As people and companies use computers for more personal and business activities, the impact of security breaches increases, as does the lure of breaching security (Vahid, 2019). Security measures are needed to protect the information in computers and devices, to protect from both information loss and information theft.
Innocent Pings
Ping is a command that can be executed from the command line of most computers that have operating systems that support command lines. It is typically a harmless command with a simple task of determining whether some specific other computer is reachable on the network. But the ping command can be used for evil.
Photo by Markus Spiske on Unsplash
A Denial of Service attack (DOS), is used to cause a computer (typically a web server) to be dysfunctional for a limited time (during the time of the attack). This makes the server unavailable for use by legitimate users. Traditionally, pings are what is used for DOS attacks. While normally a few pings are harmless, hundreds of thousands of them every second disable the server’s functionality.
Denial of Service Disables Computers
According to research (Kumar, 2006), the victim server is disabled in two ways. One goal of an attack is to flood the network connection to the server with enough pings per second to fill the network connection traffic capacity, thus crowding out legitimate network activity. The other problem the victim server has is processing the pings. Normally the ping protocol requires the recipient to return a ping reply message back to the machine that sent the ping. This is a trivial task with only a few pings, but with hundreds of thousands of ping requests per second, the CPU generally cannot keep up. The CPU(s) is so busy it cannot reply to all pings, nor can it do other important tasks.
Social Engineering
Social engineering (in the context of information security) is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes (google). This can be as simple as the hacker calling the victim on the phone, posing as a technical support person, and asking for the victim’s login credentials. Phishing is related to social engineering.
The latest new form of social engineering works when an account is protected by Two Factor Authentication (2FA). To authenticate, the user enters her credentials normally, and wait for their phone to confirm the login. Ideally, the phone gives a code that the user types in to complete her login. With some 2FA (like the author’s employer) the phone alert merely asks whether to allow the login or not. For this case where no code needs to be typed in, the hacker that has the credentials but not the victim’s phone, he can enter the credentials and wait for the victim to approve it. Usually, the hacker has a program to do this many times until the frustrated victim presses the approve button (Abrams, 2022).
Where Humans are the Weak Link
Computer systems are vulnerable to social engineering because they are generally programmed to trust the credentials. The computers are required to allow the legitimate user to log in and do work. The user is the vulnerability in this case. The hacker gains the same power as the legitimate user and is free to steal or damage all the information that the user has access to.
All Employees Must be Wise
To protect against social engineering, the users need to be trained in security. This training is the most important and can take as little as an hour per year. Additionally, Two Factor Authentication (which preferably requires a one-time code) can help (Abrams, 2022).
Email Spam
Undesired emails may seem merely annoying, but they do cause other problems. One problem is just the huge quantity of these unsolicited emails that consume internet bandwidth, CPU power, and user time. In April 2012, spam was 77% of global email traffic. Another problem is that a high percentage of spam is unethical: they contain viruses or promote costly scams or are phishing messages (Dada, 2019). Spam is therefore dangerous to computer security. They deliver those other categories of computer threats to your computer.
Photo by Hannes Johnson on Unsplash
Many email providers provide junk email filters with sophisticated machine-learning algorithms, and many of those work pretty well (Dada 2019). So again, email user education is important, and users and businesses should always have good spam filters enabled. In the author’s employer’s case, they inject a red warning at the top of every email that comes from outside the company and automatically removes all spam. They also have a system for employees to easily report emails that are suspected security threats. This works well there when employees cooperate.
Conclusion
Threats to computer security are real and need to be addressed. For most threats, user support of computer safety policies is the most important factor. However, there are other remedies that help a lot. The threat may change somewhat in the future but will always be present.
Comments
Post a Comment