Post #6 Network Security

Many aspects of our daily lives and business are now heavily dependent on digital technology. Hence, the element of information and system security has become crucial in today’s life. Our personal information and essential data must be well-protected to maintain our privacy and gain public trust. Information and system security are also crucial to guarantee the sustainability of our business. With the rapid development of technology, computer systems are being exposed to many forms of cyberattacks. The impact of cyber-attacks can result in significant financial losses, reputational damage, and legal consequences. Therefore, we need to identify threats and implement the necessary measures to secure our digital environment.

A ping-based attack is a type of network attack that utilizes the ICMP protocol. An ICMP flood attack sends echo request packets in large quantities to cause a Denial of Service (DoS) on the victim system. Such an attack is also referred to as a ping flood or ICMP flood. A Smurf attack is another type of ICMP attack that involves sending a large number of spoofed ping request packets to a broadcast IP address, replacing the victim IP with the source IP. Because many systems reply to the victim at roughly the same time, the victim system is bombarded with an overwhelming amount of data. This is another type of DOS attack. An attack that sends a large ICMP packet, known as a Ping of Death, fills the system's memory buffer. When the system attempts to process the packet, it crashes due to a buffer overflow. Such attacks are very rare these days because most systems are patched and up to date. Ping sweeps are a form of ping-based attack that is used in the reconnaissance phase of a network attack. Ping sweeps can discover active hosts and list all the active IP addresses. ICMP tunneling is a type of ping-based attack in which an attacker sends information through ICMP packets. Such an attack is often used to exfiltrate data back to attackers or to use the channel for command-and-control communication.

Malware and ransomware are among the many threats we hear about in computer system security. Malware is malicious software that is injected into a computer system to cause harm. Ransomware is a type of malware that encrypts files and data on a computer and demands a ransom in exchange for the decryption key, allowing users to regain access to their files and data. A computer system can be compromised due to several factors, such as having unpatched applications, outdated operating systems, and the users’ careless actions, such as clicking on suspicious links or downloading suspicious attachments or files. Some common symptoms of a malware or ransomware attack on a computer system include slowness, unauthorized access to sensitive information, corrupted files, and ransomware that locks the user out by encrypting all critical files and data. Malware and ransomware attacks on computer systems can have a significant impact on businesses and incur substantial costs to restore data and systems to normal. To combat and prevent malware and ransomware attacks on computer systems, it is highly recommended that systems, applications, and operating systems be regularly updated and patched. Keeping the latest versions of operating systems, applications, and software updates can help prevent exploitation of known vulnerabilities. Having a reliable, up-to-date antivirus and an anti-ransomware application that performs real-time scanning and detection using heuristic methods can also serve as a countermeasure against malware and ransomware attacks. The network topology can also be enhanced by segmenting it to secure systems. In the event of a malware attack on a single system, this feature can help prevent it from spreading to other systems on the network. Having an offline backup of the system can also help prevent a ransomware attack from causing significant damage.

Phishing and smishing attacks are significant cyber threats to many systems and often exploit human factors rather than technical weaknesses. Phishing is when a person sends a fake email to elicit a response, such as asking for passwords or prompting a click on a malicious link. Smishing is similar but targets mobile devices and uses the Short Message Service (SMS) part of the network to send a malicious text message. All social engineering attacks rely on people doing something, which is why a lack of user awareness and knowledge can leave your system exposed to a wide range of attacks. Phishing and smishing attacks can compromise your accounts, lead to identity theft, result in fraud of all types, and compromise the systems you are trying to protect. A few indicators that you may have been targeted with a phishing or smishing attack include unusual or suspicious-looking emails or SMS messages, acting strangely towards the systems you are trying to protect, and unusual account behavior. Training your users is an excellent countermeasure against the social engineering tactics associated with phishing and smishing. This includes training on the common types of phishing attacks and potentially using a training tool to send “mock” phishing emails to your users to test whether they fall for a socially engineered attack. The more “attacks” that your users receive, the more they are likely to catch suspicious emails and SMS messages that would otherwise have been successful phishing or smishing attacks. In addition to training your users, another excellent countermeasure to implement to mitigate phishing and smishing attacks is multifactor authentication. Multifactor authentication (MFA) (also known as two-factor authentication, 2FA) provides a second authentication step, in addition to something that the user knows, such as a password, PIN, or pattern, and instead requires something else to gain access to your systems, networks, and applications. Typically, these are something you know, something you have, something you are, or something you do. Examples of the second factor in each category include: - Something you have: Token, smart card, USB key, or mobile device - Something you are: Fingerprint or facial recognition information - Something you do: A one-time code sent to your mobile device, or completing a puzzle related to a current event in your organization. Anti-phishing email and SMS filters are a good way to help stop these types of attacks. Email filters can catch phishing emails before they reach your users, preventing them from ever reaching your users. In contrast, SMS filters can detect SMS attacks on the mobile network, intercepting malicious messages before they reach your users.

Malware, ransomware, phishing, and smishing are just a few of the many methods used by hackers in the never-ending battle to find and exploit weaknesses in operating systems and applications to invade our computer systems through social engineering traps. Once we understand how an attack is carried out and can identify the warning signs, we can use tools such as updates and anti-malware software, as well as educational resources and multi-factor authentication, to limit the effects of a possible attack. The war is not, however, over. Our vigilance and ongoing response to threats must never cease if we want to ensure our information security and, therefore, have confidence in technology.