Chapter 2: Network Security Threats

Overview

Chapter 2 introduces the wide range of threats that target network security. These threats may come from malicious attackers, accidental user actions, technical failures, or physical and environmental disasters. Understanding these threats is essential for protecting networked systems.

Attacker Motivations

Attackers target networks for several reasons:

  • Financial gain

  • Political or ideological goals

  • Espionage

  • Revenge or personal challenge

Knowing attacker motivation helps organizations anticipate potential attack methods.

The Five Phases of Hacking

Most cyberattacks follow a structured process:

  1. Reconnaissance - Collecting information about the target - Examples: social media, public records, DNS lookups

  2. Scanning - Identifying open ports and vulnerabilities - Examples: port scanners, vulnerability scanners

  3. Enumeration - Gathering detailed system information - Examples: user accounts, network resources

  4. Attacking - Exploiting discovered vulnerabilities - Examples: malware installation, password attacks

  5. Post-Attack Activities - Maintaining access and hiding activity - Examples: backdoors, data exfiltration

Common Network Security Threats

Malware

Malware is software designed to harm or exploit systems.

  • Viruses

  • Worms

  • Trojans

  • Ransomware

  • Spyware

Hardware and Environmental Threats

  • Hardware failures

  • Power outages or surges

  • Natural disasters such as fires or floods

Insider Threats

  • Users with authorized access

  • May be intentional or accidental

  • Often difficult to detect

Advanced Network Attacks

Session Hijacking

  • Takes control of an active user session

  • Common on unsecured connections

Spoofing

  • Falsifying identity to appear trusted

  • Examples include IP, email, and DNS spoofing

Man-in-the-Middle (MitM) Attacks

  • Intercepts communication between two parties

  • Can steal or alter data in transit

Denial-of-Service Attacks

Denial-of-Service (DoS)

  • Overloads a system with traffic

  • Originates from a single source

Distributed Denial-of-Service (DDoS)

  • Uses multiple compromised systems

  • More difficult to mitigate than DoS attacks

Social Engineering

Social engineering exploits human behavior rather than technical vulnerabilities.

  • Phishing emails

  • Impersonation

  • Deceptive phone calls or messages

Defenses and Mitigation Strategies

  • Encryption to protect data

  • User training and awareness

  • Access control and least privilege

  • Monitoring and intrusion detection

  • Regular patching and updates

Key Takeaways

  • Cyberattacks typically follow predictable phases

  • Social engineering is a major security risk

  • Malware and advanced attacks continue to evolve

  • Effective security relies on both technical and human defenses