Thoughts on Network Security

 

Network threats change constantly as malicious actors study around the clock for system vulnerabilities. These potential weak spots are not always in a network’s hardware. Most often, they are the human components. Targeting humans as a weak link in a system is not a new practice. Email spam and phishing attacks focus on human error to get into personal and business computers. On the other hand, DDoS attacks are skewed more toward business servers to cause damage to the company.

Email Spam & Phishing

Email spam and phishing use the same delivery mechanism but have different purposes. Email spam is designed to deliver a malicious code payload to your computer through interaction with a corrupt email. Email spam can be a false advertisement or generic email with a clickable link that downloads viruses, malware, or spyware to infect the computer. This malicious code can wreak havoc on your system and even copy files to the attacker, or they can utilize your location information, camera, and microphone, violating your privacy. Victims of such attacks typically don’t discover the virus until the computer begins to perform extremely slowly and or it begins to control itself. To get rid of the virus, the computer needs to be wiped by an IT professional. “In a typical phishing attempt, a hacker pretends to be someone the victim trusts, like a colleague, boss, authority figure, or representative of a well-known brand. The hacker sends a message directing the victim to pay an invoice, open an attachment, click a link, or take some other action” (Kosinski, 2024, What is a Phishing Attack?, para. 3). This website or link may seem legitimate. Still, it is a duplicate for the attacker to save your login credentials. The attacker will then use that information to log in as you to perform nefarious acts. Most victims do not realize the problem until it’s too late. For instance, with banking information, the victim does not know they have been robbed until their bank account is empty and it’s time to pay bills. This method could also install nefarious code like email spam. The two best ways to mitigate phishing or email spam are with an offensive and defensive approach. The best offense is to have a robust spam or junk filter on your email to limit the amount of interaction with phony emails. The best defensive strategy would be to train yourself to look for email typos and errors while being extra cautious with urgent emails. Arguably, you can go as far as not clicking emails and following up with the company in the email separately on another tab.

DDOS Attack 

DDoS attacks or Distributed Denial of Service attacks are a way to overwhelm a server. These attacks are designed to bring a business service down by flooding the server or router with “Pings” or “hello packets” overwhelming the system so it will ignore legitimate customers. This attack harms a business’s reputation or can stop an online shop from producing revenue, causing a loss of market share by promoting downtime and inactivity (Sansone, I.). The attacks can even leverage the attack from ransom money to stop the attack and allow the business to resume normal operations. A company can limit these attacks by disabling ICMP or by IP filtering. The ICMP block is a mechanism in which the router responds to “PINGS” outside its subnet mask. IP filtering is a similar action that allows traffic from specific IP blocks or denies traffic, depending on how the filtering is set up.