Cybersecurity is becoming more of a common tongue term in today’s industry. It is being passed around the executive meetings along with financial information and projected marketing strategies. Here are some common attack vectors plaguing the industry when it comes to network infrastructure. It does not really matter the infrastructure type you have. If there is value to the data you are transferring within, someone wants to get it.

1. Reconnaissance Attacks

Reconnaissance attacks are general knowledge gathering attacks. These attacks can happen in both logical and physical approaches. Whether the information is gathered via probing the network or through social engineering and physical surveillance, these attacks can be preventable as well.  Some common examples of reconnaissance attacks include packet sniffing, ping sweeping, port scanning, phishing, social engineering and internet information queries. We can examine these further by breaking them into the two categories of logical and physical.

Logical Reconnaissance refers to anything that is done in the digital spectrum and doesn’t require a human on the other side to complete the reconnaissance attack. Ping sweeps and port scans, for example, are two methods of discovering both if the system is there and what it is looking for on the network. An example of a return on a port scan would be discovering that an IP address was listening on port 443 for HTTPS traffic. That allows the hacker to know that they can attempt exploitation geared towards HTTPS.

Additionally, here we see information queries over the internet. These are sometimes called whois queries. All domains registered to independent companies belong to a domain provider somewhere, as regulation of these domains must occur. The problem is like patenting a product name where company A wants to use a specified domain and company B already owns that (Read more...)