Network Security for Beginners

    A hacker can use multiple exploits to attack, penetrate, or take down a network or computer system. They can target companies or individuals. Therefore, information systems must have security practices that safeguard against these attacks.

    There are different types of ping command attacks. They typically attempt to create a denial of service (DDoS) attack. Usually, they are seen in two methods: the ping of death and the ping flood. Ping-of-death attacks use the “ping” command to send large packets of data to a system to overload the host network. This creates congestion, which takes away bandwidth and server resources. (Vidal, 2024) Ping floods operate differently in that instead of sending large packets; they send out large numbers of pings to overload the server.

    There are a couple of ways that networks can protect against this. Usually, firewalls and DDoS protection software can prevent this from getting to the network and creating havoc. Rate limiting on a network will also curtail the number of requests into a system and prevent it from stalling or slowing the servers.

    Another method used in attacks is password cracking. Since 86% of breaches are leveraged using stolen credentials (Miller, 2024), password cracking is a busy business. The higher the elevated credentials, the worse the damage to the industry. When a lower-level credential is stolen, individuals will try to use privilege escalation attacks to gain further access to the system. (Miller, 2024) Escalation allows an unwanted intruder to steal data or even hold the data hostage, preventing it’s release for use unless there is a monetary gain for the attacker. 

    Brute force attacks are used; however, it can take a very long time to gain access. Most systems trigger a lockout mechanism that prevents someone from entering the wrong password more than three times. In mobile devices like Apple iPhones, they can time the device out indefinitely if the password is entered incorrectly too many times. 

    The best way to avoid password cracking is to have strong, unique passwords. Sixteen special characters and alphanumeric combinations make it incredibly difficult for hackers to guess or conduct brute-force attacks. Many companies also use 2FA, or two-factor authentication, to gain access to sites. This is a layer of protection in which the site sends you a text message to your phone to verify your identity. So, even if the password is guessed, it requires a second level for the bad actor to gain access.

    Since brute-force attacks are slow, most attackers find the best success in social engineering. Social engineering is how a hacker manipulates people to share information they shouldn’t (IBM, 2024). There are various forms of social engineering attacks, such as phishing, “shoulder surfing,” or even eavesdropping. This attack's preference is that the attacker's penetration of a system by stolen credentials makes the attacker less likely to be found or seen.

    Attackers will use social engineering to penetrate a large-scale network and gain access to an individual’s personal resources. They will steal identities to obtain loans, steal properties, and steal government benefits (IBM, 2024).

    Social engineering resides in the hands of the target. Individuals should be cautious about emails they click on, never tell anyone their credentials for any device, and never allow uncontrolled access to secure areas of a company building (IBM, 2024). “Trust but verify,” is key. 

    Overall, cybersecurity should be taken seriously by everyone. By understanding vulnerability, users or companies can better guard their defenses to prevent unintentional exposure to exploits.

 

References

 

IBM. (2024, December 18) What is Social Engineering? https://www.ibm.com/topics/social-engineering 

Miller, Matt (2024, May 2). Password cracking 101: Attacks & defenses explained. BeyondTrust. https://www.beyondtrust.com/blog/entry/password-cracking-101-attacks-defenses-explained 

Vidal, Sebastian (2023, November 6). Ping of Death or Ping Flood: What is it and how does it affect? https://tecnobits.com/en/ping-of-death-or-ping-flood-what-is-it-and-how-does-it-affect/