ABSTRACT
The rise of the Information and Communication Technology (ICT) and especially of the Internet of things (IoT) introduces significant benefits in multiple aspects of the human ecosystem, such as health, energy, transport, and commerce. Despite the provided social and economic advances offered by this new reality, new cyber-security risks related to the network services arise. In particular, the heterogeneity of the various technologies and protocols generates a plethora of potential threats and vulnerabilities that can be exploited by cyber-attackers. Moreover, cyber-attackers adopt more sophisticated and stealthy tactics that can bypass the conventional cyber-security measures. This chapter is devoted to analyze the network-related threats, focusing on four primary threat categories, namely (a) Denial of Service (DoS), (b) routing attacks, (c) man-in-the-middle (MiTM) attacks, and (d) web-related attacks. The first category targets the availability of the systems, while the goal of the MiTM attacks is to violate the confidentiality, integrity, and authenticity. On the other side, the routing and web attacks can compromise all the aforementioned cyber-security principles by exploiting the vulnerabilities of the routing protocols and web services, respectively. The various kinds of each threat category are analyzed in detail, providing the necessary background and implementation details. Finally, particular examples are described for each of them, using well-known penetration testing tools.
