Basic Network Attacks in Computer Network

Many people rely on the Internet for many of their professional, social and personal activities.
But there are also people who attempt to damage our Internet-connected computers, violate our
privacy and render inoperable the Internet services. 

Given the frequency and variety of existing attacks as well as the threat of new and more
destructive future attacks, network security has become a central topic in the field of computer
networking. 

How are computer networks vulnerable? What are some of the more prevalent types of
attacks today? 

Malware – short for malicious software which is specifically designed to disrupt, damage, or
gain authorized access to a computer system. Much of the malware out there today is self-
replicating: once it infects one host, from that host it seeks entry into other hosts over the
Internet, and from the newly infected hosts, it seeks entry into yet more hosts. In this manner,
self-replicating malware can spread exponentially fast. 

Virus – A malware which requires some form of user’s interaction to infect the user’s device.
The classic example is an e-mail attachment containing malicious executable code. If a user
receives and opens such an attachment, the user inadvertently runs the malware on the device. 

Worm – A malware which can enter a device without any explicit user interaction. For example,
a user may be running a vulnerable network application to which an attacker can send malware.
In some cases, without any user intervention, the application may accept the malware from the
Internet and run it, creating a worm. 

Botnet – A network of private computers infected with malicious software and controlled as a
group without the owners’ knowledge, e.g. to send spam. 

DoS (Denial of Service) – A DoS attack renders a network, host, or other pieces of infrastructure
unusable by legitimate users. Most Internet DoS attacks fall into one of three categories : 

• Vulnerability attack: This involves sending a few well-crafted messages to a vulnerable

application or operating system running on a targeted host. If the right sequence of packets is
sent to a vulnerable application or operating system, the service can stop or, worse, the host can
crash. 

• Bandwidth flooding: The attacker sends a deluge of packets to the targeted host—so many
packets that the target’s access link becomes clogged, preventing legitimate packets from
reaching the server. 
• Connection flooding: The attacker establishes a large number of half-open or fully open TCP
connections at the target host. The host can become so bogged down with these bogus
connections that it stops accepting legitimate connections. 

DDoS (Distributed DoS) – DDoS is a type of DOS attack where multiple compromised
systems, are used to target a single system causing a Denial of Service (DoS) attack. DDoS
attacks leveraging botnets with thousands of comprised hosts are a common occurrence today.
DDoS attacks are much harder to detect and defend against than a DoS attack from a single host. 

Packet sniffer – A passive receiver that records a copy of every packet that flies by is called a
packet sniffer. By placing a passive receiver in the vicinity of the wireless transmitter, that
receiver can obtain a copy of every packet that is transmitted! These packets can contain all
kinds of sensitive information, including passwords, social security numbers, trade secrets, and
private personal messages. some of the best defenses against packet sniffing involve
cryptography. 

IP Spoofing – The ability to inject packets into the Internet with a false source address is known
as IP spoofing, and is but one of many ways in which one user can masquerade as another user.
To solve this problem, we will need end-point authentication, that is, a mechanism that will
allow us to determine with certainty if a message originates from where we think it does. 

Man-in-the-Middle Attack – As the name indicates, a man-in-the-middle attack occurs when

someone between you and the person with whom you are communicating is actively monitoring,
capturing, and controlling your communication transparently. For example, the attacker can re-
route a data exchange. When computers are communicating at low levels of the network layer,
the computers might not be able to determine with whom they are exchanging data. 

Compromised-Key Attack – A key is a secret code or number necessary to interpret secured

information. Although obtaining a key is a difficult and resource-intensive process for an
attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised
key. An attacker uses the compromised key to gain access to a secured communication without
the sender or receiver being aware of the attack. 

Phishing – The fraudulent practice of sending emails purporting to be from reputable companies
in order to induce individuals to reveal personal information, such as passwords and credit card
numbers. 

DNS spoofing – Also referred to as DNS cache poisoning, is a form of computer security
hacking in which corrupt Domain Name System data is introduced into the DNS resolver’s
cache, causing the name server to return an incorrect IP address. 

Rootkit – Rootkits are stealthy packages designed to benefit administrative rights and get the
right of entry to a community tool. Once installed, hackers have complete and unrestricted get
right of entry to the tool and can, therefore, execute any movement including spying on
customers or stealing exclusive data with no hindrance.
This article is contributed by Achiv Chauhan. If you like GeeksforGeeks and would like to
contribute, you can also write an article using write.geeksforgeeks.org or mail your article to
[email protected]. See your article appearing on the GeeksforGeeks main page
and help other Geeks. 

Please write comments if you find anything incorrect, or you want to share more information
about the topic discussed above.
 

Digital Signatures and Certificates

Encryption – Process of converting electronic data into another form, called ciphertext, which
cannot be easily understood by anyone except the authorized parties. This assures data security. 
Decryption– Process of translating code to data. 

 The message is encrypted at the sender’s side using various encryption algorithms and
decrypted at the receiver’s end with the help of the decryption algorithms.
 When some message is to be kept secure like username, password, etc., encryption and
decryption techniques are used to assure data security.

Types of Encryption 

1. Symmetric Encryption– Data is encrypted using a key and the decryption is also done using the
same key.
2. Asymmetric Encryption-Asymmetric Cryptography is also known as public-key cryptography. It
uses public and private keys to encrypt and decrypt data. One key in the pair which can be
shared with everyone is called the public key. The other key in the pair which is kept secret and
is only known by the owner is called the private key. Either of the keys can be used to encrypt a
message; the opposite key from the one used to encrypt the message is used for decryption.

Public key– Key which is known to everyone. Ex-public key of A is 7, this information is
known to everyone. 
Private key– Key which is only known to the person who’s private key it is. 

Authentication-Authentication is any process by which a system verifies the identity of a user

who wishes to access it. 
Non- repudiation– Non-repudiation means to ensure that a transferred message has been sent
and received by the parties claiming to have sent and received the message. Non-repudiation is a
way to guarantee that the sender of a message cannot later deny having sent the message and that
the recipient cannot deny having received the message. 
Integrity– to ensure that the message was not altered during the transmission. 
Message digest -The representation of text in the form of a single string of digits, created using a
formula called a one way hash function. Encrypting a message digest with a private key creates a
digital signature which is an electronic means of authentication.. 
 
Digital Signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document. 
 

1. Key Generation Algorithms: Digital signature is electronic signatures, which assure that the
message was sent by a particular sender. While performing digital transactions authenticity and
integrity should be assured, otherwise, the data can be altered or someone can also act as if he
was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms like email programs create a
one-way hash of the electronic data which is to be signed. The signing algorithm then encrypts
the hash value using the private key (signature key). This encrypted hash along with other
information like the hashing algorithm is the digital signature. This digital signature is appended
with the data and sent to the verifier. The reason for encrypting the hash instead of the entire
message or document is that a hash function converts any arbitrary input into a much shorter
fixed-length value. This saves time as now instead of signing a long message a shorter hash value
has to be signed and moreover hashing is much faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital Signature along with the data. It
then uses Verification algorithm to process on the digital signature and the public key
(verification key) and generates some value. It also applies the same hash function on the
received data and generates a hash value. Then the hash value and the output of the verification
algorithm are compared. If they both are equal, then the digital signature is valid else it is
invalid.

The steps followed in creating digital signature are : 

1. Message digest is computed by applying hash function on the message and then message digest
is encrypted using private key of sender to form the digital signature. (digital signature =
encryption (private key of sender, message digest) and message digest = message digest
algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital signature is
transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This assures authenticity,
as only sender has his private key so only sender can encrypt using his private key which can
thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual message is sent with
the digital signature).
6. The message digest computed by receiver and the message digest (got by decryption on digital
signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from hash value
of the message is very difficult. 
 

Digital Certificate

Digital certificate is issued by a trusted third party which proves sender’s identity to the receiver
and receiver’s identity to the sender. 
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the identity of
the certificate holder. The CA issues an encrypted digital certificate containing the applicant’s
public key and a variety of other identification information. Digital certificate is used to attach
public key with a particular individual or an entity. 
Digital certificate contains:- 
 

1. Name of certificate holder.

2. Serial number which is used to uniquely identify a certificate, the individual or the entity
identified by the certificate
3. Expiration dates.
4. Copy of certificate holder’s public key.(used for decrypting messages and digital signatures)
5. Digital Signature of the certificate issuing authority.

Digital certificate is also sent with the digital signature and the message. 

Digital certificate vs digital signature : 

Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is assuring that
the message is sent by the known user and not modified, while digital certificate is used to verify
the identity of the user, maybe sender or receiver. Thus, digital signature and certificate are
different kind of things but both are used for security. Most websites use digital certificate to
enhance trust of their users
 

Feature Digital Signature Digital Certificate

Digital signature is like a fingerprint or an

Basics / Digital certificate is a file that ensures
attachment to a digital document that
Definition holder’s identity and provides security.
ensures its authenticity and integrity.

Hashed value of original message is It is generated by CA (Certifying Authority)

Process /
encrypted with sender’s secret key to that involves four steps: Key Generation,
Steps
generate the digital signature. Registration, Verification, Creation.

Security Authenticity of Sender, integrity of the It provides security and authenticity of

Services document and non-repudiation. certificate holder.

Standard It follows Digital Signature Standard (DSS). It follows X.509 Standard Format

This article is contributed by Shashank.