There are many ways to compromise the network components that information systems depend on to inter-operate. Two such ways use the Ping command to attack a networked computer. The first method is called command injection, where a system vulnerability in web servers and routers allows a second command after a terminated ping request (CTF 101, n.d.). A skilled attacker can elevate permissions and execute additional code. The second method is a Denial-of-Service (DoS) attack. A single machine targets a web server with multiple ping requests to overload the server (Cloudflare, n.d.). This prevents users from accessing server content, hence the name, Denial-of-Service.
Computer viruses are another way to compromise systems. A virus is a self-replicating piece of computer code designed to harm or hinder a computer (Torres, G, 2018). Computers are vulnerable to viruses because they must access data from external sources to get work done or provide entertainment. Typical symptoms of having a virus is a slow running computer, programs that open themselves, or pop-up warnings for conditions that do not exist. Viruses can inflict damage by deleting, corrupting, or encrypting files. To protect a system against viruses, install a reputable anti-virus application, and keep its virus definitions up-to-date. Be careful accessing content on websites or external storage; think before you click.
Social engineering is the least understood and has the most potential for damage because it manipulates the most vulnerable component of an information system, the interface between the input and the output; the human. The best anti-virus application cannot protect a system from its operator. Bad actors know this and use every trick they can think of to fool a targeted victim.
A well-known example of social engineering is a telephone call from Microsoft support. An attacker convinces an unsuspecting individual that something is wrong with their system and asks to establish remote desktop access for troubleshooting. If access is allowed, the attacker installs malicious software masquerading as a diagnostic tool. This tool spoofs problems which the attacker offers to fix for a fee. The individual is damaged financially and is embarrassed when they learn they were tricked. Their system is no longer trustworthy because of the malicious software installed and will need professional service or replacement. Organizations can protect systems from social engineering by requiring their employees to complete cybersecurity training. These employees, in turn, should share lessons learned with their friends and loved ones.
Information and system security are important to individuals and organizations in the modern economy. Cybersecurity encompasses information and system security. Organizations have a responsibility to keep us safe by investing in cybersecurity and training. Individuals will benefit from learning more about cybersecurity, and that will result in safer computing for all.
References
Capture The Flag 101. (n.d.). What is command injection?. CTF 101. Retrieved from ctf101.org/web-exploitation/command-injection/what-is-command-injection/
Cloudflare, Inc. (n.d.) Denial-of-service. Retrieved from www.cloudflare.com/learning/ddos/glossary/denial-of-service/
Torres, G. (2018 December 18) What is a computer virus. AVG. Retrieved from www.avg.com/en/signal/what-is-a-computer-virus/
Zwass, m. (2016 February 10). Information security. Britannica. Retrieved from www.britannica.com/topic/information-system/Information-system-infrastructure-and-architecture/
No comments:
Post a Comment