NETWORK

ATTACKS,
ARCHITECTURE
AND ISOLATION
NETWORK ATTACKS,
ARCHITECTURE AND ISOLATION
NETWORK ATTACK

 Network attack defined as any method, process, or means used

to maliciously attempt to compromise network security.

 A network attack is an attempt to gain unauthorized access to

an organization’s network, with the objective of stealing data
or perform other malicious activity.
:

Two main types of network attacks:

 Passive: Attackers gain access to a network and can monitor or

steal sensitive information, but without making any change to
the data, leaving it intact.
Active: Attackers not only gain unauthorized access but also
modify data, either deleting, encrypting or otherwise harming it.
We distinguish network attacks from
several other types of attacks:
 Endpoint attacks—gaining unauthorized access to user devices,
servers or other endpoints, typically compromising them by
infecting them with malware.
 Malware attacks—infecting IT resources with malware,
allowing attackers to compromise systems, steal data and do
damage. These also include ransomware attacks.
 Vulnerabilities, exploits and attacks—exploiting vulnerabilities
in software used in the organization, to gain unauthorized access,
compromise or sabotage systems.
 Advanced persistent threats—these are complex multilayered
threats, which include network attacks but also other attack
types.
What are the Common Types of
Network Attacks?
• 1. Unauthorized access
Unauthorized access refers to attackers accessing a network
without receiving permission. Among the causes of
unauthorized access attacks are weak passwords, lacking
protection against social engineering, previously compromised
accounts, and insider threats.
• 2.  Distributed Denial of Service (DDoS) attacks
Attackers build botnets, large fleets of compromised devices,
and use them to direct false traffic at your network or servers.
DDoS can occur at the network level, for example by sending
huge volumes of SYN/ACC packets which can overwhelm a
server, or at the application level, for example by performing
complex SQL queries that bring a database to its knees.
3. Man in the middle attacks
A man in the middle attack involves attackers intercepting traffic,
either between your network and external sites or within your
network. If communication protocols are not secured or attackers
find a way to circumvent that security, they can steal data that is
being transmitted, obtain user credentials and hijack their sessions.
4.  Code and SQL injection attacks
Many websites accept user inputs and fail to validate and sanitize
those inputs. Attackers can then fill out a form or make an API call,
passing malicious code instead of the expected data values. The
code is executed on the server and allows attackers to compromise
it.
5. Privilege escalation
Once attackers penetrate your network, they can use privilege
escalation to expand their reach. Horizontal privilege escalation
involves attackers gaining access to additional, adjacent systems,
and vertical escalation means attackers gain a higher level of
privileges for the same systems
NETWORKING ATTACKS AND NETWORK
ISOLATION –ARP SPOOFING AND SWITCHES
• Network Attacks-
• Working of Switches:
• · Switches keep a table of Ethernet MAC Address which is
called a MAC Table
• · It uses these unique MAC Addresses for your devices to send
traffic to its destination on the LAN
• · It works on the data link layer- Layer 2
• Once data is travelling on the local network, IP address is not used
anymore, the MAC Addresses are used for traffic to find its
destination to the local network
• · Switches are more secure than the hub because switches have an
isolated collision domain. That means you can’t sniff the traffic on the
network with a switch because traffic only gets forwarded to the
correct LAN port based on the MAC Address
• · So when the traffic goes into the switch or the router, the switch
knows what the MAC Address is so instead of sending data to all the
devices it sends it to that one physical port and down that wire
• So anyone plugged in into that switch won’t receive that data.
• · That’s the isolated collision domain.
 Address resolution protocol resolves the network layer IP
address into data link layer MAC Address

• ARP Broadcasts a frame requesting the MAC Address for the

IP it has

• The device with the correct IP replies with the correct MAC
Address.

• This is then added to the ARP Table Cache with tools like:
ARP Spoof,Ettercap which are available in Linux and Cain &
Able available in Windows.
MITM(Man In The Middle) Attacks
• An attacker fools all the devices in the network on believing that
the attacker is the default gateway or the router by abusing the
address resolution protocol (ARP)
• · The attacker can then observe, record ,inject and manipulate
traffic.

• · With a Wi-Fi Network traffic can also be manipulated in this way

• · If we have a hub instead of switch , we can observe the traffic
anyway
• · But if we want to perform injection and manipulation we need to
perform ARP Spoofing anyways
• ARP Attacks:
• An attacker or malware with similar functionality on
the network could fool all the devices on the network
that they are the correct MAC Address for the
router’s IP Address.

• Now the attacker can see all the functionality of the

victim and perform all the attacks such as
manipulation, injection, SSL Striping, attacking the
browser etc.

• The ARP Protocol can also be used to perform DOS

(Denial of Service Attacks)
• https://www.youtube.com/watch?v=f2g4r0JmFXI

• https://www.youtube.com/watch?v=_koXhJ8fXmw
THANK YOU