Network Security:
A DDoS or a Distributed Denial of Service
attack can be used to implement an attack with the ping command. This type of attack is generally targeted at
a service provider. With many service requests for ping responses, the servers
become unavailable or unresponsive to provide their intended services. Any system connected to the internet is
vulnerable to these attacks as long as they are configured to offer ping
responses, which many are. The
consequences of such attacks can be slow or nonexistent response times from the
servers. There are various types of attacks that can be done. Three common ICMP attacks are the Ping of
Death, Smurf, and Buffer Overflow attacks.
Our text suggests that “Defenses against DoS attacks include detecting
sources (like IP addresses) that are generating the attack and blocking
requests from those sources before those sources' requests reach the server,
such as blocking at a router” and also, “Companies may also contact law
enforcement (the FBI in the U.S.) to try to track down the perpetrator. Law
enforcement sometimes does track down the perpetrator” (Vahid,
& Lysecky, 2017).
In the world of computer security, security
holes/vulnerabilities are generally addressed with patching and updates. Computer viruses can be a nuisance, but we
can keep ourselves relatively safe from them with good antivirus software. Email spam is annoying, but in a work
environment, we can filter them out and, to some extent, on our personal email
as well. Spam is more of a nuisance than
anything else. Password cracking
requires much effort and time to accomplish; it is such a rarity we don't have
to worry in our daily lives about this one if we keep complex passwords and
change them every so often. This leaves us with phishing and social engineering
to discuss.
Phishing is an information-gathering technique
that comes in many forms. These are not
just limited to email but can also occur with social media communication and
posts through SMS, text messaging, and phone calls. Phishing is the easiest and most successful
tool in a hacker's tool kit. Once they
have the information they need, getting into systems or setting up fake
accounts becomes a simple task. Many of
these attempts send links in hopes that you will click on them and take you to
a site of their choosing. By navigating
to these nefarious locations, you can download viruses or be presented with
convincing forms asking you to fill in personal information. Stolen Identities, viral payloads, and unauthorized
system access are consequences of successful phishing expeditions. All systems are susceptible to this sort of
attack as humans and human nature are the targets. To avoid such scams, the NJCCIC recommends “never
clicking on links or opening attachments delivered with unexpected or
unsolicited emails, social media messages, or text messages. If you
accidentally do click on a suspicious link or visit a phishing website, do not
enter any personal information on the site and disconnect your device from the
network as soon as possible. Use your antivirus software to run a full scan of
your system” (NJCCIC. 2018).
Social engineering is related to phishing is very
non-technical as it is based around personal communication and gathering
information that can be used to steal information, identity, or get access to
systems. Social engineering is an
act of manipulating human trust to gain information and then use the
information for monetary gain (Hidayah
et al. 2020). Many people think of
hacking as a nefarious person behind a keyboard in a dark room with only the
glow of their monitor to illuminate their face.
More than likely, the hacker was the phone call from the friendly
technician who noted that your computer was running slowly. Once you allowed them remote access to speed
up your machine, you gave them access to all your data. They didn't have to hack. You let them in the
front door. Education and awareness are
the best defenses against these sorts of attacks. If we are aware of this type of attack, we will
naturally be careful about what information we divulge. Many of the same techniques that are used to
avoid falling for Phishing scams can be applied here as well. If we treat humans with the same suspicions
we do with emails, we will be much safer for it. Another form of social engineering is
referred to as dumpster diving. Dumpster
diving is the practice of collecting vulnerable information in trash bins,
looking for discarded notes and paper.
For this reason, sensitive information should be shredded or disposed of
securely to keep from being exploited.
In conclusion, we should take care and make
sure that our information is safe and take necessary precautions to keep from
falling victim to the hackers, scams, and schemes that are looking to exploit
our data and information.
References
NJCCIC. (2018). Don't Take the Bait! Phishing and Other
Social Engineering Attacks Retrieved from https://www.cyber.nj.gov/informational-report/dont-take-the-bait-phishing-and-other-social-engineering-attacks
Vahid, F., & Lysecky, S. (2017). Computing
technology for all. Retrieved from zybooks.zyante.com/
Comments
Post a Comment