Security Threats
Networks are subjected to a wide variety of attacks. These attacks include privilege escalation, access attempts, and many others. All of these attacks are defined as network threats and can be categorized according to two classifications:
- Structured versus unstructured
- Internal versus external
Using these classifications is helpful to better understand the threats themselves and how to deal with them.
Structured Threats
Structured threats are created by attackers who typically are highly motivated and technically competent. Such attackers may act alone or in small groups to understand, develop, and use sophisticated hacking techniques to bypass all security measures to penetrate unsuspecting enterprises. These groups or individuals may be involved with major fraud and theft cases reported to law enforcement agencies. Occasionally such attackers are hired by organized crime, industry competitors, or state-sponsored intelligence-collection organizations. Structured threat attackers may also fall into a relatively new categorization known as hacktivists, hackers who are motivated by seeking out a venue to express their political point of view. Structured threats represent the greatest danger to an organization or enterprise.
Unstructured Threats
Unstructured threats consist primarily of random attackers using various common tools, such as malicious shell scripts, password crackers, credit card number generators, and dialer daemons. Although attackers in this category may have malicious intent, many are more interested in the intellectual challenge of cracking safeguards than creating havoc. The attacks perpetrated by the attackers who fall under this category tend to be unfocused and relatively unsophisticated. If the security of the network is too strong for them to gain access, they may fall back to using a denial of service (DoS) as a last resort at saving face. Rarely are the individuals who fall into this category anything more than what is commonly termed a script kiddie. These types of attempts represent the bulk of Internet-based attacks.
Internal Threats
Internal threats are typically from disgruntled former or current employees. Internal threats can be structured or unstructured in nature. Structured internal threats represent an extreme danger to enterprise networks because the attacker already has access to the network. The focus of their efforts often is in the elevation of their privilege level from that of a user to an administrator. Although internal threats may seem more ominous than threats from external sources, security measures are available for mitigating the threats and responding when attacks occur.
External Threats
External threats consist of structured and unstructured threats originating from an external source. These threats can have malicious and destructive intent, such as denial of service (DoS), data theft, or distributed denial of service (DDoS), or can simply be errors that generate unexpected network behavior, such as the misconfiguration of the enterprise's Domain Name System (DNS), which results in all e-mail being delayed or returned to the sender.
