Information and system security for individuals are important because such information of people's private data, which includes pictures, emails, bank accounts, and social media accounts being hacked, can put someone's life at risk, more so their reputation, and financial hardship such as getting their identity stolen. Equally important in organizations, the information of customers' data, such as in the healthcare industry, can put a burden on both the patient and the hospital. Having their data stolen from Servers can compromise government and other private sectors as well as hacking individuals' computers, like a CEO of a company, which leads to selling this information to competitors. The greatest security threat to an organization is their staff because they are prone to being hack and compromise due to lack of education, Email Spam, phishing, password creation, social engineering, and not understanding the severity of such threats.
One type of attack that can be executed using ping command is Smurf attack, "which abuses the Ping command, which checks reachability of a network." The attacker sends ICMP echo request; as a result, the computer on the Network sends all ICMP relay packets to the attacker, and when a massive number of pings are executed, the response packets add up to a much larger number of ICMP echo replies, thus flooding the Network. To prevent this attack, we can turn off the protocol ICMP. Koga, K., Okazaki, N., Watanabe, A., & Park, M. rang. (2011). A proposal of an extended method of IP trace-back for distributed denial of service attacks using a dynamic marking scheme. Electronics & Communications in Japan, 94(page 2 1.1.2 Smurf)
Security holes and vulnerabilities can be used to breach security; this type of vulnerability threat exists in operating systems of all manufacturers, including Mac OS, Windows, iOS, Android, and Linux systems). These weaknesses are continually put to the test by hackers who find ways to infiltrate OS systems. The significant impact on such systems focuses on Windows Servers and Network systems, which can cause a significant blow to an organization's security infrastructure. My proposed recommendation is to prevent and protect from security holes is to constantly update the operating systems for all servers and network devices, as well as pushing updates (also known as patches) to all computer systems in such an organization. For example, Windows retire XP and Windows 7 from updating its operating systems, thus forcing users to upgrade to Windows 10 to keep their networks protected.
A phishing attack is a type of social engineering attack that is used to steal information. An attacker will lure a victim into thinking they are the legitimate originator of the source they seek to do business with, thus masquerading as a trusted source. Doing so can lead to malware, ransomware, and steal critical data. My proposed recommendation for protecting the network infrastructure from phishing is from a scholarly article on training to mitigate such attacks. "To prevent phishing attacks, organizations often rely on three techniques: (1) automated removal or quarantine of phishing messages and corresponding websites; (2) automated warning mechanisms that notify individuals when they encounter a suspicious message or website; and (3) behavioral training during which individuals are taught to identify and report attacks, Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to Mitigate Phishing Attacks Using Mindfulness Techniques. Journal of Management Information Systems (page 599).
No comments:
Post a Comment