Practical TCP/IP and Ethernet Networking- P48: The transmitter encodes the information into a suitable form to be transmitted over the communications channel. The communications channel moves this signal as electromagnetic energy from the source to one or more destination receivers. The channel may convert this energy from one form to another, such as electrical to optical signals, whilst maintaining the integrity of the information so the recipient can understand the message sent by the transmitter | Security considerations 217 links between the parties in a communication are often not established in advance it is easy for one party to impersonate another party. There is a misconception that attacks on a network will always take place from the outside. This is as true of networks as it is true of governments. In recent times the growth in network size and complexity has increased the potential points of attack both from outside and from within. Without going into too much detail the following list attempts to give an idea of the magnitude of the threat experienced by intranets and extranets Unauthorized access by contractors or visitors to a company s computer system Access by authorized users employees or suppliers to unauthorized databases. For example an engineer might break into the Human Resources database to obtain confidential salary information Confidential information might be intercepted as it is being sent to an authorized user. A hacker might attach a network-sniffing device probe to the network or use sniffing software on his computer. While sniffers are normally used for network diagnostics they can also be used to intercept data coming over the network medium Users may share documents between geographically separated offices over the Internet or extranet or telecommuters users accessing the corporate intranet from their home computer via a dial-up connection can expose sensitive data as it is sent over the medium Electronic mail can be intercepted in transit or hackers can break into the mail server Here follows a list of some additional threats SYN flood attacks Fat ping attacks ping of death IP spoofing Malformed packet attacks TCP and UDP ACK storms Forged source address packets Packet fragmentation attacks Session hijacking Log overflow attacks SNMP attacks Log manipulation ICMP broadcast flooding Source routed packets Land attack ARP attacks Ghost routing attacks Sequence number prediction FTP bounce or port call attack Buffer overflows ICMP