In post# 3 I did a ping and trace command to see how many different places our traffic went before reaching a destination and to see how fast our traffic was able to reach a destination. When it comes to security though this can be a potential problem. Within network security there is an attack known as a denial of service (DoS) attack. This is when a malicious person decides they want to shut down a website, server, application or other system that is connected to the internet. By sending a huge amount of data directly to the IP that the device is using the malicious attacker effectively stops the service from running properly by forcing it to go through a bunch of empty or useless data packets. Because the server or website is so busy looking at all the garbage traffic it is unable to process legitimate requests from proper users. This is a big problem because any open facing internet site can be hit by this type of attack. In order to stop the attack the host of the website or server can block traffic from the IP that the attack is coming from or use a redirect site before getting to the actual website so that if there is a bunch of empty traffic coming it gets stuck at the redirect site and does not crash the actual site or server. The other problem with kind of attack though is it can be a small amount of data come from a large number of sources. In this situation it becomes more difficult to figure out how to stop the traffic in order for the site to regain functionality. As a gamer I see this kind of attack a lot where someone who is losing will have a macro built to span a bunch of messages in a very short span of time to see if they can cause their opponent to disconnect from the game instead of losing.
Two
computer security incidents that I am very familiar with are Phishing attempts
and security holes/vulnerabilities. As
a system administrator a major function of my job is to work towards preventing
phishing attack and remediating any security holes or vulnerabilities that may
be found. These kinds of attacks can be very scary simply because you never
know what the person who gets into your systems is going to do. Sometimes they want to get in simply to say
they can. Other times they are aiming to cause damage to the company or gain
profit from the access.
A
phishing attempt is when someone sends out a fraudulent communication and
attempts to make it seem as if it came from a legitimate source (Cisco 2021). Often times for home users this would be in
the form of an email from your bank stating there has been suspicious activity
on your credit card and they require you to log into your account to verify the
activity. The danger comes when users go
to the link that is provided instead of typing in the URL for their bank. Often the URL that is provided links to a
malicious web page that then copies the secure information that you use to log
into your accounts. This way when the
person who sent the email goes to look at who utilized the link they can take
your personal information and access your accounts or sell it to other people. It is called fishing because they do not
target you specifically but instead aim to send the notification to as many
people as possible in hopes of getting at least one person that clicks the
link. In businesses this kind of attack
is just as common. It can come from just
about anyone claiming they are a member of IT, security, or a different
department wanting information they can then use to gain access to the
network. In my own company we have had
to implement a warning on emails that do not come from an internal location
because of the amount of phishing emails we receive. We have also implemented a system where when
there is a link from an external site the web page is opened up in a secure
browser that will not allow other pop ups or code to run. This way if the link would have allowed for a
malicious program to be downloaded it is prevented and the user can then close
out and report the email.
Security
holes and vulnerabilities are security gabs that have been found in software
and hardware that allow a user to gain more access to a system than they are
supposed to. One type of security hole
is known as a zero-day vulnerability.
Where hackers have discovered a vulnerability the developers of software
are unaware of and are able to use the vulnerability to map networks, export
data, and find potential opportunities for other attacks (Zankharia, S
(December 29, 2021). This is a big
problem for companies because there is no sure way to determine if someone
gained access to your system through one of these security holes and there is
also no way to discover what they found.
This means they could have found another breach you are still unaware of
and are utilizing it without your knowledge.
In order to stop this kind of security threat it is extremely important
to pay attention to Microsoft security announcements. Any time Microsoft becomes aware of a
vulnerability it releases a statement regarding the vulnerability and if able
provides a temporary solution or fix you can implement until they are able to
push out a fix through their normal update process. It is also recommended to use a security
software solution to help identify systems with vulnerabilities so they can be
fixed. Two systems I have used are
Tenable and Symantec Endpoint Protection.
Both of these companies provide a scanning service that will check any
machine they are installed on to ensure they have all the latest security
patches. Their sites also provide fixes
and recommendations to keep your systems safe.
References
- - Cisco (2021). What Is Phising.
Cisco.com. https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
- - Zankharia, S (December 29, 2021). Defend against zero-day exploits with
Microsoft Defender Application Guard. https://www.microsoft.com/security/blog/2021/09/29/defend-against-zero-day-exploits-with-microsoft-defender-application-guard/
Comments
Post a Comment