Network Security

-

  

Introduction

In the current horizon of cybersecurity, understanding the technological obstacles that affect us daily is crucial. There are several types of technological nuisances that we may encounter, such as malware, viruses, and phishing, which can be caused by various methods of brute force by attackers. This essay will cover the basics of ping attacks, phishing, viruses, and ransomware. It will also discuss how to avoid these types of threats and what actions to take if you are affected by them.

Ping Commands

There are many attacks that can be executed using the ping command, one of which is the Denial of Service (DoS) attack. A DoS attack is a type of cyber-attack that prevents users from accessing their computer and its network connections. This is achieved by overwhelming the system with traffic or sending information that triggers a crash. Hackers typically exploit open system and network ports to gain unauthorized access. The more open ports there are, the more vulnerable the network is to breaches. A common method used is the ping-command, which sends an ICMP (Internet Control Message Protocol) echo request to machines on the target network.

TCP

To identify open ports, hackers use tools known as TCP (Transmission Control Protocol) scanners. These tools scan the network to detect open ports that can be exploited. Another form of attack is the “Ping of Death.” This attack, which appeared in the mid-90s, caused systems to crash and freeze. Today, most computers are protected against this type of attack.

Organizations protect themselves from these attacks by keeping their devices and software up to date, blocking fragmented pings, and increasing memory buffers. Additionally, many have firewalls that can block ICMP ping messages.

The Smurf attack is another form of DoS attack. In this attack, the perpetrator sends a large number of ICMP echo requests to network broadcast addresses, all having a spoofed source IP address of the victim.

A variation of this is the reflector attack, where the attacker spoofs the IP address and sends a larger number of requests to reflector hosts. When the requests are received, the reflector hosts send responses to the targeted victim. An instance of a Distributed Denial of Service (DDoS) attack was the “Killnet” attack, which affected U.S. hospitals in 2014. The attackers, identified as the group “Anonymous,” used the Smurf attack to flood the hosts by continually sending a massive amount of request packets, causing significant disruption.

Viruses 

A computer virus is a type of malware that can attach itself to a file, multiply into many files, and copy its code into other files. The harmfulness of viruses and the effect of viruses can vary. When clicking on certain corrupted files, it can either damage surrounding files or the file itself. In some cases, it can log keystrokes, which is essentially recording every keystroke that you type on your keyboard.

Differences between malware and viruses.

Computer viruses require some sort of ‘handshake’ or interaction, where the host and the virus have an interaction, such as when a user opens a corrupted file. The virus copies its code into the file, making it infected. When the host opens that file, it either spreads or, in the case of a worm, it does not require a party to open the file, making it more dangerous than a regular virus. A worm is a type of malware, but a worm can infect many files without needing the user to open the corrupted file. It can spread itself throughout the computer system. For example, in 2017, a worm affected many peers and users across the world referred to as Wannacry.

Protection Steps

To protect yourself from typical computer viruses, there are several methods. You can use software that deals with these types of intrusions, such as antivirus applications. Another method to deal with computer viruses, as used by law enforcement in their day-to-day operations, is situational awareness. Situational awareness is a basic tool in the law enforcement world, but it is also crucial in the real world because you might receive an email that appears to be from your coworker or manager, but it’s a phishing email. Sometimes, a phishing link attached to it may seem like a regular search engine, but it’s not, leading to the potential disclosure of your personal information & a threat to secured data. Therefore, situational awareness is a key factor that can help you avoid viruses and malware.

Getting rid of malware and viruses can be very tricky, but there are software tools that we can use, such as anti-malware and antivirus scans. These tools can detect any infections and get rid of corrupted files on your system. Many of the malware discoveries are due to previous cybersecurity incidents that brought them to light. For instance, the computer virus “Proto” in 1982 was created when a 15-year-old boy attempted to prank his friends, causing Apple computers to display a poem. The way this virus multiplied and inserted itself into the host system was through a floppy disk drive. By investing in good cybersecurity software and maintaining situational awareness, you can avoid becoming a victim of cybersecurity threats.

Phishing Threats 

Phishing is a security threat that comes in various forms. One common method involves deceiving victims into entering their login credentials on a site that appears trustworthy but is controlled by cybercriminals. Another method, malware-based phishing, involves sending emails with malicious attachments from seemingly credible sources. The most effective defense against phishing is multi-factor authentication (MFA), which requires users to provide two forms of identification, such as a password followed by a one-time code sent to their phone.

To further protect against phishing, employing allowlists and denylists can block access to malicious domains, including specific URLs and IP addresses. Limiting administrative rights on operating systems like Windows or iOS is also beneficial, as it prevents unauthorized changes that could compromise security. The consequences of a phishing breach can be severe, leading to the theft of sensitive information like login details or even identity theft, causing significant harm to the victim. Employers should educate their employees on phishing to further increase security measures and decrease the risk of a breach. 

                                                             

 

References

Malwarebytes. (2024). What is a Computer Virus? | Definition & How to Remove. Malwarebytes. https://www.malwarebytes.com/computer-virus

PHISHING GUIDANCE: STOPPING THE ATTACK CYCLE AT PHASE ONE. (2023). https://media.defense.gov/2023/Oct/18/2003322402/-1/-1/0/CSI-PHISHING-GUIDANCE.PDF

Smurf Attack - an overview | ScienceDirect Topics. (2024). Www.sciencedirect.com. https://www.sciencedirect.com/topics/computer-science/smurf-attack

What Is a Ping of Death and Ping of Death Attack? (2024). Fortinet; Fortinet. https://www.fortinet.com/resources/cyberglossary/ping-of-death

 

 

 

 

 

 

 

 

Popular posts from this blog

Ping and Traceroute

-
Image
   Understanding Ping and Traceroute Ping and traceroute commands provide unique insights into the path of network messages and the speed of their delivery. The ping command checks if a website is accessible and measures the time it takes to connect. Traceroute, also known as  tracert , outlines the route your messages take through the network to reach another computer.   Defining Ping Ping stands for Packet Internet Groper. It sends a small data packet to a specific IP address, functioning similarly to echolocation by returning information about the packets that were sent, received, or lost, all measured in milliseconds.   Practical Application We can use ping to test connectivity with domains such as yahoo.com, google.com, cnn.com, or even international websites.  For instance, pinging google.com resulted in four packets being sent and  received ,  with no  packet loss.  The round-trip times were approximately 20 milliseconds (ms) minimum, 282 ms maximum, and an average of 123 ms. Wh
Read more

Scratch Project

-
 My experience with Scratch was extremely educational and useful. I found it to be a very understandable programming language. Initially, I had some trouble finding the different tabs that would make my sprite move in the direction I wanted. However, once I figured this out, it was really fun to experiment with different possibilities to alter my sprite’s movements and change its color. I have had some experience with basic Python and coding before, and in comparison, I have found Scratch to be user-friendly, making it much less complex for new users. The Scratch program is excellent for settings where students can learn and develop a basic coding mindset.   Scratch Project  https://scratch.mit.edu/projects/1021121622/editor/
Read more

Grammarly APP Review

-
Image
   Grammarly is an AI writing assistant platform available as a plugin for browsers such as Chrome, and it's also accessible as an application to iOS and Android users. I am now more familiar with Grammarly than ever before because I never had a premium account set up, but it has been provided to me by the university, for which I am thankful. Grammarly is a remarkable tool and AI writing assistant that enhances your grammar. It helps you communicate your ideas to others in a more professional manner. The app has numerous capabilities, such as saving documents on its platform, similar to how you would in Microsoft Word.  Its usability is seamless and straightforward. As you compose and write your project or essay, it identifies errors in grammar as you type. You can perform an overall review, accepting the adjustments and advice that the app offers to improve sentences and correct grammatical mistakes. By design, the app is user-friendly and straightforward and does not require down
Read more