In the old comic, Pogo, the namesake once observed, “We have met the enemy and he is us.” That observation has been used to describe situations in everything from politics to everyday life but seems apropos even when discussing networks and the threats they face, including computer threats.
Whether the origin of these threats is internal or online, the issues can usually be boiled down to two types: passive and active. Both are network delivered, which makes them prime candidates for remedies that are intelligence-based.
Network Threats
Passive threats are those that are introduced through functions such as idle scans and wiretapping designed to intercept traffic that has been traveling through the network. Active threats, on the other hand, include things like Denial of Service (DoS) or SQL injection attacks, which is when the attacker is using an execute the command to interrupt the normal operation of the network.
In order to carry out a successful attack on a network, the attackers must hack the infrastructure of the company and exploit the vulnerabilities of the software, which allows them to execute commands remotely on the operating systems. Attacks on DoS and hijacking of the shared network of communications are exceptions.
How Attackers Gain Access
Access to internal operating systems is normally gained by attackers via an email-delivered threat that is the first compromise of the machines. The attacker then controls the malware, which provides them with the ability to move laterally. This increases the chances that they won’t be detected in front while giving them an almost totally effortless entry point.
A recent security intelligence report claims that more than 45 percent of all malware requires some type of user interaction, which suggests that an email targeted at a particular user is designed to trick them into providing the interaction needed. This is the primary tactic used by network attackers to give them access.
Malicious Entry
Some threats are designed to disrupt the operations of a company rather than to covertly gather information for espionage and financial gain. These attacks have the effect of overwhelming the resources of the network, such as email and web gateways, switches, routers, and more. These prevent the user from gaining access to applications, for the ultimate goal of taking service offline or seriously degrading the quality of service.
These don’t necessarily require proactive hacking, but they do rely on an attacker’s ability to scale traffic to the organization and take advantage of the misconfigured and poorly protected infrastructure. It also does not count on regular network maintenance to interfere with its efforts. The good news in all of this is that those networks that have a demonstrated program of regular maintenance working in tandem to overwhelm a target will find themselves far less vulnerable than those without it. This includes those efforts that employ multiple threats that disguise their real intent. It has been consistently proven that a regular program of network maintenance can mitigate threats and attacks delivered by a network.