Computer threats and steps for protection
Computers are great tools for all kinds of tasks, from daily organizational tasks, to automating extensive workloads. Though computers are increasingly used to ease the lives of workers and everyday people, computers may also be used for malicious tasks. Some of these tasks can be relatively harmless, such as SPAM emails to drive more customers to a possibly legitimate business, or very harmful tasks, such as stealing banking information, or infecting computers with viruses to be used in a botnet. With the increase in computer usage and literacy, also comes an increase in these cyber-attacks. Being a responsible user of computers also means keeping an eye out for various scams and attacks.
Ping of Death and Denial of Service
previously we explored the use of the ping commands to check network connection to various websites, including connection speed and strength. A responsible user will utilize ping commands to diagnose connection issues. Those with more malicious intentions may use ping commands for a type of Denial-of-service attack (DoS) named a ping of death attack (FORTINET, n.d.). The attacker accomplishes this by sending oversized data packets to their target, causing destabilization or a freeze. The attacker sends packets in fragments that when reassembled by the receiving server are larger than the maximum Byte size limit (FORTINET, n.d.). This attack is an old one so many newer systems have protections in place, however some legacy equipment may still be vulnerable. If this attack is utilized by a group of computers in a botnet, this attack turns into a Ping Flood (CLOUDFLARE, n.d.). To protect against these attacks, you should begin by ensuring equipment software is up to date. Next you may consider implementing a firewall to block ICMP ping messages, however this may not work against attacks sent via FTP (FORTINET, n.d.). You may also choose to block fragmented pings and increase memory buffers (FORTINET, n.d.).
Computer threats and steps for protection
Computers are great tools for all kinds of tasks, from daily organizational tasks, to automating extensive workloads. Though computers are increasingly used to ease the lives of workers and everyday people, computers may also be used for malicious tasks. Some of these tasks can be relatively harmless, such as SPAM emails to drive more customers to a possibly legitimate business, or very harmful tasks, such as stealing banking information, or infecting computers with viruses to be used in a botnet. With the increase in computer usage and literacy, also comes an increase in these cyber-attacks. Being a responsible user of computers also means keeping an eye out for various scams and attacks.
Ping of Death and Denial of Service
previously we explored the use of the ping commands to check network connection to various websites, including connection speed and strength. A responsible user will utilize ping commands to diagnose connection issues. Those with more malicious intentions may use ping commands for a type of Denial-of-service attack (DoS) named a ping of death attack (FORTINET, n.d.). The attacker accomplishes this by sending oversized data packets to their target, causing destabilization or a freeze. The attacker sends packets in fragments that when reassembled by the receiving server are larger than the maximum Byte size limit (FORTINET, n.d.). This attack is an old one so many newer systems have protections in place, however some legacy equipment may still be vulnerable. If this attack is utilized by a group of computers in a botnet, this attack turns into a Ping Flood (CLOUDFLARE, n.d.). To protect against these attacks, you should begin by ensuring equipment software is up to date. Next you may consider implementing a firewall to block ICMP ping messages, however Disabling ICMP functionality will not allow ping attacks through but may disable all network activities that require ICMP (CLOUDFLARE, n.d.). The best solution may be to hire a DDoS protection service to intercept ICMP traffic before it reaches the intended target.
 |
| Ping of Death Note. From: Markova, V. Ping of Death (PoD) – What is it, and how does it work?[Image 1]. (2023). ClouDNS. https://www.cloudns.net/blog/ping-of-death-pod-what-is-it-and-how-does-it-work/ |
Phishing Scams
Some other attacks to be wary of are Phishing scams, and password cracking. You may be familiar with Phishing scams, as many employers routinely send fake phishing emails to keep employees aware of the risk. A phishing scam may appear to be from a legitimate source (typically emails or texts) but may include fraudulent links in an attempt to obtain sensitive data or steal money. Another form of phishing that is becoming more prevalent with the use of AI is voice phishing, via a call that sounds legitimate. The best protection against phishing is to be aware and look for signs of phishing. Phishing scams may often include spelling errors and come from an unknown source. hovering over the link to analyze the URL and checking for spelling errors may help you identify a phishing email (CISCO, n.d.). More online safety tips include never giving out personal information over email, never clicking on links from unknown sources, and keeping your browser updated (CISCO, n.d.).
 |
| Phishing Note. From: Excellence IT. Phishing Email Examples by Cyber Security Experts. [image 1]. (n.d.) https://excellence-it.co.uk/insights/look-at-these-phishing-email-simulations-would-you-be-fooled/ |
Password Cracking
Password cracking occurs when an unauthorized individual obtains your password, through software or even via the forgotten password actions (Gillis, n.d.). Cybercriminals use password crackers to guess passwords and prepare hashes to decrypt passwords after retrieving them from a computer's memory. Without going into too much detail, there are many methods a password cracker may use to find a password, including brute force, dictionary search, phishing, malware, and guessing (Gillis, n.d.). Some steps to protect yourself against password crackers include creating a strong password with a variety of characters, avoiding using easy to guess words, never reusing old passwords, and changing passwords regularly.
 |
| Password Cracking Visualized Note. From: Timmerman, C. Account Safety 101: What is Password Cracking? [Image 1] (2024). IPVANISH. https://www.ipvanish.com/blog/what-is-password-cracking/ |
Final Thoughts
Computers provide significant benefits in both personal and professional tasks, however, they also introduce serious risks when used maliciously. Attacks like phishing scams, password cracking, and denial-of-service exploits highlight the importance of staying vigilant in our digital activities. Users must take proactive measures, such as maintaining strong passwords, utilizing firewalls, and ensuring software is updated regularly, to protect their data. By remaining informed and cautious, we can minimize the potential threats that come with increased connectivity.
References
CISCO.
(n.d.). What is Phishing?. https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html
CLOUDFLARE.
(n.d.). Ping (ICMP) flood DDoS attack. https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/
Excellence IT. (n.d.) Phishing Email Examples by Cyber Security Experts. https://excellence-it.co.uk/insights/look-at-these-phishing-email-simulations-would-you-be-fooled/
FORTINET. (n.d.). What Is a Ping of Death Attack?. https://www.fortinet.com/resources/cyberglossary/ping-of-death#:~:text=A%20ping%20of%20death%20attack%20is%20a%20type%20of%20denial,Protocol%20(ICMP)%20ping%20messages.
Gillis, A. (n.d.). password cracking. TechTarget. https://www.techtarget.com/searchsecurity/definition/password-cracker#:~:text=Password%20cracking%20is%20the%20process,obtain%20unauthorized%20access%20to%20resources.
Comments
Post a Comment