Ping: The good and bad
Ping is a utility or command that is used to determine if a remote target (website, computer or IP address) is online and available (Mitchell, 2018). To use ping, you would send small packets of data to a remote target and review the results to see if the data was received. Ping is usually used for the good deed of testing the speed of a network and confirming that you are able to access the internet from a local network. Unfortunately, ping can also be used to perform security attacks.
“A denial of service attack (DOS) is any type of attack on a networking structure to disable a server from servicing its clients” (Khaled, Drazen, Wang & Paul, 2005). Ping can be used to cause a DOS attack by sending a “ping of death” which is multiple pings containing extremely large packets of data that the remote target is not able to decipher, which causes the system to crash, stall or reboot. Operating systems have since enhanced their security with patches that block the ping of death. Ping can also be used as a first step in a process to determine if a remote target is available, at which time a second command can be used to check if any ports on the remote target is open. If any ports are found open, those ports can then be attacked by various methods of hacking, viruses and intrusions.
Security Breaches
It’s become all too common to turn on the news and hear a story about a security breach. Security breaches can come in many forms and it’s largely due to human error. Two types of security breaches are Phishing and Social engineering.
“Phishing is an Internet scam that baits a user to share sensitive information like a password or credit card number.” (Vahid & Lysecky, 2017). A few days ago I received an email that looked like it came from Wells Fargo with a link for me to click. Fortunately, I knew better than to click the link. Maybe if I had a Wells Fargo account I would have been tempted to click the link that might have taken me to a fake Wells Fargo website asking me to login. The scammers would have captured my username and password for my account and use it to steal my money. The link could also have caused a virus to be installed on my computer and given access to my entire network including other computers and private or corporate data. In order to prevent phishing, people must always be vigilant about what emails, links and attachments they open. As well, companies should train their employees on how to identify phishing attempts and implement email filters to prevent these types of emails from getting delivered to a user’s inbox.
Social engineering is the use of multiple tactics to trick a person into giving up access to technology or physical premises. Phishing is one type of social engineering, but it can be accomplished in many other forms such has baiting, scareware, and piggybacking (Jackson, 2018). We humans have a natural curiosity about things that can sometimes lead to trouble. If I were to find a USB drive lying around and it was a considerable capacity (64 GB+), I’d be tempted to check to see if it’s empty or not. As soon as I insert that USB drive into my computer I could become a victim of baiting. I can put my computer at risk for any number of virus or intrusion into my system if there is any malicious content on the drive. I may not even know its happening and it could lead to a hacker being able to access and steal corporate data or even render my system useless until I pay a sum of money. In order to prevent such an issue, you should never use drives when you don’t know their source. Or, another option is be sure to have software that checks the drives before it’s allowed to access the system or be accessed.
Recommendations
References
Khaled, E., Drazen, B., Wang, C., & Paul, S. (2005). Denial of Service Attack Techniques: Analysis, Implementation and Comparison. Journal Of Systemics, Cybernetics And Informatics, Vol 3, Iss 1, Pp 66-71 (2005), (1), 66. Retrieved from: https://doaj.org/article/443c040064b8448c96e707355fc4f107
Greene, K.; Steves, M.; Theofanos, M. (2018, June) No Phishing beyond This Point Computer (00189162)., Vol. 51 Issue 6, p86-89. 4p. DOI: 10.1109/MC.2018.2701632. Retrieved from: https://ieeexplore-ieee-org.proxy-library.ashford.edu/document/8395129/
Jackson, R. A. (2018). PULLING STRINGS. Internal Auditor, 75(4), 34-39. Retrieved from: http://search.ebscohost.com.proxy-library.ashford.edu/login.aspx?direct=true&db=bsh&AN=131118306&site=eds-live&scope=site
Vahid, F., & Lysecky, S. (2017). Computing Technology for All. Ch. 8.4 Retrieved from zybooks.zyante.com
Post a Comment