Attacks and Mitigation

1.Brute Force Attack:

The attacker use a trial and error method and attempts all possible username and password to gain access to the particular account.

2.Denial-of-service attack (DoS attack):

A denial-of-service attack overwhelms a system resource so that it cannot respond to service requests.

3.Distributed denial-of-service attack (DDoS attack):

A DDos attack is also an attack systems resources, but it is launched from large number of other host machines(Botnets) that are infected by malicious software controlled by the attacker.

 DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade.

Types of Dos and DDos attacks:

SYN Flood attack:

It is a type of DOS attack where attacker sends a flood of SYN request using fake ip to a targets system in an attempt to consume enough server resource to make the system unresponsive to legitimate traffic.

Smurf attack:

The attackers send a broadcast ping message to the network using the victim IP. The ICMP echo requests are being sent to all the machines. These machines respond to IP of the victim.

Ping of death attack

This type of attack uses IP packets to ping a target system with an IP size over the maximum of 65,535 bytes. IP packets of this size are not allowed, so attacker fragments the IP packet. Once the target system reassembles the packet, it can experience buffer overflows and other crashes.

Ping of death attacks can be blocked by using a firewall that will check fragmented IP packets for maximum size.

          Mitigation:

• IP White listing or Blacklisting.
• To prevent smurf attack you need to disable IP-directed broadcasts at the routers. This will prevent the ICMP echo broadcast request at the network devices.
• Rate Limiting, limiting the amount of traffic available to a specific Network Interface Controller (NIC).

4. Man-in-the-Middle Attack (MITM):

 Man-in-the-Middle Attack (MITM) attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.

Types of MIMT attack:

Session Hijacking:

 In this type of Mitm attack, an attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it is communicating with the client.

IP Spoofing:

IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it.

 Mitigation for MITM Attacks:

• Verify TLS/SSL Setups.
•  Using Virtual Private Network.
• Public key pair based Authentication.
•  Using HTTPS protocol for Browsing.

5.Phishing Attack:

 Phishing attack is the practice of sending emails that appear to be from trusted sources with the goal of gaining personal information or influencing users to do something. It combines social engineering and technical trickery. It could involve an attachment to an email that loads malware onto your computer. It could also be a link to an illegitimate website that can trick you into downloading malware or handing over your personal information.

Mitigation for Phishing Attacks:

• Analysing email headers.
• Hovering over the links.
• Using updated Antivirus.
• Verify Sites Security.
•  Using Firewalls.
• Using Anti-Phishing Toolbar.
• Not to trust anyone blindly.

6.SQL Injection Attack :

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour.

Mitigation for SQL Injection:

•  Keeping the database updated.
•   Applying least privilege model of permissions in your databases.
• Using Web Application Firewalls.
•  By not showing error message.
• White listing Input validation.

7.Cross-site scripting (XSS) attack

XSS attacks use third-party web resources to run scripts in the victim’s web browser or scrip table application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script. 

Mitigation For Cross Site Scripting:

• Whitelist values.
• Escape Dynamic content.
• Sanitize HTML.
• Implement a content security Policy.
• Giving users the option to disable client-side scripts.