Network Security
Since the 1990s, there has been an increasing concern over privacy and security throughout the internet because of various cybercrimes. More especially over the last two years, the COVID-19 Pandemic caused more people to work from home than ever before. Since then, the rate of cybercrime has increased by 600% since the COVID-19 Pandemic, according to Pitchkites from Cloudwards (2021). The internet has a plethora of security incidents; however, this paper will specifically look at phishing and security holes/vulnerabilities. Through the lens of these two different security concerns, this paper will explain how computers are vulnerable to each threat, the symptoms and damage each cause, and finally, how to protect against each security breach backed by credible evidence. In addition, this paper will briefly discuss how DOS attacks are executed utilizing ping commands.
Computers can have many vulnerabilities that exist in software, hardware, and even because of human operating. Although, more commonly, vulnerabilities and security holes are found within the software of an operating system. In the textbook, Vahid & Lysecky define this as the "aspect of a computer that can be used to breach security" (2017, p.8.1.2). These vulnerabilities can either be exploited by hackers attempting to breach a system for malicious reasons to steal, delete, or even shut down operations or by a cybersecurity specialist known as a Whitehat researcher who reports the issues for rewards. Companies offer bounty programs to help keep customers and information secure from hackers, and it is one-way companies can fight against hackers.
Phishing is another significant threat across computers; however, these elaborate schemes are not necessarily a vulnerability of the computer, but rather a vulnerability of the human operating the computer. Phishing falls more under the internet scam category. These schemes can be very elaborate and hard to recognize without the proper knowledge. On the other hand, some are riddled with spelling errors, noticeable visual differences, etc., which is rarely the case anymore in 2021 because of grammar software. The textbook regards Phishing as an internet scam intended to bait users to share sensitive information such as passwords, credit cards, etc., by appearing as legitimate organizations (Vahid & Lysecky, 2017). Phishing tends to be deployed through email but also SMS texting nowadays. Examples of organizations that hackers try to appear to bait people into giving up sensitive information are Chase, US Bank, Apple, CashApp, and many more.
Each security concern has its symptoms and overall damage caused by the attack on the compromised system. When it comes to Phishing, there are no symptoms to the computer since no software gets installed; instead, it's more of "clues or tel-tale signs" users must pay attention to. As far as overall damages, phishing schemes can be just as costly as any other attack costing individuals sensitive information or possibly life savings, while companies can stand to lose hundreds of billions per year due to Phishing. When it comes to security holes/vulnerabilities, because of the weakness in the system, a hacker can run malicious code, input malware, or even steal/delete data depending on the security hole and the hacker's intent. Security holes/vulnerabilities symptoms would all depend on the vulnerabilities of the software and the purpose of the hackers; most of the time, they go unnoticed. Once again, depending on the type of vulnerabilities available to the hacker, it will decipher what the hacker can perform and depend on what they are seeking to do can cost a company millions or even billions of dollars or, even worse, catastrophic failure.
Through experience and knowledge, there are many ways to protect against the abundance of security concerns throughout computers. More specifically, when it comes to Phishing. Two recommendations I can recommend to individuals and organizations to protect against Phishing is user training; knowledge is vital, especially across organizations that stand to lose a lot and have anywhere from ten to thousands of employee's assistant company software. Understanding simple concepts on not clicking on unknown attachments or links, especially for password resetting, can go a long way. Another way an individual and or organization can defend against Phishing is by enabling two-factor authentication properties to the system. According to the Consumer FTC, two-factor identification can help protect against Phishing because it enables a user to use "something you have" such as a password from security keys or authentication applications." While also requiring "something you are" that others won't have such as fingerprint, retina, or face (2019, para. 7). Defending against security holes and vulnerabilities as an individual is simple but can be quite limiting also. The easiest way to defend against security holes and vulnerabilities is simply by keeping the operating system up to date. The second way is by keeping supported software/applications up to date also. Organizations can also follow the same guidelines; however, companies can and should create bounty programs that reward white hat security specialists for discovering the hole or vulnerability. That way, the software or operating system can be patched before evil hackers can deploy malicious intent. Whitehat specialists are known as "ethical hackers" because they hack for good rather than evil (NortonLifeLock, 2017).
In addition to this paper as a border topic of attacks, in the week three assignment traveling through a network, we learned about ping commands, how to execute them, and the purpose of the command for troubleshooting. However, what was not discussed was the type of attack that can be executed via ping commands. DoS stands for 'denial of service' by which, according to Vahid & Lysecky, this attack is achieved generating mass access requests to a website to overload the servers that prevent real users from accessing it or at least causing major slowdowns. This is done to hurt or hassle organizations or may even play as a distraction so hackers can access other information. The ping of death is a DOS attack that is carried out by the ping command. The ping command tests the network availability of network resources by sending packets to the network server. The ping command can be used to overload the server by sending the packets above the maximum limits of the server, causing stability issues such as freezing, crashing, or even rebooting, which can create even more vulnerabilities (Williams, 2021). As you can see, something intended to be used for good can also be used for evil reasons, so companies and individuals need to take their security seriously.
References
Consumer Information Federal Trade Commission. (2019, May). How To Recognize and Avoid Phishing Scams. Retrieved from https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
NortonLifeLock. (2017, July 24). What is the Difference Between Black, White and Grey Hat Hackers?. Us.Norton. Retrieved from https://us.norton.com/internetsecurity-emerging-threats-what-is-the-difference-between-black-white-and-grey-hat-hackers.html
Pitchkites, M. (2021, October 28). Cyber Security Statistics. Cloudwards. Retrieved from https://www.cloudwards.net/cyber-security-statistics/
Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from zybooks.zyante.com/
Williams, L. (2021, November 1). DoS (Denial of Service) Attack Tutorial: Ping of Death, DDOS. Guru99. Retrieved from https://www.guru99.com/ultimate-guide-to-dos-attacks.html#