Information Security – Network Security
Network Ping Attacks
Information traveling from your computer to a network is broken down into packets of information that travel through routers along a path of successful transmissions to its final destination. Likewise, when the internet was first established, users were allowed to trace the route of these packets of information via pings and traceroutes (Vahid & Lysecky 2017). Unfortunately, malicious users could bombard a router with pings with oversized packets which could cause a router to crash, freeze, or fail. This collection of compromised and affected routers could disrupt the transmission of real messages reaching a destination, thus creating a distributed denial of service (DDoS) (Yihunie, Abdelfattah, & Odeh, 2018). Thus, to reduce the threat of DDoS attacks, there is great value in creating a secure network environment by using due diligence by applying information security practices.
Imagine having a valuable item in your house and not locking the doors. If you discover that your item is stolen the next morning it is because there was no security for that item. The same principle applies to information located on your personal computer or a business computer system. Information is a valuable item and to make sure that it does not get stolen it is important to implement security protocols for protection. Information security covers a wide range of practices, like using anti-virus software to protect against malware, creating a secure network, using multi-factor authentication, and having awareness of cyber-attack practices. Awareness coupled with good practices can reduce the chances of being a victim of an information security breach.
While there are many types of information security cyber-attacks, the two types of information security breaches that most commonly attack individuals but are easily recognized and avoidable are phishing emails and social engineering. Learning how to manage phishing and social engineering attacks is an important cybersecurity skill.
Social Engineering – Electronic Phishing
A phishing email is a form of social engineering attack that uses a misleading email that direct users to a website that impersonate a trusted and known website. Users are prompted for their credentials, like login information, username, password, and sometimes even more personal information like social security numbers and date of birth. The phishing emails are meant to gather data about the user and compromise their accounts or any accounts that may use the same information (Wang & Kissel, 2015). Most phishing emails can be spotted but may take some attentiveness to details of the email. For example, a phishing email may use incorrect grammar, a suspicious email address, or URL that does not send the user to its website. Likewise, if you see a phishing email that states “click here to unsubscribe” then do not click the link, as it can notify the sender that their email was read. The best course of action is to delete the email, or some companies establish a “report phishing” email address where users can forward entire emails for the company to deal with the cyber imposter.
Social Engineering – Physical Impersonation
The other type of social engineering is the physical impersonation that might occur to gather information from a victim. Information contained in a trash or recycle bin might be taken to gather data about a user or company. Likewise, social engineering to steal information might come in the form of a phone call from someone impersonating an authority figure or someone prominent within an organization. These impersonators might ask users for logon information or help to get into a system (Wang & Kissel, 2015). Either way through stolen papers or physical impersonation, the data that is gathered from the victim is meant to gain entry into a computer system. To avoid social engineering users must understand that their personal information will never be asked of them by any reputable source. Moreover, it is important to never share any personal information over the phone, email, or on paper. Keeping information private will ensure that social engineering attempts will not be able to obtain access to any systems.
Reference
Vahid, F., & Lysecky, S. (2017). Computing technology for all. zybooks.zyante.com/
Wang, J., & Kissel, Z. A. (2015). Introduction to network security : theory and practice (Second edition.). Wiley.
Yihunie, F., Abdelfattah, E., & Odeh, A. (2018). Analysis of ping of death DoS and DDoS attacks. 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT), Systems, Applications and Technology Conference (LISAT), 2018 IEEE Long Island, 1–4. https://doi-org.proxy-library.ashford.edu/10.1109/LISAT.2018.8378010
No comments:
Post a Comment