You initially completed this post in your Network Security assignment in Week Four. Review the instructions here and incorporate the instructor feedback from the Week Four assignment in your sixth blog post.
To complete this assignment, you must research at least two credible or scholarly resources in addition to your course text.
You will be including revised content from this assignment as Post six of your Information Technology Blog Final Project. You may wish to review the instructions included for the Information Technology Blog in Week 5 prior to completing work on this assignment to see how it fits into your overall final project.
To complete this assignment, you will explain the importance of information and system security for individuals and organizations.
As a part of the Week 3 Traveling Through a Network assignment, you used ping commands to become familiar with networking. Explain the type of attack(s) that can be executed using ping commands.
In addition, select two of the following computer security incidents to discuss in more detail:
- Security holes/vulnerabilities
- Computer viruses
- Email spam
- Phishing
- Password cracking
- Social engineering
In your paper
- Explain why computer systems are vulnerable to each kind of threat.
- Describe the symptoms and damage that each breach can inflict after compromising a system.
- Propose at least two recommendations for protecting a computer system or network from each type of security breach.
- Support your statements with evidence from your sources.
The Network Security Paper
- Must be at least 300 words in length (not including title and reference pages) and formatted according to APA style as outlined in the Ashford Writing Center.
- Must include a separate title page with the following:
- Title of paper
- Student’s name
- Course name and number
- Instructor’s name
- Date submitted
- Must use at least two credible or scholarly sources in addition to the course text.
- Must document all sources in APA style as outlined in the Ashford Writing Center.
- Must include a separate reference page that is formatted according to APA style as outlined in the Ashford Writing Center.
- The Scholarly, Peer Reviewed, and Other Credible Sources table offers additional guidance on appropriate source types. If you have questions about whether a specific source is appropriate for this assignment, please contact your instructor. Your instructor has the final say about the appropriateness of a specific source for a particular assignment.
Network Security
Jesse E Neubauer
INT100: Fundamentals of Information Technology & Literacy (INA2037B)
Dr. Nelson Stewart, instructor
October 4th, 2020
Page Break
Network Security
Explain the type of attack(s) that can be executed using ping commands:
Ping commands are a relatively resource-light function that can be run at any time, but a DoS or DDoS attack can use ping commands en masse to overload a server’s capacity to respond to pings, which prevents it from being able to do anything else.
Select two of the following computer security incidents to discuss in more detail:
Phishing and Social Engineering
Why computer systems are vulnerable to phishing:
Phishing relies upon the vulnerability of humans who lack digital literacy. Scammers who design phishing attacks do so by modeling their emails visually after the legitimate institutions they are impersonating, which takes advantage of the digitally-illiterate email user’s tendency to evaluate an email’s legitimacy based on visual markers, rather than basing their evaluation on more technology-driven factors like URL addresses. If a phishing email can convince a user that it is legitimate for long enough to get them to click a link and enter their credentials, then it has succeeded.
Describe the symptoms and damage that phishing can inflict after compromising a system:
Fortunately, most phishing attacks are targeted at the individual consumer level, rather than at the administrative/systematic level. Therefore, symptoms of a phishing compromise would depend upon the platform or institution mimicked. If your banking credentials are phished, you might see symptoms such as fraudulent activity and transactions, alerts or notifications about your profile information being changed, and damages such as loss of money. If your email credentials are phished, you might see symptoms such as being locked out of your email account, and friends and family using other methods of communication to alert you to the spam which they just received from your email address.
Recommendations for protecting a computer system or network from phishing attempts:
The biggest defense that a system can use against phishing attacks is two-factor authentication. It makes sure that an accidental exposure of login credentials is not sufficient for a scammer to access a user’s account. But it does rely upon each user’s willingness and ability to set up the two-factor authentication on their account. Another protection method could come in the form of periodic customer education. If a user receives, say, a monthly newsletter or “Did You Know” article to alert them to the trends and dangers of phishing attempts, they may be more likely to recognize a phishing email immediately, or to build a habit of investigating email alerts by logging into the authentic site directly, rather than clicking on links contained within emails. This proposal does, of course, also rely upon the cooperation of the users.
Why computer systems are vulnerable to social engineering:
Much like phishing, social engineering also relies heavily upon the fallibility of humans, as well as the non-standardized methods of authentication and protection of customer information that are used across multiple platforms and industries. While a person may need information pieces A and B to access information C from their bank, they may need only piece A in order to access piece B from some other place, such as their email provider. The more pieces of information an identity thief or social engineer might be able to collect about an individual, the more information they will gain access to, in almost a snowball-effect fashion.
Describe the symptoms and damage that social engineering can inflict after compromising a system:
Also similar to phishing in this regard, social engineering tends to compromise information on the individual level, rather than on a systematic level. However, if a social engineer is successful enough in an attack on an individual who has enough money, power, and access, that could lead to the social engineer gaining all of that to use at their disposal. Symptoms could include the use of money in an account, or even the opening of new accounts under the victim’s profile or identity. And depending on the intent of the scammer, it could even result in the publication of their results, and/or the real-world usage of location and other information to enact in-person damages such as theft, stalking, invasions of privacy, violence, and any number of other atrocities.
Recommendations for protecting a computer system or network from social engineering:
As I mentioned, a lot of the vulnerability which is leveraged for social engineering stems from the lack of standardization when it comes to customer security. If every customer-facing system were held to the same standards of security and authentication, ala HIPAA, then social engineers would have very little foothold in gaining additional information. This would, however, require intervention from a higher power, which at this point in time seems rather unlikely. In the meantime, two-factor authentication can also help, as it’s not very possible (yet) for a social engineer to trick their way into gaining access to a target’s cell phone. But in the same way that this method depends on the customer being willing and able to use it, it also depends on each and every system setting it up in the first place.
Page Break
References
Poston, H. (March 19th, 2019). Protecting Against Social Engineering Attacks. Infosec. https://resources.infosecinstitute.com/protecting-against-social-engineering-attacks/
Stolfo, S. (December 10th, 2019). Intelligent Strategies to Protect Your Customers from Phishing Attacks. Forbes. https://www.forbes.com/sites/forbestechcouncil/2019/12/10/intelligent-strategies-to-protect-your-customers-from-phishing-attacks
No comments:
Post a Comment