this exercise, we will discuss the given network system in the portfolio to
find about the intruder’s level of access and the other things. The whole
exercise is dedicated to the whole network which is vulnerable to the intruder
and could be open to some serious security breach.
to examining the network system, we will go through the dome of the basics of
the attacks in the cyber security programming.
are actions taken to harm a system or disrupt normal operations by exploiting
vulnerabilities using various techniques and tools. Attackers launch attacks to
achieve goals either for personal satisfaction or recompense. The measurement
of the effort to be expended by an attacker, expressed in terms of their
expertise, resources, and motivation is called attack cost. Attack actors are
people who are a threat to the digital world (Sanders et al., 2013). They could
be hackers, criminals, or even governments. An attack itself may come in many
forms, including active network attacks to monitor unencrypted traffic in
search of sensitive information; passive attacks such as monitoring unprotected
network communications to decrypt the weakly encrypted traffic and getting
authentication information; close-in attacks; exploitation by insiders, and so
on. Common cyber-attack types are:
(a) Physical attacks: This sort of attack
tampers with hardware components. Due to the unattended and distributed nature
of the IoT, most devices typically operate in outdoor environments, which are
highly susceptible to physical attacks (Landau, 2017).
(b) Reconnaissance attacks – unauthorized
discovery and mapping of systems, services, or vulnerabilities. Examples of
reconnaissance attacks are scanning network ports, packet sniffers, traffic
analysis, and sending queries about IP address information..
(c) Denial-of-service (DoS): This kind of
attack is an attempt to make a machine or network resource unavailable to its
intended users. Due to low memory capabilities and limited computation
resources, the majority of devices in IoT are vulnerable to resource enervation
attacks (Hyder, 2013).
Access attacks – unauthorized persons gain access to networks or devices to
which they have no right to access. There are two different types of access
attack: the first is physical access, whereby the intruder can gain access to a
physical device. The second is remote access, which is done to IP-connected
(e) Attacks on privacy: Privacy protection in
IoT has become increasingly challenging due to large volumes of information
While going through the
network we find the different types network traffic flowing through the system.
1. Bursty Traffic-
The process of broadcasting of relatively high transmission of data over a very
short period of time is bursty traffic. The bursty traffic could be found in
the system somewhere and sometimes when an important message is broadcast to
all the resources quickly (Taylor Jr, 2014).
2. Interactive Traffic-
The interactive traffic could be found at the maximum points in the network and
it is quite poor in performance.
3. Latency sensitive
traffic- Especially in the WAN system there are
some delays in the message sending and receiving between the systems which are
called. This traffic is more dependent on the latency is quite hindered by the
Entry, Exploitation, and Pivoting
exercise is purely based on the network model given in exercise 4 and we will
discuss the entire network. The aim of this exercise is to practically think as
an attacker to find out the possible ways of exploitation for this network. We
have gone through the entire network and find out the below possible ways the
network could compromise to find entries and other information.
USB Thumb drive-
As the given network is consist of number system that can become into contact
with any outside source easily the thumb drive via USB is a possible threat.
The attackers used this technique to infect the firewall of any system from the
inside by slipping a malware into it. The method is low cost and less dangerous
as a person with any excuse can inject the USB thumb drive to any of the
computer and infect the whole network to control the security (Hogg &
Wireless point Access-
The wireless point access is the possible attacking point for the attackers and
anyone can connect to the network within the proximity of the network. The
attackers use the Wireless APs most of the point as it is easily reachable and
won’t get easily caught. Wireless access points are mostly insecure doesn’t
matter the encryption is used or not, they just weaken the network security.
Miscellaneous USB devices-
The entire network of the organization contains mostly the hardware devices with
USB support. This is quite easy for the attackers to inject any of the
miscellaneous USB devices with the spyware in it to breach the network security
(Amestoy et al., 2015).
– Sometimes employees or the users in the network access the part of the
network where they are not allowed. Accessing the unauthorized part of the
network also puts the security of the entire network at risk.
Mostly people are aware of the Trojan Horse that is a most dangerous virus that
infects the system and breaches the security for the attackers. There are also
human trojans who targets the organization directly, he could be in client’s
disguise or well suit attire. The Human Trojan gains the trust of the company
and then attack the system with possible tools once get the access to the
system (Hogg & Scott, 2013).
Smartphones and other
digital devices – Now, the world is being driven by
the smartphones and possible these smartphones are way more powerful than
computers due to mobility and compactness. The smartphones are the favorite
tools of the attackers if this generation and the network can easily be
breached with the small smart device.
above mentioned are the possible ways of exploiting the network using the
software vulnerabilities in the system (Alonso et al., 2014).