HOW TO PREVENT INTRUSION ATTEMPTS IN NETWORKS

Intro

In today’s world where humanity is veering towards digitization, the protection of digital data becomes the utmost priority. Almost all the industries, sectors, and lines of work have a digital presence either through social media or a website. While the digital world seems to be running smoothly, Network intrusion enters the picture and disrupts the digital peace by jeopardizing the security of the networks and stealing valuable information and data from the encroached network. So as to detect intrusions or intrusion attempts and protect the network resources and data, cyber-security plays a pivotal role in thwarting such intrusion attempts. It is a constant tussle between the cyber-security personnel and the intruders or hackers, and viewing the situation in a different light, it is almost a test of skills for both sides and a layman will easily topple against such intrusion without a cyber-security professional beside him.

We need to be more attuned to the corollary of such intrusions and should have a brief idea about the various intrusion stratagems and Network intrusions per se. Network intrusions are at an all-time high as the majority of businesses and industries are digitized in our contemporary world and a multiplicity of laws have also been enacted in various nations across the globe including India.

Problem

Any company that has an internet connection is vulnerable to network intruders. Blocking services you don’t need at your network’s entry point (through a network firewall) or on your machine is the best approach to stop them (by a personal firewall). An intruder, on the other hand, may try to break in by using services you use regularly, such as online surfing or email. In this instance, an intrusion prevention system (IPS) is required to prevent unauthorized access.

The cost of a data breach is increasing. According to a recent IBM report, the average cost of a data breach has increased by 12% in the last five years, reaching $3.92 million per event. Furthermore, data breaches resulting from hostile digital assaults were both the most prevalent and the most expensive sorts of security events, according to this report. The cost of these sorts of breaches was $4.45 million per event, roughly one million dollars higher than the cost of a breach caused by a system flaw or human error.

Here are 6 phases through which the attacker initiates and executes a network intrusion:

In the first phase, the attacker studies the type of network they are looking to intrude trying to understand the functionalities of the network and finding vulnerabilities to exploit. A lot of research is generally done in the process.

In the second phase, the hackers seek an initial exploitation route to obtain access to their target’s network. Spear-phishing, water-holding attacks, leveraging a known CVE vulnerability, or SQL injection are common examples of this phase.

In the third phase, attackers that succeed in gaining initial exploitation want to stay in the network for a long time. They usually accomplish this through increasing privileges, locating Run Keys, or gaining access to scripts.

In the fourth phase, the hackers are certain that they can remain undetected on a network; they may begin their nefarious activity by installing tools. Attackers frequently start with simple tools and work their way up to heavier, more complicated scripts and programs that do the “real” job.

In the fifth phase, the hacker starts moving laterally in and around the network to look for what they are really after.

In the sixth phase, the attacker completely controls their target and all they need to do is look at what they are after and leave the network undetected.

Moving on there is a number of ways through which attackers tend to intrude on the networks:

1. Stolen data: Attackers generally utilize the existing data, devices and processes, and stolen credentials when compromising networks. These devices like operating system utilities, business productivity software, and scripting languages do not tend to pop up on the radar as malware and have very legitimate usage as well. In reality, in the majority of the situations; the use is justified by business, allowing an attacker to blend in.

2. Absence of a single route: If a network allows for asymmetric routing, attackers will frequently use numerous routes to get access to the targeted device or network. By having a substantial fraction of suspicious packets transit particular network segments and any relevant network intrusion systems, they can avoid being noticed.

3. Buffer overwriting: Attackers can substitute regular data in specified parts of computer memory on a network device with a barrage of commands that can subsequently be utilized as a part of a network incursion by overwriting certain memory locations. If boundary-checking logic is introduced and executable code or malicious strings are recognized before they can be put to the buffer, this attack approach becomes much more difficult to execute.

4. Protocol attacks: Protocols like ARP, IP, TCP, UDP, ICMP, and many application protocols might leave network breaches exposed accidentally. For example, attackers frequently mimic protocols or spoof protocol messages in order to undertake man-in-the-middle attacks and get access to data they wouldn’t otherwise have, or to crash targeted devices on a network.

5. Flooding: Attackers can cause chaos and congestion in network settings by producing traffic loads that are too enormous for systems to fully filter, allowing them to carry out assaults without being discovered.

There are multifarious known and unknown techniques through which attackers indulge in network intrusions. After the completion of such intrusions the attackers initiate the cover-up process:

1. Deletion of Logs: Attackers can make it virtually hard to figure out where and what they’ve accessed by erasing access records (that is, without enlisting the help of an extensive cyber forensics team). Regular log reviews and centralised logging can assist mitigate this issue by preventing attackers from tampering with logs of any type or location.

2. Use of encryption: One of the simplest strategies attackers may use to mask their movements from network-based detections is to encrypt data taken from an organization’s network environment (or just cloak any outgoing traffic so it seems normal).

3. Use of Root-kits: Root-kits, or software that allows unauthorized users to obtain control of a network without being noticed, is especially successful at hiding attackers’ footprints since they allow them to explore and exploit systems at their leisure.

Solution

Detection and Prevention of Network intrusion

The IPS are generally installed immediately behind the firewall and act as a second layer of inspection, filtering out potentially harmful information. Unlike its predecessor, the Intrusion Detection System (IDS), which is a passive system that analyses traffic and alerts threats, the IPS is installed inline (directly between source and destination), actively evaluating and taking automatic actions on all traffic flows that enter the network. These activities are more specific: An alarm is sent to the administrator (as would be seen in an IDS) Getting rid of the harmful packets traffic from the source address is blocked. Re-establishing the link to avoid decreasing network performance, the IPS must function efficiently as an inline security component. It must also be quick because exploits might occur in real-time. In order to reduce threats and false positives, the IPS must detect and respond properly (legitimate packets misread as threats).

Unified Threat Management (UTM) from Seqrite is a one-stop-shop for all business security needs, with intrusion detection and prevention included as standard.

The built-in IDS and IPS components of UTM keep businesses safe by Real-time threat monitoring, evaluation, and detection Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks must be avoided.

Keeping attackers from discovering open ports Seqrite UTM’s IPS functions as a security barrier against unauthorized network intrusions and prevents a wide range of DoS and DDoS assaults from gaining access to your network. This level of security may benefit a company in a number of ways, including; providing a quick picture of network security within the network, enterprise assets are protected. Triggers are set off when a suspected breach or activity in the network is detected. An integrated approach to intrusion prevention Seqrite’s Unified Threat Management System, in addition to its strong Intrusion Prevention System,

There are a number of methods and systems to prevent network intrusions:

1. NIPS (network-based intrusion prevention system): It analyses protocol behavior to monitor the whole network for suspicious traffic.

2. Wireless intrusion prevention system (WIPS): It analyses wireless networking protocols to monitor a wireless network for suspicious traffic.

3. Network Behavior analysis (NBA) analyses network data to identify threats that cause anomalous traffic patterns, such as distributed denial of service assaults, certain types of malware, and policy breaches.

4. HIPS stands for host-based intrusion prevention system. It’s a built-in software package that monitors a single host for suspicious behavior by examining events that take place on that host.

Case

The Bangladesh Bank robbery, sometimes known as the Bangladesh Bank cyber heist, was a theft that occurred in February 2016. Security hackers used the SWIFT network to send 35 bogus orders to transfer over $1 billion from a Federal Reserve Bank of New York account belonging to Bangladesh Bank, the country’s national bank. Five of the thirty-five forged orders were successful in moving US$101 million, with US$20 million going to Sri Lanka and US$81 million going to the Philippines. Due to suspicions prompted by a misspelled command, the Federal Reserve Bank of New York denied the remaining thirty transactions, totaling US$850 million.

Since then, all of the money sent to Sri Lanka has been retrieved. However, only around $18 million of the $81 million sent to the Philippines has been retrieved as of 2018.

The majority of the money sent to the Philippines ended up in four personal accounts controlled by single people, rather than firms or corporations.

Conclusion

Network Intrusions are going to pose an even greater threat in the times to come and corporations, governments, and individuals need to become more vigilant about their digital data and networks. As the attackers perpetually invent and discover new methods to intrude and break into the system, the defenders should simultaneously tackle such attacks and intrusions and strive to build a robust security system consisting of both prevention and detection functionalities. Network protection will be of utmost importance in times to come if it is not already the most important component in the virtual world.

References

i. IBM Study Shows Data Breach Costs are on the Rise (tripwire.com)

ii. 6 Stages of Network Intrusion and How to Defend Against Them (tripwire.com)

iii. Network Intrusion Definition & Examples | Awake Security