1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

The Four Primary Types of Network Threats

The Four Primary Types of Network Threats

In an attempt to categorize threats both to understand them better and to help in planning ways to resist them, the following four categories are typically used.

  • Unstructured threats

  • Structured threats

  • Internal threats

  • External threats

Unstructured Threats

Unstructured threats often involve unfocused assaults on one or more network systems, often by individuals with limited or developing skills. The systems being attacked and infected are probably unknown to the perpetrator. These attacks are often the result of people with limited integrity and too much time on their hands. Malicious intent might or might not exist, but there is always indifference to the resulting damage caused to others.

The Internet has many sites where the curious can select program codes, such as a virus, worm, or Trojan horse, often with instructions that can be modified or redistributed as is. In all cases, these items are small programs written by a human being. They aren’t alive and they can’t evolve spontaneously from nothing. Some common terms to be aware of include the following:

Virus

A program capable of replicating with little or no user intervention, and the replicated programs also replicate.

Worm

A form of virus that spreads by creating duplicates of itself on other drives, systems, or networks. A worm working with an e-mail system can mail copies of itself to every address in the e-mail system address book. Code Red and Nimda are examples of high-profile worms that have caused significant damage in recent years.

Trojan horse

An apparently useful or amusing program, possibly a game or screensaver, but in the background it could be performing other tasks, such as deleting or changing data, or capturing passwords or keystrokes. A true Trojan horse isn’t technically a virus because it doesn’t replicate itself.

The person launching an unstructured attack is often referred to as a script kiddy because that person often lacks the skills to develop the threat themselves, but can pass it on anonymously (they think) and gain some perverse sense of satisfaction from the result. E-mail delivery methods have replaced “shared” game disks as the vehicle of choice for distributing this type of attack.

Note?

The term “script kiddy” is a common derogatory term and should be used with caution, if at all. Script kiddy is included here so you know what it means. Remember, the difference between an unstructured attack and a series of all-out denial-of-service attacks might be that the latter attacker is offended or angry.

Unstructured attacks involving code that reproduces itself and mails a copy to everyone in the person’s e-mail address book can easily circle the globe in a few hours, causing problems for networks and individuals all over the world. While the original intent might have been more thoughtless than malicious, the result can be a loss of user access while systems are being protected, a loss of reputation if the news that a company’s site has been attacked, or a loss of user freedoms as more-restrictive policies and practices are implemented to defend against additional attacks.

In some organizations, if the network is down, entire groups of people can’t do their jobs, so they’re either sent home or they sit and wait without pay because their income is tied to sales. So even if the hacker “thought” no one would be hurt, the result is often that they just beat some single parent or new hire out of a day’s pay.

Each of these results can be quantified in currency and often result in large numbers if and when the perpetrator is prosecuted.

Structured Threats

Structured threats are more focused by one or more individuals with higher-level skills actively working to compromise a system. The targeted system could have been detected through some random search process, or it might have been selected specifically. The attackers are typically knowledgeable about network designs, security, access procedures, and hacking tools, and they have the ability to create scripts or applications to further their objectives.

Structured attacks are more likely to be motivated by something other than curiosity or showing off to one’s peers. Greed, politics, racism (or any intolerance), or law enforcement (ironic) could all be motives behind the efforts. Crimes of all types where the payoff isn’t directly tied to the attack, such as identity theft or credit card information theft, are also motivations.

International terrorism and government-sponsored attacks on another country’s computer infrastructure are becoming well documented. Systems of interest might include utilities, public safety, transportation systems, financial systems, or defense systems, which are all managed by large data systems, each with vulnerabilities.

Internal Threats

Internal threats originate from individuals who have or have had authorized access to the network. This could be a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active. In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose.

Many surveys and studies show that internal attacks can be significant in both the number and the size of any losses. If dishonest employees steal inventory or petty cash, or set up elaborate paper-invoicing schemes, why wouldn’t they learn to use the computer systems to further their ambitions? With access to the right systems, a trusted employee can devastate an unsuspecting organization.

All too often, employers fail to prosecute this type of activity. The reasons range from fear of the activity becoming public knowledge to knowing that, quite often, record-keeping systems haven’t been developed either to provide adequate evidence or to prove that the transactions, no matter how ludicrous, weren’t authorized.

Note?

I was helping a dentist reconstruct a substantial loss by an office manager when we were all served with papers threatening all sorts of repercussions if we spoke to anyone, including the police, about the matter. Because less than three days had passed since the loss was inadvertently exposed, I was shocked at the coolness and speed of the reaction. After a little research, I found this was at least the third dentist in seven years who had been scammed by the same person. The bottom line is that the bonding company and the dentist came to terms, and I never heard another word about it.

External Threats

External threats are threats from individuals outside the organization, often using the Internet or dial-up access. These attackers don’t have authorized access to the systems.

In trying to categorize a specific threat, the result could possibly be a combination of two or more threats. The attack might be structured from an external source, but a serious crime might have one or more compromised employees on the inside actively furthering the endeavor.

STUDY TIP?

Be sure to know the four primary types of threats. They could appear on all four exams.



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Chapter 1: Understanding Network Security Threats
Identify the Need for Network Security
Identify the Causes of Network Security Problems
The Four Primary Types of Network Threats
The Four Primary Types of Network Attack
Cisco AVVID and SAFE Strategies
Cisco Security Wheel
Network Security Policy
Improving Network Security
Chapter Review
Chapter 2: Securing the Network
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Part IV: PIX Firewalls
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars