ISSC362 IT Security: Attack and Defense| Modern Day Attack

External Firewall Attacks

Some of the most common external firewall attacks are the port scan, flooding of network traffic, malformed network packages, fragmentation attacks, IP Spoofing. Port scan occurs when the cyber attacker tries to ascertain the UDP ports that are open on a computer system. The attackers basically scan the system of the potential victim to identify the active ports. According to Jeon et al (2016), the firewall must be effective and robust to notice the unusual behavior as the remote computer must not connect to more than a certain number of ports at a time (Jeon et al., 2016). In case of the network traffic attack, the special programs known as ‘flooders’ send hundreds or thousands of ‘legitimate network packets’ to a computer system which can cause the Denial of Service attack. This gives the chance to the unauthorized users to bypass the firewall and gain control of the victim’s computer.

As per Locasto et al (2017), the IP fragmentation attack is also known as the teardrop attack where the cyber attacker overbears the network by exploiting the datagram fragmentation model. This particular attack can be in various forms (Locasto et al., 2017). The fundamental objective of the attack is to take advantage of the vulnerability of the operating system (ip fragmentation attack teardrop, 2018). The IP spoofing takes place when the rogue cyber intruders send their traffic with the IP addresses that makes it appear as though the packet has originated from inside the firewall. Due to this misrepresentation, the attackers get the access to compromise the infected machines and attack new computer systems in the process.

Internal Firewall Attacks

On most of the occasions, business organizations do not give the due importance to the internal firewall attacks that have become common these days such as the fraud, misuse of the confidential information, etc. According to Minoli & Kouns (2016), the internal network basically connects the internal server with the internal users (Minoli & Kouns, 2016). The internal attacks arise when the internal users could misuse the sensitive information of the firm. The internal participants who could compromise the security system could be the employees, vendors, customers and contractors. The fundamental objectives of these attackers are to gain financially or affect the reputation of the organization.

Vulnerabilities of Virtual Private Network

The virtual private network that is used by organizations to strengthen their cyber security model is exposed to a number of attacks and threats. Since the users use the network to pass data and information by using shared networks, the VPN is exposed to a high degree of external threats. Some of the most common attacks on the network are the session hijacks, spoofing, ‘man in the middle’ and viruses (Nobori & Shinjo, 2014).

The session hijacks take place when the cyber hackers observe the potential client’s authentication model with the server. They try to steal the IP addresses, the sequence figures and other details. When the client establishes a connection with the server, the hackers start attacking. In case the VPN has a weak and flawed security model, then the hacker could get into the session and it could get hacked. Spoofing is considered to be one of the toughest attacks or threats that can be prevented (Patel& Kumar, 2015). The cyber attackers use tools and techniques so that they can get their identity information by spoofing through IPs. It increases the vulnerability of the private network of the potential victim. The viruses can affect any computer system. They are basically designed for the purpose of stealing the identity-based information of the clients and share it with the intruders (Prabhakar, 2017). These intruders simply utilize these acquired identification details for the purpose of stealing the VPN sessions. The “Man in the Middle” attack occurs when the attackers try to establish the connection with the potential victim’s computer instead of establishing it with the server. These hackers basically intercept the communication model that exists between the victim and the server to gain unauthorized access in the process.

Technological Context

In the current times, Ranathunga et al said that the various kinds of cyber-attacks that the firewalls and VPNs are exposed to increase their overall vulnerability in the process. The security threats that have been highlighted need to be carefully handled by the authorized users or else it could totally compromise the firewall r the VPN technology (Ranathunga et al., 2016). In order to effectively and efficiently manage the key cyber security risk that arises in the process there is need to design a careful technological blueprint that can help to single point the point of failure or threat, support and strengthen the protection model, eliminate the false sense of security, remove the weak encryptions and thus point out the latency risks in the process.

It is necessary to take into consideration the core technological aspects that are involved in the firewall or the VPN model. Some of the main firewall or VPN technological standards that must be considered include the open architecture, the packet filtration, the auditing strengths and capabilities, the access control model, the logging capabilities, the intrusion detection mechanism, the security back-up, the security tunneling model and the real-time monitoring of the traffic on the network (Rawat & Sharma, 2016).

The firewall can be implemented as software and as hardware or a combination of both of these components based on the requirement of the user. This security model can be categorized into various types based on the processing type such as the packet-filtering firewall, application gateway firewall and circuit gateways. The packet-filtering firewall basically breaks the network traffic into packets. Each packet need to hold at least 2 addresses i.e. the address of the sender and the receiver. The application gateway firewall filters the incoming ‘traffic ion the node’ to specific specifications so that only the transmitted network application data is ultimately filtered. It strengths the communication model of the network system. The circuit gateways sustains on the transport layer that is linked with guaranteed delivery of the packets (Saher, Pathak & Elgarhy, 2017).

The Virtual Private Network basically strengths the security and privacy element of the network by establishing the data transition across the network. The VPN uses the advanced encryption protocol and verifies the tunneling model to securely enclose the entire online data transfer model (Tandon & Parimal, 2018). These are 3 kinds of VPN accessible in the technological market namely the Internet Protocol Security (IPSec), the Point to Point Tunneling Protocol (PPTP), the Layer 2 tunneling protocol (L2TP) and SSL Virtual Private Network.

Future Trends

In the dynamic technological context, the firewall and VPN technological models are undergoing rapid change so that the cyber attackers can get limited chance to bypass the security system. The networks are rapidly evolving so that the attacks can be effectively tackled and the accessibility to the unauthorized participants can be restricted in the best possible manner (Trabelsi et al., 2017). The firewalls have evolved since the past decade. The packet filter had started the firewall trend which led the path for proxy firewalling, stateful inspection model, the unified threat management and the Next-generation firewall (NGFW). Currently, the firewall scenario is experiencing dynamic changes since most of the firms that work in the dynamic market context place the technology as the very foundation of the security architecture organizations. In the future, the new enterprise firewalls could strengthen the security fabric by upgrading the unified approach of the operating system. These security models are carefully designed keeping in mind the current attacks that are being carried out on the online platform.

The VPN model can be termed as the blanket that covers the various computer protocols that are used for the purpose of strengthening the security of the network. In the future, the utility of the VPNs security model could experience a fundamental shift so that it can strengthen the privacy of the authentic users. The VPNs and firewall could work together in order to improve the overall network security model (Yousefi et al., 2017).

Global Implications of the modern day attack against Firewall and VPNs

The various attacks that are taking place against the firewalls and VPNs have an implication at the global level. These attacks not only adversely affect the financial performance, the strategic model and the operational efficiency of business undertakings but they also expose the sensitive and confidential data relating to millions of common people. The poor designing, implementation and execution of the firewalls and VPNs can act as the major threat within the technological setting of the business organization (Yousefi et al., 2017). The high degree of vulnerability in the virtual context has forced the IT professionals and experts to join their hands together and strengthen the effectiveness of the “Internet-connected devises” so that the unauthorized operations can be effectively tackled and managed in the process.

In order to minimize the adverse implication of the various kinds of attacks on the firewalls and the VPNs, the main principle that is guiding the IT experts is the confidentiality, integrity and availability (CIA). These aspects are acting as guidelines that need to be taken into consideration before implementing the cyber security model in a large scale. The classic definition of security is acting as a major framework that is guiding business entities and organizations to build a robust online security system that can keep the unauthorized users at bay and thus strengthen the internal security model if the technological infrastructure (Saher, Pathak & Elgarhy, 2017). Thus in order to minimize and control the adverse global Implications of the modern day attacks against Firewall and VPNs, the main focus is on protecting the network traffic by managing the anonymity and trust, managing the network protection model strengthening the Internet of Things (IoT) and protecting the station inside the private network.

Conclusion

With the evolution in the technological context, the different kinds of attacks that the firewalls and VPNs are facing have also changed. The hackers are trying new and innovative techniques in order to compromise the systems and networks of the vulnerable users. The attacks can arise from the external setting as well as the internal setting. Thus there is the necessity to carefully design the security model by streamlining the technological; components. Such a careful and tactful approach can empower the legitimate users and minimize the scope for the cyber attackers to get unauthorized access into the computer system or the network of a client. The main threats that are faced in the current times by the firewalls and VPNs have been highlighted in the report. The organizations that adopt these security models must regularly upgrade the technological components of these cyber security models so that they can keep a tab on any unusual behavior and thus mitigate the risk and threat in the process.

References

Banerjee, M., Lee, J., & Choo, K. K. R. (2017). A blockchain future to Internet of Things security: A position paper. Digital Communications and Networks.

Byrne, D.J., (2015). Cyber-attack methods, why they work on us, and what to do. In AIAA SPACE 2015 Conference and Exposition (p. 4576).

Biswas, B., Pal, S., & Mukhopadhyay, A. (2016). AVICS-Eco framework: An approach to attack prediction and vulnerability assessment in a cyber Ecosystem.

Jeon, K. S., Sung, J. H., Lee, M. W., Song, H. Y., Shin, H. Y., Park, W. H., ... & Ko, D. H. (2016). A study of piezoelectric field related strain difference in GaN-based blue light-emitting diodes grown on silicon (111) and sapphire substrates. Journal of nanoscience and nanotechnology, 16(2), 1798-1801.

Locasto, M. E., Stolfo, S. J., Keromytis, A. D., & Wang, K. (2016). U.S. Patent No. 9,338,174. Washington, DC: U.S. Patent and Trademark Office.

Minoli, D., & Kouns, J. (2016). Security in an IPv6 environment. CRC Press.

Nobori, D., & Shinjo, Y. (2014, April). VPN Gate: A Volunteer-Organized Public VPN Relay System with Blocking Resistance for Bypassing Government Censorship Firewalls. In NSDI (pp. 229-241).

Patel, K.P. and Kumar, N., Cisco Technology Inc, 2015. Efficient generation of VPN-based BGP updates. U.S. Patent 8,995,446.

Prabhakar, S. (2017). Network Security In Digitalization: Attacks And Defence.

Ranathunga, D., Roughan, M., Nguyen, H., Kernick, P., & Falkner, N. (2016). Case studies of scada firewall configurations and the implications for best practices. IEEE Transactions on Network and Service Management, 13(4), 871-884.

Rawat, D. B., & Sharma, N. (2016, March). Wireless network virtualization for enhancing security: Status, challenges and perspectives. In SoutheastCon, 2016 (pp. 1-8). IEEE.

Saher, M., Pathak, J., & Elgarhy, A. (2017). U.S. Patent Application No. 15/346,358.

Tandon, D., & Parimal, P. (2018). A Case Study on Security Recommendations for a Global Organization. Journal of Computer and Communications, 6(03), 128.

Trabelsi, Z., Al Matrooshi, M., Al Bairaq, S., Ibrahim, W., & Masud, M. M. (2017). Android based mobile apps for information security hands-on education. Education and Information Technologies, 22(1), 125-144.

Yousefi, M., Mtetwa, N., Zhang, Y., & Tianfield, H. (2017, July). A novel approach for analysis of attack graph. In Intelligence and Security Informatics (ISI), 2017 IEEE International Conference on (pp. 7-12). IEEE.