Network security has become more important and the growing rate of network attacks together with hacker, cracker, and criminal enterprises are increasing, that impact to the availability, confidentiality, and integrity of vital information data. In order to understand and defend against network attacks, it is necessary to understand the kind of attack. This chapter focuses on the provisioning of a method for the analysis and categorization of both computer and network attacks, thus providing assistance in combating new attacks, improving computer and network security as well as providing consistency in language when describing attacks. Attacks are thus attempts by unauthorized individuals to access or modify information, to deceive the system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. During this chapter we tend to area unit providing the elucidation against black hole attack that relies on fuzzy rule in case study section.
TopBasic Security Concepts
It seems that every other day there is a story in the newspapers about a computer network being compromised by hackers. In fact, not too long ago the United States Department of Defense (DoD) was the victim of a successful hacker raid; hackers were able to penetrate DoD computers during a two-week period before they were detected. Fortunately, the computers contained only non-classified personnel and payroll information, so national security was not threatened. More recently, Yahoo, Amazon.com, eBay, and some other popular World Wide Web (WWW) sites were targets of what appears to have been a coordinated “denial-of-service” attack. During a three- or four-day period, the sites were overwhelmed with massive bombardments of false traffic from multiple sites. As a result, the sites were shut down for hours at a time. These attacks illustrate how pervasive the threat from outside hackers has become.
At the same time, every organization that uses computers faces the threat of hacking from individuals within the organization. Employees or former employees with malicious intent or who want to obtain information such as employee salaries or view other employee's files are also a threat to an organization's computers and networks. Computerworld recently ran a story about a programmer employee of a company who allegedly launched a denial-of-service attack against his own company, a provider of on-line stock trading services. Apparently, this programmer was in negotiations with the company for more compensation.
He became frustrated with the progress of the negotiations and decided to demonstrate to the company its vulnerability by launching an attack on its systems from the Internet. He was intimately familiar with the company's systems and software, and his inside knowledge enabled him to hit the firm in a manner that shut it down. In fact, the attack disrupted stock trading services at the company for three days. The U.S. Secret Service was eventually employed, and the attack was traced to the employee, who was subsequently arrested. Every organization should monitor its systems for possible unauthorized intrusion and other attacks. This needs to be part of the daily routine of every organization's IT unit, as it is essential to safeguarding a company's information assets.
The most reliable way to ensure the safety of a company's computers is to refrain from putting them on a network and to keep them behind locked doors. Unfortunately, however, that is not a very practical solution. Today, computers are most useful if they are networked together to share information and resources, and companies that put their computers on a network need to take some simple precautions to reduce the risk of unauthorized access. Every year, corporations, governments, and other organizations spend billions of dollars on expenditures related to network security. The rate at which these organizations are expending funds seems to be increasing. However, when companies need to find areas in which they can decrease spending, budget items such as security and business resumption planning have historically been some of the first to be cut.