Network Security - IT'S IMPORTANT!

Information – Individuals and Organizations

Information is critical, and its importance is relative to the individual or organization. Ex. You may not be concerned with your BMI, but your employer's insurance may be looking for ways to offset their costs by increasing employee's deductible. Since obese individuals tend to have more costly medical needs, individuals may be penalized with a higher deductible. Individuals also need to be concerned with their online presence. Everything we do online is tracked and recorded, so do not put anything online that you want to keep private. Individuals also need to be aware of app requirements. Applications require you to give them permission to access your data, including your contacts, activity level, weight, food intake, location, or access to online social media sites. Users need to be wary of what they give access to as this information is often sold to other 3rd parties.

Organizations also need to be careful about protecting their information. Hackers are constantly trying to exploit a company's weaknesses for monetary gain. Given that just about every employee requires internet access, it means that there are that many potential breaches into a company network. Hackers may gain entry via spam email containing malicious attachments to an unpatched laptop at an employee's home. Once a foothold is achieved, a company may have their data encrypted and held ransom with potential losses in the millions of dollars. Despite all the possible attack vectors, there are some basic strategies companies to help minimize the risk. Educating employees will get you the biggest bang for your buck. Employees can fall victim to social engineering or playing on one's emotions. Some additional ways to secure your exposed network are hardening the edge of your network with a firewall, multiple antivirus packages, patching solutions to keep OSs and applications current, and requiring complex passwords with two-factor authentication.

Ping Attacks

Ping is a simple command that helps users determine if an address or site is available. The default ping command sends 32 bytes of data four times to the target site and provides the response times to the given site. This seemingly harmless command can bring down major companies and their sites with attacks called DoS or DDoS. Modifying the size of the packet sent and creating a malformed packet forces the receiving computer to try and reassemble it, wasting resources. constantly sending the malformed packet will eventually consume all of the available resources and crash. "A denial of service (DoS) attack is achieved by submitting huge numbers of access requests simultaneously to one website, which overloads that site's web server, thus preventing legitimate requests from being handled (those requests are denied service)." (Vahid and Lysecky. Sec 8.6). DoS can be defeated by monitoring network traffic for high-volume requests and blocking those IP addresses. "A DoS attack using multiple (distributed) computers is also known as a distributed DoS, or DDoS, attack." (Vahid and Lysecky. Sec 8.6). This a harder to stop as the attack is coordinated across thousands or tens of thousands of endpoints.

Phishing

"Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source." (Cisco). The communication a user receives will look just like the company they are trying to pose as but will frequently have some misspelled words. Phishing emails depend on the user to take action and often contain links that lead a user to a malicious site where they are prompted to enter personal information. The attained information can then be used to compromise an individual's online accounts or finances.

Social Engineering

"Social engineering is the art of manipulating people, so they give up confidential information." (WEBROOT). According to WEBROOT, it can come in many different forms and prays on an individual's weaknesses. So, I might say I am from your bank or a friend of your boss, and they wanted me to ask a favor of you. Social engineering may also come in the form of threatening communications, such as the police or IRS. The communication channel can be a phone call or email trying to intimidate the victim.

References

Cisco. "What Is Phishing? Phishing Attack Examples and Definition." Cisco, Nov. 2019, www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html. Accessed 24 Sept. 2021.

Vahid, Frank, and Susan Lysecky. INT 100: Fundamentals of Information Technology. zyBooks.com, Aug. 2017, learn.zybooks.com/.

WEBROOT. "Webroot." Webroot.com, 2019, www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering. Accessed 25 Sept. 2021.