will show that it is in a secure link for online works.

Application layer

Application layer is the send part of security layer deals with session ID hijacking there some countermeasure which given below. [4]

Complex and strong session ID

Session ID provides the unique identity to each session as well as user in order to track progress of user and the authentication state of the users in the web application, each application provides the users session identifier that is also known as Session ID or a token, which is assigned to the session when the session is created and used to share with the users and application server in order to track users activities. The ID will be valid till the session is valid once the session gets expired.

Random session ID

Usage of random session ID generation will be making attacker very harder to guess the session ID. Long Session ID can be used because the session ID will be long enough then it will provide good security to protect it from brute force attack.

Session ID generated by server

Using of server generated session ID which will make the session ID more complex and stronger because servers user algorithm to generate the session id and it is very tough for the attacker to crack the code.

We can usea) Encrypted session ID

b) Automatic log out

Some of the ways by which we can safeguard against session hijacking are:

Use secure shell (SSL) to create a secure communication channel

Use encrypted protocols that are offered at OpenSSH suite

Pass authentication cookies over the HTTPS secure connection

Implement the log-out functionality for each user to invalidate the session

Generate different session ID after each successful login and logout

Always pass the encrypted information between the users and the web servers

Use string or long random variables as a session key

Use different username and password for each account

Configure the suitable internal and external spoof rules on gateways

Do not transport session ID within the query string

Limit incoming connections and Minimize remote access 

1. Article Online Tchopedia

    Jeff Melnik, Common Cyber Attacks, 2018

    https://www.techopedia.com/definition/6060/attack

    https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/

2. Article Online

    Alexander Prohorenko, Networking 2000

    https://www.techrepublic.com/article/tcp-hijacking/

3. Journal Article on Website

    TCP SYN Flood, Imperva Incapsula

    https://www.incapsula.com/ddos/attack-glossary/syn-flood.html

4. Anuj Kumar Baitha, Prof. Smitha Vinod, 2018

    Research paper on Session hijacking and prevention technique

    https://www.researchgate.net/publication/325117343_Session_Hijacking_and_Prevention_Technique