Secure Networking Threats
This chapter covers the following topics:
- The Attack Process
- Attacker Types
- Vulnerability Types
- Attack Results
- Attack Taxonomy
Though the enemy be stronger in numbers, we may prevent him from fighting. Scheme so as to discover his plans and the likelihood of their success.
Sun Zi, The Art of War
That vulnerability is completely theoretical.
Microsoft
As discussed in Chapter 2, "Security Policy and Operations Life Cycle," when considering the characteristics of your network security system, you must understand the likely threats your network will encounter. The bulk of the information contained in this chapter outlines the various attack classes you must consider when designing your network. Because this book is focused on the network rather than the computer, the threats are oriented accordingly. Application layer attacks, for example, are grouped into one subheading and summarized, while network-based attacks are highlighted in more detail.
The material in this chapter can be used in three ways:
- As the foundation information necessary to complete the risk analysis referenced in Figure 2-1. You still must map the threats discussed here against your own environment, but this will be a good start.
- As foundation material going into Chapter 4, "Network Security Technologies." Chapter 4 presents the network security technologies at your disposal. The capability of these technologies to mitigate the threats outlined in this chapter should be a main criterion in selecting specific technologies for your network security system.
- As a frame of reference. Later in the book, sample secure network designs are presented. The threats outlined here can be evaluated against those designs to determine the effectiveness of the entire network security system.
NOTE
This is not the "learn how to hack" chapter. If you are looking for that sort of information, you would be better served by a book focused on that subject. This chapter merely attempts to describe the kinds of attacks so that you have a frame of reference for the terms you'll read about in the rest of the book. It is also worth noting that the skill sets required to break something and to fix something do not overlap 100 percent.
The following sections outline the attack process, types of attackers, and the varieties of vulnerabilities, and they set up the final two sections that cover attack results and attack classes.