Network infrastructure attacks
Network infrastructure attacks are malicious attempts to
compromise the systems and components that make up a
network, such as routers, switches, servers, and firewalls.
These attacks aim to disrupt operations, steal data, or
gain unauthorized access to network resources.
Common types include DDoS attacks, malware infections,
and man-in-the-middle attacks.
�DDoS (Distributed DoS)
DDoS is a type of DOS attack where multiple compromised
systems, are used to target a single system causing a Denial of
Service (DoS) attack. DDoS attacks leveraging botnets with
thousands of comprised hosts are a common occurrence today.
DDoS attacks are much harder to detect and defend against than
a DoS attack from a single host.
Botnet - A network of private computers infected with malicious
software and controlled as a group without the owners'
knowledge, e.g. to send spam.
�Man-in-the-Middle Attack
Attackers intercept and potentially alter communication
between two parties, potentially stealing sensitive
information.
For example, the attacker can re-route a data exchange.
When computers are communicating at low levels of the
network layer, the computers might not be able to
determine with whom they are exchanging data.
�Malware Attacks
Malicious software like viruses, worms, and ransomware can be
used to disrupt systems, steal data, or damage network
infrastructure.
Ransomware is a type of malicious software (malware) that
restricts access to computer systems or files, demanding a ransom
payment for their release.
Cybercriminals typically use ransomware to encrypt data,
preventing users from accessing their files, and then threaten to
publish or further exploit the data if the ransom isn't paid.
�Protecting Network Infrastructure:
Implement robust security measures: Use firewalls, intrusion detection
systems, and strong authentication protocols.
Regularly update software and firmware: Patch vulnerabilities to prevent
exploitation.
Monitor network activity: Detect suspicious behavior and potential attacks.
Educate users about security threats: Phishing and social engineering
attacks are often the initial vector for attacks.
Secure remote access: Use strong encryption and authentication for
remote connections.
�Security assessment principles
Security assessment principles are foundational guidelines for
building and evaluating the security of systems and processes.
They ensure systems are robust against threats and maintain
critical functions like confidentiality, integrity, and availability.
Key principles include the CIA Triad (Confidentiality, Integrity,
Availability), along with others like authentication, non-
repudiation, and various design principles such as least
privilege and fail-safe defaults.
�
Confidentiality: Ensuring that sensitive information is accessible only to
authorized individuals.
Integrity: Maintaining the accuracy and completeness of information,
preventing unauthorized modification.
Availability:Ensuring that authorized users have timely and reliable access to
information and resources when needed.
Authentication: Verifying the identity of users or systems before granting
access.
Non-Repudiation: Ensuring that actions or transactions can be definitively
attributed to the originator, preventing denial of responsibility.
�
Least Privilege: Granting users only the minimum level of
access necessary to perform their tasks.
Fail-Safe Defaults: Setting systems to a secure state by
default in case of failure or error.
