Post #6 – Network Security [CLO: 6]

The importance of information and system security for the individual and organization can be seen in how we access the internet at home and work. Over the last twenty years the home life and the workplace were kept separate. Today the two lifestyles have merged into one. Things like dating and after work activities are connected to work over the internet by applications like Facebook (now called Meta) and LinkedIn. The information on these websites can be especially important and are often used to determine, job offers/promotions, match ups for dating, or a decision on marriage or breaking up. They help pick our coworkers, friends, provide advice on our finances, and health. These websites allow both personal and business information to be on the same platform and the security of that information vital. If that information falls into the hands of scammers, they can revel havoc for both businesses and individuals.

The websites discussed above can come under attack from many sources. One of these attacks is called the “Ping of Death,” it is done by sending multiple ping commands for a status check, where each message can be modified from 32 to 65,500 bytes (note: large messages are broken down into 32-byte packets when sent). The number of the messages will cause the website to receiving thousands of status requests at the same time and that will at some point cause it to slow down processing, overload, or crash. The flooding of data is called denial of service (DoS). See Figure 1. When this occurs the computer or website cannot provide normal services to its users. This is an internet vulnerability that can be fixed at the router by having it monitor the connection links between the sender and the website, and not allow a massive overflow of data to be sent to the website. Another method to block DoS attacks is a Firewall, which monitors the flow of data coming into the computer and will limit the network access if a certain threshold is exceeded. The following link provides supporting data for defending a computer against DoS attacks (Perform Ping of Death Attack Using CMD And Notepad (Just For Learning) (fossbytes.com)).

Figure 1. Ping of Death Attack

One of the most popular methods used by cybercriminals is social engineering. This approach uses manipulation techniques to convince people to willing give up important and confidential information on themselves or on businesses they work at. No actual hacking of the computer is needed when the targeted individual will provide access. This form of attack is called spear phishing, which uses information like names, email address, and location found on public websites to target specific individuals or organizations to get more detailed information like social security number, bank account number, or passwords to other accounts. Supporting evidence for the impact of social engineering on the internet can be found in the book:  Social Engineering – The Art of Psychological Warfare, Human Hacking, Persuasion, & Deception by Vince Reynolds, see reference below. In addition to social engineering, hackers may send you a phishing email which may contain malicious software that will install itself on your computer to collect information.

Today, we spend so much time responding to emails and text messages it has become hard to distinguish fraud from legitimate emails messages. Text and email messaging are usually very secure over a company network, but not as secure over a public network. Big companies spend millions of dollars on cybersecurity but, they are still as vulnerable as the individual who has limited funds to purchase the latest antivirus software. Therefore, phishing is still a major threat on the internet, there is no way to filter out the good from the fraudulent emails. The hackers and scammers have found ways to get around old antivirus software and send fraudulent emails and setup phony websites to obtain both personal and business information from people. These frauds have so convincing that is hard to tell them from legitimate websites. For example, the email in Figure 2 appears to be from Chase bank requesting information on an account. It asks the recipient to click on a link to proceed. If you look closer, you will see the email is not from Chase. The best way to protect your computer from social engineering or spam email attacks is to avoid opening an email that looks suspicious. If you do then, you should never click on a link you do not know and provide personal data. It is best to go directly to the website and log in to check on the status.

Figure 2. Phishing email example

Fake emails like the one above is not limited to Chase Bank, there are emails that appear to be from PayPal, Amazon, and other major companies. They all have a few things in common, one they warn of a loss of service or access, or they claim they are checking up on fraud, or some other problem and want you to provided account information, and the second thing they want you to click on or go to a website. this is a trap design to get you to reveal personal data of have you open a link that can load a virus on your computer, only good cyber security training can help you detect traps like this one and it is important to stay current on what threat are lurking around on the internet. Checking websites like Microsoft.com norton.com, and Google.com can provide the latest updates on what to look out for. Both Microsoft and Norton have software that will check your computer for viruses and provide a report on the status that will include how many security threats were detected and fixed. These Apps are important in maintaining high performance on your computer and can be used to keep your computer or website safe from hackers.

References

Chloe Pilette. (July 26, 2021). Norton LifeLock. What is social engineering? A definition + techniques to watch for (norton.com).

Vince Reynolds. (2015). Social Engineering – The Art of Psychological Warfare, Human Hacking, Persuasion, & Deception.

Hans Weber (2020). Hacking AI: Big and Complete Guide to Hacking, Security, AI, and Big Data. Page 74, 106 referenced.

Amar Shekhar. (January 10, 2022). Fossbytes. Perform Ping of Death Attack Using CMD And Notepad (Just For Learning) (fossbytes.com).