Network Security

 

Nowadays, protecting our information and data has become increasingly more challenging and complex, especially with advancements in technology such as the internet and social media. Dan Farmer, an author of various security programs and Distinguished Engineer at Mercedes-Benz R&D, once said, “If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders” (Quotefancy, n.d.). Hence, companies are at risk every day their computers remain connected while their users access information and media online.

Attacking computers to expose security risks or other malicious intent can be accomplished through many different methods. One such tool is ping, a utility that sends a signal to another computer across a network, and in return, provides back a response. However, attackers can use this seemingly innocuous tool to perform a form of denial-of-service (DoS) attack, which shuts down a computer or network and prevents users from accessing the resource. Attackers accomplish this by sending ping packets to a target machine with more than the maximum allowable packet size of 65,535 bytes, causing unpatched or legacy systems to crash and become inaccessible (Fortinet, n.d., How Does the Ping of Death Work section, para. 1). Therefore, companies should deploy security defenses to prevent such attacks by keeping their systems up-to-date with the latest security patches or deploying other safeguards.

Companies must also train their employees from user-oriented attacks. Social engineering attacks such as phishing and baiting are techniques used by attackers to manipulate users into disclosing information, which is often private and sensitive. For example, in a phishing attempt, attackers send an email that compels users to click on an embedded malicious link(s). According to Alzuwaini and Yassin (2021), “[p]hishing is a type of cybersecurity attacks [sic] employed to steal user’s sensitive data like passwords, social security number, credit card numbers, login credentials” (p. 125). In 2014, Sony Pictures became a victim of such an attack where “hackers gained access to the company’s network, stole confidential data, threatened executives and employees, and rendered thousands of computers inoperable” (Ranger, 2018, para. 5). Baiting is another social engineering technique that entices users by placing something of interest in front of a user to lure them into providing credentials, such as a free USB device. Moreover, these devices contain malicious code that can also spread to other computers on the network. Thus, companies must be vigilant in training their users to distinguish between genuine or malicious emails and knowing when an offer may be too good to be true.

As the world becomes ever so connected through technology, attacks will always be prevalent and evolve to more sophisticated techniques. Companies can protect their information, one of their most valuable assets, from attackers by applying the latest security updates to their systems or deploying other cybersecurity defenses such as antivirus software and firewalls. Social engineering attacks include a broad range of malicious techniques that leverage human interaction to entice users into disclosing private and sensitive data such as passwords or credit card data. Preventing social engineering attacks require various methods, including training users and stronger authentication mechanisms. Although it is unrealistic for companies to keep their computers from being connected to a network or preventing their employees from accessing the internet, a successful cybersecurity strategy can help companies protect themselves and their customers.

References

Alzuwaini, M. H., & Yassin, A. A. (2021). An efficient mechanism to prevent the phishing attacks. Iraqi Journal for Electrical & Electronic Engineering, 17(1), 125–135. https://doi-org.proxy-library.ashford.edu/10.37917/ijeee.17.1.15

Fortinet. (n.d.). Ping of death. https://www.fortinet.com/resources/cyberglossary/ping-of-death

Quotefancy. (n.d.). Quote by Dan Farmer: If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders. https://quotefancy.com/quote/1642723/Dan-Farmer-If-security-were-all-that-mattered-computers-would-never-be-turned-on-let  

Ranger, S. (2018, September 7). Phishing alert: North Korea’s hacking attacks shows your email is still the weakest link. ZDNet. https://www.zdnet.com/article/phishing-alert-north-korean-hacking-attacks-shows-your-email-is-still-the-weakest-link/