Network Security

            Information system security is important for individuals & organizations due to the threat of loss of information due to hackers, viruses, & overall vulnerabilities to attackers looking to exploit confidential & sensitive information of a person, company, or government agency. Pinging is known to be used as a diagnostic tool for troubleshooting and gathering computer specific data, but it is also used by hackers to attack vulnerable targets. There are various types of commands that can be used, two specifically are referred to as the “Ping of Death” & ICMP Tunneling.

The “Ping of Death” or the formal term Denial of Service (DoS), is a common method where a hacker will send oversized Internet Control Message Protocol to a target, that exceed the maximum capacity of the computer. By doing this, it can cause the system to become unresponsive & in most cases if done right will crash or reboot multiple times, making the device inoperable.

ICMP Tunneling is a method used to exploit sensitive information. Being that ICMP is normally permitted through firewalls, for such things as pinging, it can go undetected if the proper cybersecurity protocols are not established for the system. Attackers can infiltrate a system using ping commands to then transfer sensitive or confidential from a targeted computer.

            One computer security incident is referred to as “phishing”. Phishing is the method of sending fraudulent emails or messages via a computer or cellphone, posing as a legitimate source, to an intended target. This is done for monetary gain, or to obtain sensitive information such as account or credit card numbers, & social security numbers for further exploitation such as identity theft. Large businesses & government agencies are a common target.  IBM cybersecurity analysts concluded that 95% of successful cyberattacks resulted from human error. This further supported their statement that employees are more susceptible to well-crafted and targeted email messages, making them a vulnerable target. In the military for example, we are taught not to open or answer suspicious emails, and to report them to our cybersecurity office immediately. This type of incident, if successful, can not only cause harm to the victim in personal ways but can also damage a company or agency’s reputation, or financial stability. Another recommendation would be to enable spam filters, this will automatically move unsolicited emails to a junk folder leaving the user unaware & unbothered by the potential threat.

            Password Cracking is another common security incident. Passwords have been used even before the invention of computers and still prove to be a strong authentication tool. However, due to the vast advancement of computer devices, passwords have seen some drawbacks, such as lost or stolen passwords, or week passwords that are easily crackable. Using simple passwords such as birthdays, or individual names make it easy for hackers to gain access into social media profiles, bank accounts, etc. This method can harm an individual or business because it can be hard to refute transactions, messages, & posts because the hacker is under the disguise of the victim’s profile. Most if not all banks have measures in place to flag suspicious purchases that will then ultimately shut the card off or temporarily block specific transactions of certain amounts. According to a professor of Civil Engineering, Arun Prakash, token based techniques, such as key cards, bank cards and smart cards are widely used. Many token-based authentication systems also use knowledge-based techniques to enhance security.

         My recommendation would be simply to use a unique password with letters, numbers & symbols. I would not complicate it to where I cannot remember the password or have to write down as it could be stolen. Make a complex password that only you will know & remember. Additionally, I would not use the same password for every account. Many companies have had data breaches, which include customer account passwords. If a person is using the same password for every program, and a data breach occurs, it leaves that person susceptible to further exploitation across other accounts hackers may be targeting.