Incidents of Network Security
security incidents are the network-related activities with negative
security implications. This usually means that the activity violates
an explicit or implicit security policy. The most common methods used
by intruders to gain control of home computers are briefly described
- Trojan horse programs
Trojan horse programs are a common way for intruders to trick you
(sometimes referred to as "social engineering") into installing
"back door" programs. These can allow intruders easy access
to your computer without your knowledge, change your system configurations,
or infect your computer with a computer virus.
- Back door and remote administration programs
On Windows computers, three tools commonly used by intruders to
gain remote access to your computer are BackOrifice, Netbus, and
SubSeven. These back door or remote administration programs, once
installed, allow other people to access and control your computer.
- Denial of service
Another form of attack is called a denial-of-service (DoS) attack.
This type of attack causes your network to crash or to become so
busy processing data that you are unable to use it. It is important
to note that in addition to being the target of a DoS attack, it
is possible for your computer to be used as a participant in a denial-of-service
attack on another system. It often causes a more serious network
- Being an intermediary for another attack
Intruders will frequently use compromised computers as launching
pads for attacking other systems. An example of this is how distributed
denial-of-service (DDoS) tools are used. The intruders install an
"agent" (frequently through a Trojan horse program) that
runs on the compromised computer awaiting further instructions.
Then, when a number of agents are running on different computers,
a single "handler" can instruct all of them to launch
a denial-of-service attack on another system. Thus, the end target
of the attack is not your own computer, but someone else’s -- your
computer is just a convenient tool in a larger attack.
- Unprotected Windows shares
Unprotected Windows networking shares can be exploited by intruders
in an automated way to place tools on large numbers of Windows-based
computers attached to the Internet. Because site security on the
Internet is interdependent, a compromised computer not only creates
problems for the computer's owner, but it is also a threat to other
sites on the Internet. The greater immediate risk to the Internet
community is the potentially large number of computers attached
to the Internet with unprotected Windows networking shares combined
with distributed attack tools.
Another threat includes malicious and destructive code, such as
viruses or worms, which leverage unprotected Windows networking
shares to propagate.
There is great potential for the emergence of other intruder tools
that leverage unprotected Windows networking shares on a widespread
There have been reports of problems with "mobile code"
that let web developers write code that is executed by your web
browser. Although the code is generally useful, it can be used by
intruders to gather information (such as which web sites you visit)
or to run malicious code on your computer. It is possible to disable
- Cross-site scripting
A malicious web developer may attach a script to something sent
to a web site, such as a URL, an element in a form, or a database
inquiry. Later, when the web site responds to you, the malicious
script is transferred to your browser.
You can potentially expose your web browser to malicious scripts
following links in web pages, email messages, or newsgroup postings
without knowing what they link to
using interactive forms on an untrustworthy site
viewing online discussion groups, forums, or other dynamically generated
pages where users can post text containing HTML tags
- Packet sniffing
A packet sniffer is a program that captures data from information
packets as they travel over the network. That data may include user
names, passwords, and proprietary information that travels over
the network in clear text. With perhaps hundreds or thousands of
passwords captured by the packet sniffer, intruders can launch widespread
attacks on systems and hurt the network security. Installing a packet
sniffer does not necessarily require administrator-level access.
Relative to DSL and traditional dial-up users, cable modem users
have a higher risk of exposure to packet sniffers since entire neighborhoods
of cable modem users are effectively part of the same LAN. A packet
sniffer installed on any cable modem user's computer in a neighborhood
may be able to capture data transmitted by any other cable modem
in the same neighborhood.