Post 6: Discussing Network Security

Network security is in high demand no matter where you work. We run our lives through the internet for both work and play, and that means we need to be careful as well as responsible when using it.

If you remember from a previous post, we investigated ping commands, and we learned how they could be useful for troubleshooting network issues. On the flip side, they can also be used for cyber-attacking and harming a legitimate site. One such attack is called a Ping of Death (PoD) attack, essentially another form of Denial of Service (DoS) attack. A PoD attack tries to crash a machine or service by sending oversized packets to the IP address using ping commands (Imperva.com, 2020, para. 1). Using any DoS attack can cost a site multiple days’ worth of sales and traffic due to the prevention of legitimate visitors or customers from accessing their website. Sites continue to find new ways to mitigate these attacks and prevent further harm to their site or service.

Of the many other cyber-attacks out there, email spam is one that continues to increase in usage. Email spam involves unsolicited mass emails sent out, often to sell a product or service (Vahid & Lysecky, 2017, Section 8.4 Internet scams and spam). Since email services are most commonly used on computers, they are very susceptible to spam. Spammers may send emails with clickable links that secretly install malware onto the computer to gain access to the user’s list of email addresses in their address book and send out hundreds of more spam emails. The malware may also give the spammer access to the user’s computer to use it as one of many botnets. Collectively, the botnets work together to send out more spam emails or participate in a Denial of Service attack, wreaking havoc on a service or site (Vahid & Lysecky, 2017, Section 8.4 Internet scams and spam).

Security can be compromised through breaches, and one example of a breach is phishing scams. Phishing is an attempt to retrieve sensitive information from someone through manipulation and can occur over the phone, via email, or through some form of direct message. The victim is tricked into giving credit card info or financial account logins after receiving a message from a seemingly legitimate sender. They are asked to login to their account by clicking the link, and the sensitive information is then stolen and archived to be used later without the user's permission or knowledge. Phishing is something I must keep an eye out for at work, since we’ve recently had scammers try to call us, pretending to be a technical support rep, and trying to gain access to our internal systems. All it takes is one unknowing person to give the wrong information, and a lot of sensitive information can be compromised. 

With these and many other cyber-attacks continually trying to steal information, we need to take preventative measures to stop them from succeeding. Check out this story as a great example. In April 2016, the Democratic National Committee noticed something unusual in their system, so they hired a private firm to investigate it further. The security firm discovered that their whole system had been compromised for over a year. They found that sensitive information relating to the upcoming presidential campaign, including private emails, research data, and personal contributor data, was stolen. A few months later, the data was weaponized and used to cause severe damage to Hillary Clinton’s campaign as well as others involved (Fuller, 2019, para. 3). Without proper security, our information can be used for the worst reasons.

To prevent such attacks, we should use best practices like not opening emails from a sender we don’t know or by installing antivirus software on your computer.  The software will scan the computer for known viruses and try to disable them (Vahid & Lysecky, 2017, Section 8.2 Viruses and malware). Luckily most email services filter out a lot of spam emails before we ever get to see them. With phishing in mind, we should always question a company asking for personal or login information through an email or message. Legitimate companies never do that for this very reason. We can look for misspelled words or logos that appear slightly off to identify a potential attack (Sibi Chakkaravarthy et al., 2018, para. 6). Another way is to set up two-step verification on our accounts, requiring a secondary verification sent to our phone before allowing a login attempt (Vahid & Lysecky, 2017, Section 8.3 Account security). This extra verification can prevent malicious attempts to access our personal information and save us many headaches trying to go through account recovery processes. Cyber-attacks will continue to exist, so we need to do our best to be educated and prepared.

How are you guys staying safe on the web? Have you been a victim of a cyber-attack?

 

References:

Fuller, C. J. (2019). The Roots of the United States’ Cyber (In)Security. Diplomatic History, 43(1), 157–185. https://doi-org.proxy-library.ashford.edu/10.1093/dh/dhy038

Imperva. (2020). Ping of Death (POD). https://www.imperva.com/learn/application-security/ping-of-death/

Sibi Chakkaravarthy, S., Sangeetha, D., Venkata Rathnam, M., Srinithi, K., & Vaidehi, V. (2018). Futuristic cyber-attacks. International Journal of Knowledge Based Intelligent Engineering Systems, 22(3), 195–204. https://doi-org.proxy-library.ashford.edu/10.3233/KES-180384

Vahid, F., & Lysecky, S. (2017). INT 100: Fundamentals of Information Technology & Literacy. Zyante Inc. (zyBooks.com). https://learn.zybooks.com/zybook/ASHFORDINT100AcademicYear2018/chapter/8/section/2

Vahid, F., & Lysecky, S. (2017). INT 100: Fundamentals of Information Technology & Literacy. Zyante Inc. (zyBooks.com). https://learn.zybooks.com/zybook/ASHFORDINT100AcademicYear2018/chapter/8/section/3

Vahid, F., & Lysecky, S. (2017). INT 100: Fundamentals of Information Technology & Literacy. Zyante Inc. (zyBooks.com).