Network Security

Network Security

            As most of our communications and actions continue to venture online, privacy and security is an important topic to regularly think about.  Keeping the information that one puts in their personal network and outside of their personal network secure as possible is good practice for users of today’s computers.  This can be done by having knowledge of what threats are out there and what others can do to get access to this information.  Organizations and individuals need to be cautious of how vulnerable their information and system can be to outside threats and protect them with their best foot forward.

            We use computers for different activities in our lives.  In the first quarter of 2018, “U.S. adults spent three hours and 48 minutes a day on computers, tablets and smartphones” (Fottrell, 2018).  Having a stable knowledge of how to protect this time from security breaches is important.  A security breach is a case of unauthorized computer access to a person’s private email or social media (Vahid & Lysecky, 2017).  We do things on our computers in our free time and for work that we would like to be only seen by authorized individuals.  When a company’s system is compromised for by a security breach it is possible for the company to lose money in hidden cost such as loss of business, impact on negative on reputation, and employee time spent in recovery.  The financial damage caused by a data breach now cost companies an average of $3.86 billion a year (Weisbaum, 2018). 

            Today there are many different types of attacks that can be executed, and the use of the ping command is one of them.  “The ping command is a Command Prompt command used to test the ability of the source computer to reach a specified destination computer” (Fisher, 2019).  Using the ping command many hackers like to execute the attack known as denial of service.  A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server.  Unlike other kinds of cyberattacks, DDoS assaults don’t attempt to breach your security perimeter. Rather, they aim to make your website and servers unavailable to legitimate users. DDoS can also be used as a smokescreen for other malicious activities and to take down security appliances, breaching the target’s security perimeter.

The Ping of death (PoD) attack is attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.  While PoD attacks exploit legacy weaknesses, which may have been patched in target systems. However, in an unpatched system, the attack is still relevant and dangerous. Recently, a new type of PoD attack has become popular. This attack, commonly known as a Ping flood, the targeted system is hit with ICMP packets sent rapidly via ping without waiting for replies. To avoid Ping of Death attacks, and its variants, many sites block ICMP ping messages altogether at their firewalls. However, this approach is not viable in the long term (n.d.). 

Computer systems are vulnerable to many different security threats.  “On-line systems and telecommunications are especially vulnerable because data and files can be immediately and directly accessed through computer terminals or at points in the telecommunications network” (Laudon & Laudon, 2007).  Computers have security holes and vulnerably but human interaction through social engineering and phishing has become popular.  According to a 2018 study, 17 percent of people fall victim to social engineering attacks and 83 percent of all companies have reported that they experienced phishing attacks (Lopez, 2019). 

Social engineering entails tricking people into giving their confidential information or manipulating them to do something.  There are many types of social engineering attacks with email spam and phishing being a couple examples.  Phishing is typically done when someone is manipulated to login to a site such as their banking account.  This is typically done by a fake email sent to the victim asking them log into the fake online banking account, the attacker then has access to the information needed to access the real account.  People are vulnerable to phishing attacks because phishing emails and websites are well put together to look identical to the real bank.  When the phishing attack is executed, the individual can see money come out of their bank account unexpectedly.  A way for people to not be victims of phishing is by not opening links in emails and be cautious of all communications received. 

Social engineering manipulation has been around for a long time, but it is still a way an attacker uses to get important information.  Employees at a company can receive e-mails from attackers acting like a potential customer or current employees.  The emails may come through an exact email of a supervisor asking for the password to the system as if they forgot the password.  The manipulation can give the attacker access to all the important documents and information in the company’s computer database.  If an employee is asked for important information such as a password, they should go directly to that person to give the password.  Businesses should do continuous education of potential social engineering attacks.  Spending a small amount of money for training of potential attacks can go a long way in the long term.

There are many ways for an attacker to access an individual or company’s private information.  As computer usage continues to increase and new attacks continue to be made, being cautious is a good first step to privacy protection.  Unauthorized access to private information can put stress on individuals mentally and financially on companies.