Network+Layer+Risks+and+Prevention

= =
 * Network Layer Overview **

Packets are routed across networks by the IP Layer which is also known as the Network Layer. IPv4, Internet Protocol Version 4, is the key network layer protocol for TCP/IP. IPv6, ICMP and Internet Group Management Protocol (IGMP) are used often as well.


 * Network Security at the Network Layer (Layer 3:IP) **

 Security challenges arise in every layer of communication. The Network Layer (Layer 3 in the OSI Model) is particularly weak against Denial of Service attacks and privacy issues. Ip (Internet Protocol) is the most common protocol used in the network layer. Below is a list of the main security risks to the Network Layer pertaining to the IP.

Routing (RIP) attacks : RIP (Routing Information Protocol) is used to spread routing information within networks, such as shortest-paths, and offering routes from the local network. There is no built in authentication for RIP and the information given in a RIP packet is usually used without verification. Intruders can make RIP packets, with a poisoned host listed as the fastest path out of the LAN. Everything sent out from that network would route through the poisoned host, where they could be captured and altered.

CMP Attacks: ICMP is used to send one way information to a host. ICMP has no authentication, leading to denial of serive style attacks and allowing the interception of packets. Time Exceded and Destination Unreachable messages are often used in the denial of service attacks, both messages may result in an immediate drop of connection. By forging one of these messages and sending it to one of the hosts, their connection will be dropped.

P Spoofing: An attacker delivers messages to a host with an IP address other than it's own, tricking them into thinking that it's coming from a trusted host in order to get unauthorized access to the host. To spoof an IP, the hacker first has to utilize an array of techniques to obtain an IP address of a trusted host and then change the packet headers to make it look like the packets are coming from that host.

PING Flood (ICMP Flood) : PING flooding attacks are simple to set up and can be effective against a single host or small network. All the attacker needs is a fast internet connection and a couple hosts to send echo requests. Windows command line offers a PING utility where you can set the PING to continues flood and a size of 64kb of information which several computers sending this flood to one host ruins the host's internet connection.

Fragment Attack: This attack uses a program to create IP fragments that are repackaged incorrectly after they are received, and make the system freeze up. Many programs such as targa, SYNdrop, Boink and TearDrop are some options for making these type of fragments. Simply rebooting your system should remedy this.

Packet Sniffing: Some network applications use clear text in network packets so a packet sniffer can be used to gain sensitive information such as user names and passwords entered during login or by querying the target's database which is a serious privacy issue and may be used criminally.

Almost all of these attacks are successfully defended against by updating systems and through the use of two firewalls and a proxy server and hiding the hosts on the local network and the firewall on our router defending the DMZ areas as well.