Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Laurent LEVIER: Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Internal Network Security Officer, Equant Télécommunications
INTRODUCTION
The concept of the computer network has been around since the 1980s. Initially, these were local area networks (LANs) with speeds of 10 Mbits/s, which was high-speed at the time, and then evolved to exceed gigabit per second. The first protocols used on these networks, often Ethernet and Token Ring, were non-routable, such as Netbeui or IPX. These networks then evolved to larger sizes (MAN or WAN), often persisting with non-routable protocols or using the first routable office protocols such as IPX/SPX.
Back in the day, computer network security wasn't a real concern for everyone, since hacking was mainly carried out on telephone networks ("phreaking").
With the advent of the Internet network came the popularization of computing for the general public. It became possible for everyone to access the Internet and the mass of information it contains. It also saw the emergence of the routing protocol TCP/IP, which is now the most widely used both on the Internet and in private corporate and individual networks. As the Internet opened up to the world, companies were forced to connect to this network to take advantage of this global showcase. Unfortunately, while the Internet has brought about a tremendous revolution in computing and the global circulation of information, it has also made available to ill-intentioned individuals new ways of illegally accessing private data, whether within a company or on a private individual's premises, and this with far less risk since there is no physical intrusion.
A company needs to be connected to the Internet in order to exploit its wealth of information. As a result, it becomes possible for anyone on the Internet to access the company's resources if it has not put in place appropriate safeguards.
At the same time, other network technologies, such as wireless, have come into being. At first glance, this seems like a step forward for users, who can finally free themselves from the constraints of a wired connection. But if we focus on the security aspects of this development, it actually represents a step backwards if not used intelligently, as it becomes possible to access a private network without being physically connected to it.
Last but not least, all these technologies always contain some kind of design or configuration error. These errors are usually published on the Internet before they are corrected, enabling ill-intentioned people to exploit them to penetrate private networks connected to the Internet.
These people, who we'll simply call intruders or hackers, then need to know more about the network they intend to attack, and to do this they go through a series of steps, using different techniques depending on the profile of...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Network attacks
Bibliography
Requests For Comments
Standard
- Information Technology – Telecommunications and information exchange between systems – Local and metropolitan networks – Common specifications – Part 3: Media access control bridges - ISO/IEC 15802-3 - 1998
Website
The Unofficial 802.11 Security Web Page http://www.drizzle.com/~aboba/IEEE
Tools
Taranis http://www.bitland.net/taranis
WEPCrack http://wepcrack.sourceforge.net
Macof http://security.royans.net/info/rawip/code/macof.shtml
...Organizations
Lawrence Berkeley National Laboratory's Network Research Group http://www-nrg.ee.lbl.gov
Computer Emergency Response Team – Industrie Services et Tertiaire (CERT-IST) http://www.cert-ist.com
Internet Assigned Numbers Authority (IANA)...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference