Monday, September 17, 2007

Computer threat - Network Security

Every TCP package have 'flag bit’ defining content and intention of each package.

Example:

    A package with flag bit contain "SYN or SYNCHRONIZE" will undertake to conduct initiation connection from sender to recipient. A package with flag bit contain "ACK" will undertake to inform receiver about sender information.
    While a TCP package with beet flag contain "FIN" or "FINISH" undertaking to stop connection from sender to recipient.

To build a TCP connection, need data transfer package between two host, transfer of this data recognized by the name of "TCP Three-Way Handshake" as below picture.



Computer Network Threat


Threat is very harmful to the entire system and also by application at internal and external network.

The threat as follows:


Remote Login - this matter happened when someone capable to connect to a computer and have ability to control to several things related to resource found on the host or computer.


Application Backdoors - some program have special ability to access with long distance (remote access). Some bug program, exactly contain a backdoor or hidden access providing level control the computer and program.


SMTP session hijacking - SMTP is most commonly method used to deliver E-mail. By getting E-mail mailing-list, someone can deliver undesirable E-mail to thousands of or more users. This matter is called unsolicited junk mail or spam.


Spamming conducted with joining SMTP server which not suspect, then deliver thousands of E-mail called redirecting process, so that complicate to detect who is the real sender of the Mail Spam.


Operating system bugs – In application, some operation system have conducive security gap to be exploited illegally.


E-mail bombs - is an Individual attack, someone send hundreds or thousands of E-mail to one address so the victim E-mail cannot accept E-mail anymore.


Macro - To make simple or facilitate procedure an application, many application program permit us to make command which can be run by the program (script). By exploiting ability of script or macro, attacker can cause damage of data at computer.


Virus – Most known to make trouble at computer. The growth of virus from method, way of, making, effectiveness, damage storey, and also speed of spreading is different each other.


Redirect bombs – Hacker or Cracker can use ICMP to change direction of information and attack to other router.


Source routing - At many case, a data package which work through one or some network determined by router pass to route information by the router, but sometime hacker used the package as the real sender.

Another type of computer attack are from (next posted about this) :

    Denial of Service (DoS)
    Spoofing
    Broadcast Amplification
    TCP SYN

The method to run the threat above, can be conducted variously including using virus.

No comments: