Identifying Potential Attacks, Threats and Vulnerabilities, Research Paper Example
Words: 1238Research Paper
Computer network attacks or threats are operations that degrade, deny, disrupt or destroy information that resides in computers within computer networks or the network itself. A typical computer network attack sends a code of instructions to a central processing unit within the network that causes the computer or network to shut down the power supply. Lack of security controls and measures makes computer networks vulnerable to these kinds of attacks. The attacks can be active, meaning that information may be altered aimed at destroying or corrupting it, or passive, where the information on the network is monitored. Quite a number of possible malicious attacks in this case threaten the computer network for the gaming company.
Snooping or sniffing is a passive computer network attack where attackers gain access to the network’s data paths, and can read, or interpret, the data flowing through the network. In this way, the attacker can ‘listen’ or eavesdrop on the network. This is one malicious attack, which is an eminent threat to the gaming company’s network (Microsoft, 2013).
Data alteration or modification is another potential malicious attack on the video-game development company network. This can occur when an attacker gains access to the computer network and can access the data traversing the network or that residing in the servers or desktops or laptops. At this point, they can then change the data with the intention of corrupting or modifying it.
IP address or identity spoofing is a computer network attack where an intruder assumes a valid IP address as an entity in the network. This is a form of an active attack that enables an attacker to gain access of the network. The attacker is viewed like a legitimate member of the network allowing them to conduct operations like any other network entity. It is a potential malicious attack thus a threat to the gaming company’s computer network.
Essentially, most computer systems and networks allow access and administer user rights based on usernames and passwords. Password-based attacks, therefore, are a great threat to any computer network. An attacker, who can successfully and maliciously obtain the authentication details of a user within the network, can cause lots of harm to the video game development company network.
Denial-of-service is another potential malicious attack that can be inflicted on the network. This entails an attacker preventing valid system users from accessing normal computer services within the network or from the network. For the company, this may entail denying client’s access to company servers. Another attack that may particularly target the gaming company’s network servers is an application layer attack. Here, the attacker seeks to cause faults on applications in the server and server operating system (Microsoft, 2013).
The impacts of these attacks are detrimental to the company networks as well as its operations. The proprietary rights to the software developed will be compromised in the event of snooping attacks. This attack allows attackers to read data while on transit within the network, some of which may reveal information relevant to gaming application development. Such data on the hands of competitors in the industry may negatively influence the competence of the company’s products.
Data modification can allow an intruder to alter data on transit or residing on network computers meaning that, alterations, for example, of code and instructions snippets, would be possible. This would adversely affect performance of the company gaming products affecting its revenues and image. A lot of work would need to be done to correct faults arising from this.
Identity spoofing gives an intruder access to the system by masquerading as a legitimate use. This way the attacker can delete data, reroute data on transit or simply destroy whatever data they wish to that resides on network computers or servers. This would compromise the network as well as gaming data stored on network entities. The impact would range from a faulty network to corrupted gaming information resulting to malfunctions and unsatisfied clients.
Password-based attacks enable intruders gain access and rights to system use. Gaining high-level access would mean the attacker could alter server and network configurations thereby accessing user controls and rights. They can also obtain valid user details, which for the gaming company would infringe on the clients privacy compromising the company’s integrity. They would also be able to gain computer names, network information as well as create new accounts allowing them to attack the network. This would have cost implications on the company in trying to recover from frequent attacks.
Denial-of-service means that it would be possible for the attacker to cut client access to the system. This would lead to loss of clients for the company and the cost implications could be unpredictable depending on how long the attacker can hold up the attack. Application layer attacks would compromise the company server making it difficult to perform operations within the company network and server clients of the gaming services. This would also create negative revenue implications.
Attacks on the company network may result from some of the vulnerabilities in its network, including the absence of a strong encryption service. Data traversing the network should be well secured by effectively encrypting it. Absence of an effective cryptographic encryption system creates vulnerability in the company network.
Technology keeps changing and thus systems are rendered obsolete quickly, especially in the network security field. Older systems are normally replaced since hackers and attackers have been able to circumvent their security measures. The chance that the computer network consists of old entities is a huge vulnerability to its security (Microsoft, 2013).
Certain network architectures create inherent vulnerabilities to computer networks. In this case, the use of laptops as some of the network’s entities create vulnerability, based on their mobile nature, and the handy Ethernet cable they use to access the network. Malicious code running in the laptops background can easily get into the network replicating itself and attacking other network entities (Red Hat Linux, 2011).
Wireless access points in a network are naturally insecure regardless of the encryption protocol used. They provide immediate connectivity to persons within the networks proximity thus providing a platform for attack on the network (Manky, 2010).
A poorly encrypted network service allows attackers eavesdropping, on a network, to read information on transit through the network. It is thus easy to lose data via snooping implication the proprietary rights of the gaming software on the company’s network.
Most old systems do not conceal passwords and usernames while on transit for authentication. Attackers can gain access though password-based attacks, thereby gaining rights to the network. This way, they can launch attacks from within the system, destroy or steal information. Client details, for example, their credit card numbers, may be lost, creating cost implications on the company
Potential intruders may use employee laptops to attack the network by installing malicious code when they are away from the office. This way, when employees get to the workplace and plug into the network, the malicious code can infiltrate the system and thus the attacker can gain access.
Wireless access points have been known to be an easy access point for hackers. For example, TJ Stores that own TJMaxx and Marshalls was attacked via a wireless access point by wardrivers, eventually costing them up to $500 million resulting from theft of client data (Manky, 2010).
Manky, D., (2010). Top 10 Vulnerabilities Inside the Network. Network World. Retrieved from http://www.networkworld.com/news/tech/2010/110810-network-vulnerabilities.html?page=2
Microsoft (2013). Common Types of Network Attacks. Technet. Retrieved from http://technet.microsoft.com/en-us/library/cc959354.aspx
Red Hat Linux (2011). Attackers and Vulnerabilities. Red Hat Enterprise Linux Deployment Guide.
Retrieved from http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-risk.html
Time is precious
don’t waste it!