![]() There is considerable research being conducted on insider threats directed to developing new technologies. ![]() Simulated results demonstrate the effectiveness of the procedure for a representative DDoS attack scenario. Concrete examples provided for each step of the procedure identify the key tools to proactively prevent or respond to DDoS events. This procedure applies a hybrid approach that adapts to changing DDoS attack scenarios. This paper presents a detailed procedure for identifying both the on-set of DDoS attacks and corresponding countermeasures to prevent or limit their effects. However, none of these approaches individually achieves prevention or provides sufficient countermeasures to overcome and resolve DDoS threats. Previous attempts to overcome this threat include intrusion detection and prevention systems (IDS/IPS), firewalls, and packet scanning software. Of those attacks, one of the more severe is Distributed Denial-of-Service (DDoS) through which an attacker can disrupt, and possibly shutdown, local network enclaves and global net-centric enterprise systems. The increasing frequency, rising costs, and growing sophistication of cyber attacks on DoD, agency and commercial enterprise systems are dramatically reducing the quality of end-user services and compromising mission effectiveness. We demonstrate, through the use of a case study, that our visualization can provide motivation for further investigation into anomalous network activity. Our visualization not only provides a starting point for network visualization, but also reduces the cognitive burden of the analyst by providing a visual paradigm for both the filtering of network data and the selection of network data to drill into and visualize with alternative representations. In this paper we present a visualization that provides context for network visualizations by providing a high-level view of network events. This is a critical issue given the amount of network data under consideration, only a small portion of which can be examined at any one time. Yet the problem remains that if the visualization provides no insight into the network events that warrant further consideration, then the administrator must go back to the data to determine what should be visualized next. Many network visualizations make the assumption that an administrator has previously determined the subset of data that should be visualized. This type attack would cause the most damage, which was particularly true if the attack was carried out by a trusted employee who had access to a number of key network resources within the organization. This research has demonstrated that the greatest threat to any network comes from the insider, as a workstation on the network was able to breach the target server. Further, security policies, especially for passwords, were also disabled therefore this permitted users to set up weak passwords which included the Administrator account. Nmap, were successful in penetrating the server, but this could just as easily have been carried out by an external attacker, and the vulnerability assessment clearly collaborated this. Compromised computers within the network also became part of a botnet. Other exploits included the creation a backdoor to communicate with a remote server. The attacker was able to remotely log in to the server. The consequence of this was a network breach that created a number of new user accounts in the admin and user groups, exposed vulnerable ports, the attacker could copy, insert and delete files and logs at will. The experiment demonstrated how the administrator password was easily compromised by an unauthorised user, using the Cain and Able tool. ![]() The attack phase consisted on the following steps:- scanning, enumeration and vulnerability assessment. A variety of attack tools were used to simulate an insider attack on the server. The work was carried out in a virtual environment using a Window 2003 Small Business Server and two computers running Windows XP operating systems. This research demonstrates how the computers within a network can be used to breach a server within the same network. Research has shown that cyber attacks are often carried by an employee within an organisation. The use of digital fingerprinting technologies have facilitated the collection of evidence to use in the prosecution of cyber criminals who have left behind vital evidence when compromising servers. With the number of cyber attacks on the increase this has resulted in the security of networks being severely diminished. The internet has placed a major part in the increase of cybercrime on computers and network by making attack tools available to everyone.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |