Network Security

-


            In this post, I will cover several topics including the importance of information and system security for both individuals and organizations, the types of attacks that can be executed using ping commands, computer viruses, and social engineering. I will also further explain how users are vulnerable to viruses and social engineering as well as the symptoms and damages each can impose. I will also recommend ways that users can help prevent and protect themselves from these types of breaches. 

For both individuals and organizations, having some type of information and system security is crucial. Without the implementation of a form of protection, individuals leave themselves vulnerable to having their personal information like bank account details, credit card information, social security number, identity, and other sensitive personal information stolen.

 As for organizations, the scale of a breach or cyber attack can have even larger implications where hundreds to millions of user’s information is accessed. Large organizations typically amass great storages of sensitive and confidential information including customer data and financial information, intellectual property, and patents. In the case that a large organization is attacked it can also disrupt system operations leading to extended downtime, loss of reputation/trust, and the loss of revenue.

Common types of executable ping attacks include ping flood, smurf, and ping of death attacks. A ping flood attack is a type of denial-of-service (DoS) attack in which the attacker exploits the IP layer protocol by sending a flood of ICMP echo requests that saturate the server disabling its ability to process legitimate user traffic causing it to become unresponsive or to potentially crash. (Mahjabin, T.) 

A smurf attack is a type of Distributed Denial of Service (DDoS) attack. Much like the ping flood attack, a smurf attack is intended to overwhelm a networks server, leaving it unresponsive to legitimate user traffic by sending a large number of ICMP echo requests. The main difference is that a smurf attack originates from multiple sources that appear to be legitimate making them more difficult to moderate.

Lastly, the ping of death, another type of (DoS) attack, is when a cyber attacker sends oversized ping packets to a targeted system with the intentions of overloading or crashing it. The maximum allowable bytes that can be processed is 65,535. If a packet contains more data than the maximum, the packet will cause a memory overflow error.

Computer viruses are a type of software program designed to replicate and spread from one computer to another.  A virus works by inserting or attaching itself to a program, file, or document with the goal of executing its code. When the viruses code is executed, it may either take control of the system, corrupt or destroy system data, or steal data within the system. (Johansen, A.)

Computer systems are vulnerable to viruses as they have many means of infiltrating a system. Viruses can be spread in various ways including vulnerabilities of operating systems, downloading of malicious software which can be disguised in the form of games or music, sharing a device with an infected network, and by using a tactic called social engineering which I will discuss later.

Two recommendations to protect users against computer viruses is to install antivirus software and use a firewall. By having antivirus software, your computer regularly scans for files with known malicious code patterns aka “signatures” and removes them from the system.  By having a firewall in place, incoming and outgoing packets of data are monitored and filtered. If the data follows a set of predefined criteria it is allowed. However, if the data does not meet the criteria it is blocked.

Social engineering is a tactic that uses psychological manipulation to influence or persuade individuals to disclose information that they otherwise wouldn’t share like passwords, credit card and banking information, social security numbers, etc. With this information, cybercriminals can wreak havoc on user’s credit and bank accounts leaving them in debt. Also, by accessing sensitive information, cyber criminals may damage the reputation of users and may also blackmail or publicly humiliate them.

 According to ISACA’s State of Security report, social engineering is the leading cause of network compromise today. (IBM) Often referred to as “human hacking, one’s system may become vulnerable or compromised for many reasons including having a lack of awareness of social engineering, users being to open or trustworthy with their data on the internet, weak passwords, outdated software, and often users leave their devices unattended. For example, leaving an account open on a public library computer leaves your information susceptible and accessible.

There are ways for users to better protect themselves from social engineering. It isn’t full proof, but the likely hood decreases significantly. The best way to protect yourself from this type of manipulative tactic is to educate yourself and know what to look for. By increasing your awareness of social engineering and understanding the strategies cybercriminals use, it is easier for users to identify these fraudulent attempts and avoid the exploitation of your information. Another way of reducing the likely hood of social engineering is to verify the source. It is a safe practice to call the known and legitimate source first and question the validity of the request. By doing this, it will also help the organization to inform its customers and associates of the fraudulent activity.

Comments

Post a Comment

Popular posts from this blog

Mobile App Critique : Pokémon GO!

-
Image
  The mobile app that I will be reviewing for this discussion is Pokémon Go. I will be covering the apps usability, design, and functoriality. I will also propose a way for the developers to improve the apps usability, design, and functoriality.   Created by Niantic in collaboration with Nintendo and The Pokémon Company, Pokémon Go was released July 6 th , 2016 as a continuation of the popular Pokémon gaming franchise. The purpose of Pokémon Go was to bring the world of Pokémon to life in new and innovative ways. Using GPS location and augmented reality, developers sought to create an immersive and interactive experience that allowed users to explore, socialize, and catch Pokémon in a real/virtual world through our smartphones.   Upon release, Pokémon Go became a worldwide sensation with approximately 232 million users at its peak.   Usability As an occasional player of Pokémon Go myself, I can say that the app is easy to use and has a naturally intuitive user ...
Read more

Java Installation and Object-Oriented Design Principles for Beginners

-
  Salutations fellow Techies, For those of you who are just beginning to explore the world of Java this is the post for you. This article will provide a brief historical overview of Java, its applications, features of object-oriented design principles, and installation guidance. History and Applications Originally developed by Sun Microsystems and later acquired by Oracle Corporation, Java has since become one of the most popular programming languages in the world. Java was originally released in 1995 and has since been used for a wide variety of applications including web, mobile applications, enterprise software, and scientific computing development. Java is an object-oriented programming language, meaning that it is based on the concept of objects and classes. The fundamental features which allow developers using Java to create maintainable, scalable, and reusable code are Encapsulation, Inheritance, Polymorphism, and Abstraction. Below, I will brief upon the purpose of ...
Read more

Week 5 Final Project: Blog Reflection Paper

-
  My experience building a blog In retrospect, I thoroughly enjoyed learning about blogs and creating my own for the first time. I’ve heard of them before, but I have never actively read, viewed, or been very attentive to them. However, spending more time creating one, I have a newfound appreciation for creating content using this format and I will surely continue making a few more of my own in the future. I think it would be a great opportunity to learn through research and networking. Plus, I may even be able to generate passive income from my content, create a sense of community, and possibly even come across career opportunities. Blog practices I incorporated using research The are many elements in my blogs design, aesthetic, and content flow that I have incorporated from the research I have done. Through research, I have developed a better understanding of the best practices to implement to further the chance of having a successful blog. Some of these elements I have incorpo...
Read more