Network Security

TEC 101: Foundations of Information Technology & Literacy, week four We discuss the value of information and system security for both people and organizations in week four. What kind(s) of attacks can be carried out utilizing ping commands.Moreover, choose out two specific computer security issues for a more in-depth discussion. Why are computers vulnerable to each type of threat? Provide examples of the signs and harm that each breach might cause after hacking a system. 

I was unable to understand this part of the assignment from the reading, therefore I had to research the subject more because I was unfamiliar with the several types of attract that might be used for ping commands. The Ping of Death immediately comes to mind. A Ping of Death occurs when "an attacker destroys, destabilizes, or freezes systems or services by attacking them with larger data packets," according to a Fortinet post. This type of denial-of-service attack often focuses on and exploits historical vulnerabilities that businesses may have patched.(Fortinet, 2022)The good news is that this attack is limited to unpatched systems and systems that most often exploit legacy flaws that may have been patched in target systems. However, according to another blog, many websites completely block ICMP ping communications at their firewalls in order to prevent Ping of Death assaults and its variants. However there are still utilities that utilize ping to verify that connections are active, this strategy is not long-term feasible because limiting ping signals prevents valid ping use.  (Imperva, 2021)

Phishing and social engineering, which go hand in hand because Phishing falls under social engineering and is a sort of social engineering, are the two computer security occurrences I will go over in detail.

Phishing

“Phishing is a type of Internet scam that tempts users into divulging private information like passwords or credit card numbers, according to chapter 8. The word comes from "fishing," which involves putting out bait and waiting for a fish to bite.” (Vahid, F., & Lysecky, S., 2019) The most common form of social engineering is phishing since it is simpler to trick individuals and those who don't pay attention to the small details or warning signs. The purpose of phishing scams is to terrify or pressure the victim into making a hasty decision because the attacker is pressuring you to do so.

Social engineering

Malicious activities should be carried out through human interactions as mentioned in the Imperva blog. It uses psychological trickery to deceive users into divulging critical information or breaking security rules. (2021, Imperva) Many forms of social engineering exist. Baiting, scareware, and phishing are only a few examples of social engineering, which is simply a board term. 

Phishing: When the attacker sends the victim or target an email link or pop-up message that contains ransomware or malware that could grant the attacker access and control, computers are exposed to this threat.

Social engineering: Social engineering has a greater impact because victim information is used and compromised, however some computer systems may also be impacted by software and operating system weaknesses. The goal of a social engineering attack is to coerce the victim into providing private and sensitive information so that the attacker can use it to access or hack the system.

Phishing:The trustworthy element is used by phishing to make victims fall for it more easily. Phishing can cause the corporation, person, or business to lose sensitive information to an unauthorized third party, which could be harmful to the target. It might cause the target to lose money or place them in a position where the information might be utilized unlawfully. Because of this, phishing harms you by collecting information and installing malicious software that can lock up your data or be used as ransomware.

Social engineering: After gaining the victim's confidence, the attacker exploits that information as a point of entry into the system. The attacker would next search for weak points of entry and lax security protocols necessary to carry out the attack, according to the Imperva blog. The attacker next makes an effort to win over the victim's trust and offer incentives for later security-breaking activities, such disclosing confidential information or allowing access to essential assets.(Imperva, 2021) Such damages could include extortion threats by the attacker to expose private information if money is not paid or the attacker taking down the system and stopping all operations.

Phishing: Using the company's multiple authentication or, I believe Microsoft has one as well, which would grant users access to your thing with a one-time text or code, is one of two recommendations to protect against phishing attacks. This makes it more difficult for hackers to obtain your password and other information. The alternative suggestion would be to just avoid opening emails and attachments from unreliable sources and to always verify the sender and source. Go over the email for typos or digits that could pass for letters. Alter the settings on your spam filter as well.

Social engineering: My first recommendation is that businesses hold or host staff cybersecurity awareness training/classes once a year to help and keep it current for everyone. This will help safeguard employees from social engineering. Maintaining the antivirus/antimalware software's updates is my second recommendation. Don't use the same password more than once and change it every six months.

References

Fortinet. (2022, March 8). Ping of death. https://www.fortinet.com/resources/cyberglossary/ping-of-death

Imperva. (2021, August 8). Ping of Death (POD). https://www.imperva.com/learn/ddos/ping-of-death/. https://www.imperva.com/learn/ddos/ping-of-death/#:~:text=What%20is%20a%20ping%20of,using%20a%20simple%20ping%20command

Social Engineering. (2021, May 5). imperva. https://www.imperva.com/learn/application-security/social-engineering-attack/#:~:text=Social%20engineering%20is%20the%20term,or%20giving%20away%20sensitive%20information

Vahid, F., & Lysecky, S. (2019). Computing technology for all. zyBooks.