Vishing is also phishing. It uses voice VoIP communication technology for fraud—the criminals spoof calls from legitimate sources using voice over IP (VoIP) technology.
The victim can receive a recorded message that appears legitimate. Vishing works just like phishing, but it does not always occur over the Internet and is carried out using voice technology. Vishing attacks also use voice emails, landlines, and telephones.
It is not easy for authorities to trace vishing, especially when the criminals use VoIP. Criminals aim to get credit card numbers or other information to steal the victim’s identity. Vishing takes advantage of the fact that people trust the telephone network.
Smishing
Smishing is Short Message Service Phishing. It uses text messaging on cellular phones. Criminals masquerade as a legitimate source to gain the trust of the victim. It is an attack in which the user is tricked into downloading a Trojan horse, virus, or other malware into his cellular phone or other mobile devices.
Victims then enter their personal information, thinking they are connected to a legitimate site. Pharming also installs malicious code on a personal computer or server, misdirecting victims to fraudulent Web sites unknowingly. In pharming, more users’ computers get infected because it is not needed to target people one by one, just like phishing.
Some criminals send a code to an e-mail that modifies local host files on a personal computer. A computer with a compromised host file will redirect to the fake website even if a user types a correct Internet address.
Domain name system poisoning is another method of pharming. in which the domain name system table in a DNS server is modified so that someone wants to access legitimate websites but is directed toward a fake one. This method does not require changing the host file on the personal computer.
Anti-spyware programs cannot fix this pharming because nothing needs to be technically wrong with the end-users computers.
Gene pharming is another type of pharming. In this type of pharming, human proteins are produced from animal DNA alterations. These proteins are found in the blood, eggs, or milk of the animal. Therefore, livestock can produce several useful drugs.
Whaling
Whaling is also phishing. It targets high-profile targets, such as senior executives and government organizations. Criminals also target politicians and celebrities. Whaling is also called a whaling phishing attack.
The attacker’s goal of whaling phishing attacks is to manipulate the victim into authorizing high-value wire transfers to the attacker. Because of their high value, the whaling attacks are more complex to detect than standard phishing attacks. The security administrators in an organization can reduce the effectiveness of whaling attacks by providing security awareness training to the management staff.
The whaling attack tricks personal or corporate information through social engineering, email engineering, and content spoofing. The attackers may send emails from trusted sources, and some attackers may create a malicious website.
The attackers also provide the target’s name, job titles, etc. Whaleing attacks usually depend on social engineering. The attackers may send hyperlinks or attachments to infect victims with malware.
As I said in one of my earlier articles, phishing is easy to execute, and it requires minimal effort; therefore, many cybercriminals use this method. The criminals sent fake emails and text messages and created a website that looked authentic. They use email, messages, and websites to steal personal and financial information from users. This is also known as spoofing. It occurs when a cybercriminal sends a fake email masked as it is from a legitimate and trusted source.
An example of phishing is a bogus email that looks like it came from a legitimate source asking the user to click a link to claim a prize. The link may redirect to a bogus site asking for personal information, or it may install malware. Criminals are also used to get their target using the telephone or text message from someone posing as a legitimate institution to attract people into providing sensitive data such as identity, banking, credit card information, and passwords. Then, the information is used to access important accounts and can result in identity theft and financial loss.
Spear Phishing
Criminals attack extreme targets using spear phishing. Both phishing and spear-phishing use email to reach the victims. Criminals send customized emails to a specific person in spear phishing. They research the target’s interests before sending the email. For example, a criminal learns the target that he is interested in book reading. The criminal joins the same book discussion forum as a member, forges book reading links and emails the target. When the target clicks on the link, he or she unknowingly installs malware on the computer.
How phishing works
Phishing is prevalent with cybercriminals because it’s far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer’s defenses.
Its attacks generally transmit using social networking techniques applied to email, including voice calls, messages over the social network, SMS text messages, and other instant messaging modes. It may also use social engineering, including social networks like Facebook, LinkedIn, and Twitter, to collect information about the target’s interests, activities, and work history.
Before the attacks, the phishers expose the targets’ names, job titles, and email addresses. They also collect information about their colleagues, job titles, and key employees. Then, the data can be used to email a victim to get their beliefs.
Generally, a Phishing message appears to have been sent by a known contact or organization. There are two methods of attacks: through a file attachment with phishing software or links connecting to malicious websites. The third goal of phishers is to install malware on victims’ computers and trick them into divulging personal and financial information, such as passwords, account IDs, and credit card details.
Successful phishing messages generally represent a well-known company, but they are difficult to differentiate from authentic messages: Malicious links in the messages are usually well-designed. Subdomains and misspelled URLs are common tricks, as are other link manipulation techniques.
In the previous article, I discussed malware, including its types: viruses, worms, ransomware, trojan horses, logic bombs, back doors, and rootkits. This article should discuss malware types, spyware, adware, and scareware.
Spyware
A computer installs this software without the end-user knowledge, enabling a criminal to get information about the user’s computer activities. The spyware activities are keystroke collection, data capture, and activity trackers. The software violates the end user’s privacy and has the potential to be abused. So, it’s controversial software, and sometimes the computing device’s security settings change with this software. It usually merges itself with legitimate software or with Trojan horses. Moreover, many shareware websites are full of spyware.
Tracking software is inoffensive, and organizations use it to check employees’ browsing activities. Parents may also use a keylogger to check their kids’ activities on the Internet. The advertiser uses a cookie for tracking.
So, if the end-user remains to inform that information is collected with software, such data collection programs are not spyware. Spyware detection is too difficult. Often, the speed is the first sign to a user. The infected computer or device with spyware is a noticeable decrease in processor or network connection speeds, and in the case of mobile device data usage and battery life is decreasing too much.
Adware
Adware is an application that displays advertising banners while a program runs and generates revenue for its authors. It also analyzes user interests by tracking the websites visited and then sends pop-up advertising relevant to those sites. Some software automatically installs Adware with its installation. Some adware only shows advertisements, but it is common for adware to come with spyware. Adware is available for computers and mobile.
Scareware
Scareware is malware that tricks victims into purchasing and downloading useless and potentially dangerous software based on fear. Scareware generates pop-up windows that look like operating system dialogue windows.
The pop-up window conveys messages, generally stating that the system is at risk and antivirus or anti-spyware software, a firewall application or a registry cleaner is required. But, actually, there are no problems, and if the user agrees and allows the mentioned program to execute, the malware infects their system.
Email is a universal service for billions of people worldwide. It is one of the most popular services worldwide, but it has the highest vulnerability to Internet users. These e-mails are also known as “junk mail”, an unwanted email, the majority of an advertiser using these junk emails. However, criminals send harmful links, malware, or deceptive content through spam.
It aims to get sensitive information such as a social security number or bank account information. Most of the spam comes from different computers on networks infected by a virus or worm. These infected computers send out bulk emails as much as possible. Some of the common indicators of spamming are the following:
An email has no subject line.
An email is requesting an update to an account.
The email text has misspelled words or strange punctuation.
Links within the email are long and cryptic.
An email looks like correspondence from a legitimate business.
The email requests that the user open an attachment.
Repeating special chars in the mail Like!!!! Or $$$
Colors: There are many different colors in tags.
Repeated word keywords.
The E-mail recipient’s email address is missing.
Capital letters to all letters, especially in the subject line
Significant emails that contain lots of images or binaries
Huge images, about the size of 1600+ bytes of words
The high amount of blank lines in the message body
The date is a few hours before or after receiving or missing
Text and background color are the same or similar.
If someone receives an email containing one or more of these indicators, the receiver should not open the mail or any attachments in this mail. Nearly all email service providers filter spam, but sadly, it still consumes bandwidth, and the recipient’s server still has to process the message.
Why Spam is a Problem
It wastes people’s time and consumes more network bandwidth. Many organizations and individuals are fighting against spammers. But it is still impossible to prevent these junk emails. However, some online services have policies to stop spammers from spamming their subscribers.
Malware, or malicious software, is a program or file designed to disturb computer processes and operations or gain entrée to the computer system without the user’s knowledge or permission. Malware has become a common term for all hostile or intrusive software, computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
The above-mentioned malware and malicious software programs can perform a variety of functions, including stealing, encrypting, or deleting sensitive data, altering or hijacking core computing functions, and monitoring users’ computer activity without their permission. Cybercriminals target users’ end devices through the installation of malware.
Viruses
A virus is an executable code attached to another executable file. Most viruses require end-user initiation and can start at a particular time or date. They generally spread in one of three ways.
Removable media
Downloads off the Internet
Email attachments
Detecting a virus is not easy. The viruses can be harmless and just show a picture, or they can be destructive, such as those that change or delete data. To avoid detection, a virus changes itself into other shapes. A simple process of opening a file can trigger a virus.
The USB drive is the primary source of spreading a virus. A boot sector, file system, virus, or infected USB drives can reach the system’s hard disk. Executing a specific program can activate a virus program. Once the virus program is active, it will infect other computer programs or computers on the network.
Worms
Worms are also malicious code, just like viruses. Worms replicate by separately exploiting vulnerabilities in networks. This generally slows down the networks. The worms run independently. The worm only requires the participation of the user for initial infection, then it works independently.
Once a worm affects a host, it spreads very quickly over the network. Worms share the same patterns. They all have an activating vulnerability, a way to spread themselves, and a payload.
Worms are responsible for some of the most devastating attacks on the Internet. For example, in 2001, the Code The red worm infected 658 servers. Within 19 hours, the worm infected over 300,000 servers.
Trojan horse
A Trojan horse is another malware program that carries out malicious operations under the appearance of a preferred operation, such as playing an online game. This malicious code exploits user privileges that run on the system. A Trojan horse binds itself to non-executable files such as images, audio, video, and games.
Logic Bombs
A logic bomb is malicious software that uses a trigger to activate the malicious code in the operating system. Different types of triggers exist, such as dates, times, other programs running, or deleting a user account. The logic bomb remains inactive until a trigger event occurs.
Once the logic bomb is activated, it performs different functions, such as corrupting or altering data, reformatting a hard drive, and deleting important files. Specialists recently discovered logic bombs that destroy the hardware mechanism in a computer, including the cooling fans, CPU, memory, hard drives, and power supplies.
Ransomware
Ransomware restricts access to the user’s computer and files. It is a type of malware that displays a message and demands payment to remove the restriction from computers and files. It usually encrypts data in the computer with a key unknown to the user. The user must pay criminals to remove the restriction.
Some versions of ransomware use system vulnerabilities to lock down the system. The most common type of ransomware infection is an email containing a malicious attachment or a pop-up advertisement. Some ransomware propagates as a Trojan horse. Once the victim pays, the criminal sends a program that decrypts the data and files or sends an unlock code.
Backdoors and Rootkits
A backdoor is a method of accessing a computer without going through the normal access process, such as entering a name and password. It bypasses the normal authentication used to access a system. The Netbus and Back Orifice are examples of backdoor programs that allow unauthorized system users to access remotely.
The backdoor grants future access to cyber criminals even if the association fixes the original vulnerability used to attack the system. Generally, criminals have authorized users to innocently run a Trojan horse program on their machine to install the backdoor.
A rootkit is used to mask program files to help hackers avoid detection. It is also used to open a backdoor, allowing hackers to access a system without authentication remotely. Usually, rootkits use software vulnerabilities to perform privilege escalation and modify system files.
Rootkits modify system forensics and monitoring tools, making them very hard to detect. Generally, a user should wipe and reinstall the operating system of the infected computer with the rootkit. An example of a virus that installs a backdoor is Mydoom. It creates junk mail and sends it from infected computers.
Defending Against Malware and Malicious Software
There are a few steps to defend you against all forms of malware:
Antivirus Program –Most antivirus programs catch many forms of malware. However, criminals develop and set up new threats daily. Thus, keeping antivirus signatures updated is the key to a successful solution.
Up-to-date Software –Many types of malware reach their goal by exploiting operating system and application software vulnerabilities. Earlier, operating system vulnerabilities were the primary source of problems, but now, application-level vulnerabilities create the most significant risk. Operating system vendors are more responsive to patching and updating the system, but Unfortunately, most application vendors are not aware of application vulnerabilities.
Innovators and visionaries are two types of cybersecurity experts. These experts build different cyber domains of the Internet. They have the capability to find the power of data and bind it. They provide cybersecurity services and build special organizations for these services.
These organizations provide protection services to people from cyber attacks. These professionals must find threats and vulnerabilities because these are the main concerns of cybersecurity professionals. Two situations are critical:
When there is the possibility of a threat.
When vulnerability puts a target at risk of an attack.
For example, data in the hands of an unauthorized person can result in privacy loss for the owners, affect the credit of the owner, and put the career of the owner at risk. Google, Facebook, schools, hospitals, financial and government agencies, and e-commerce face the greatest risks for identity theft.
Large organizations like Google have the resources to hire top cybersecurity professionals to protect their servers and data. Many organizations build databases containing personal information about clients and people, and they need cybersecurity professionals, so the demand for cybersecurity professionals is increasing today. Cyber threats are unsafe for specific industries and the records they must keep up.
Types of Personal Records
The following are some examples of personal records from only a few sources.
Medical Records
Thieves can sell personal health information on the Internet black market. They can use personal medical credentials to get medical services and devices for themselves and others or bill insurance companies for phantom services in your name.
Patients’ electronic health record (HER ) includes physical health, mental health, and other personal information that may not be medically related. For example, a person may go to a checkup as a child because of major changes in the family. This will be somewhere in his medical history, so with a medical history and personal information, the record may also include information about that person’s family. Several laws shield patient records.
Many medical devices use the cloud platform to enable wireless transfer, storage, and display of clinical data like heart rates, blood pressure, and blood sugars. These medical devices can produce a huge amount of clinical data that can become part of a medical record.
Education Records
Education records include grades, test scores, attendance, courses taken, awards, degrees awarded, and disciplinary reports. The education record may also include contact information, health and vaccination records, and special education records, including individualized education programs (IEPs).
Employment and Financial Records
Employment records also include personal information, salary, and insurance information. Financial records are beautiful data for cybercriminals. They may contain income, expenditures, and credit card data. Tax records could include paycheck stubs, credit card statements, credit ratings, and banking information. Cybercriminals can use their credit cards to purchase or sell on the black market.
Authentication Details
The information about access to the online system is precious on the black market. This is the habit of a human using the same password for online accounts. So if someone manages to get hold of your Facebook or email password, they will mainly be able to log into any of your accounts.
Threats to Internet Services
There are many technical services needed for operating the Internet. The required services are routing, addressing, domain naming, and database management. Without these services, the Internet is not possible. These services of the Internet are also primary targets for cybercriminals.
Cybercriminals use a different technique to capture data streams over a network. These techniques put in danger all sensitive data, such as username, password, and credit card information.
These techniques included botnets, DDoS, hacking, malware, pharming, phishing, ransomware, spam, DNS Spoofing, and Man-in-the-Middle. Criminals also used these techniques to monitor and record all information coming across a network. Following is a short explanation of the above method.
Botnets
Botnets are largely undetected because they collect software robots, or ‘bots’, which create a group of infected computers known as’ zombies’. Zombies are remotely controlled by their originator. You may be one of them, and you may not even know it.
Distributed denial-of-service (DDoS)
A distributed denial-of-service attack, or DDoS attack, occurs when an infected user uses a network of zombie computers to sabotage a specific website or server.
The attack occurs when the malicious user tells all the zombie computers to connect to a particular server or website repeatedly. This increases the volume of traffic on that specific server or website, resulting in overloading that slows the server and website for legitimate users; sometimes, the website or server shuts down completely.
By using a malicious user computer, the attacker can also take advantage of security vulnerabilities and weaknesses and could take control of your computer. The attacks are “distributed” because the attacker uses several computers to launch the denial-of-service attacks.
Hacking
Hacking is an expression that explains actions someone takes to gain unauthorized access to a computer. It is a process by which cybercriminals gain access to any computer connected to the internet.
Pharming
Pharming is another type of online fraud. It means pointing the user to a malicious and illegitimate website and redirecting the legitimate URL to a fake website, even if the entered address is correct.
Phishing
Phishing is easy to execute and requires very little effort, so many cybercriminals use it. Criminals send fake emails and text messages and create websites that look authentic. They use email, messages, and websites to steal personal and financial information from users. This is spoofing.
Ransomware
Ransomware restricts access to the user’s computer and files. It is a type of malware that displays a message and demands payment to remove restrictions from the computer and files. An email with a malicious attachment and pop-up advertisement is the most common type of ransomware infection.
Spam
Spam is another standard method of sending information out and collecting it from unsuspecting people. Spam distributes unsolicited messages, advertising, or pornography to addresses that are easily available on the Internet through social sites, company websites, and personal blogs.
Spoofing
This technique is also used to associate with phishing in trying to steal information. Domain Name Service (DNS) translates an IP address into name and Domain name into IP address; such as www.networkustad-a2bb2f.ingress-alpha.ewp.live, into its numerical IP address and vice versa.
If a DNS server does not know the IP address of the required domain, it will ask another DNS server. Using DNS spoofing, the cybercriminal introduces fake data into a DNS resolver’s cache. These attacks develop a weakness in the DNS system’s software that causes the DNS servers to send traffic for a particular domain to the criminal’s computer instead of the valid owner of the domain.
Man-in-the-Middle attack.
They also use irregular devices, such as unsecured Wi-Fi and access points. If the criminal installs unsecured Wi-Fi near a public place, unsuspecting people may sign in to these devices, and the packet sniffer copies their personal information.
Packet forgery or packet injection interferes with established network communication by constructing packets to become visible just as they are part of communication. This allows a criminal to interrupt or catch real packets. With this process, a criminal can hijack an authorized connection or deny an authorized person the ability to use assured network services. This is a man-in-the-middle attack.
Thwarting cybercriminals is not an easy task. However, companies, governments, and organizations have started to take parallel action to limit and discourage cybercriminals. The following are actions thwarting cybercriminals.
They are creating early warning system sensors and alert systems. The system is too costly, so, therefore, it is impossible to watch each network. Organizations only watch high-value targets because these high-value targets have more chances of experiencing cyber attacks.
They are creating complete databases of identified system vulnerabilities and attack signatures. Organizations distribute these databases over the globe to help prepare for and keep away from many common attacks.
We are establishing information security management standards for national and international organizations.
Sharing of cyber intelligence information between the organization and nations. Government agencies and countries now work together to share critical information about severe attacks to prevent similar attacks in other places. Several countries have organized cyber intelligence agencies to work together worldwide in warfare, especially in major cyber attacks.
They are making new laws to discourage cyber attacks and data breaches. These laws also have strict penalties for cyber criminals caught engaging in unlawful actions.
The following are the measures for thwarting cybercriminals and a brief explanation of each.
Vulnerability Database
The National Common Vulnerabilities and Exposure (CVE) was developed as a national database to give a publicly available database of all known vulnerabilities. CVE is a list of entries containing the identification number, description, and at least one public note for publicly known cybersecurity vulnerabilities.
Early Warning System
Cyber early warning systems (CEWS) aim to alert such attempts in their growing stages. The design and implementation of such systems involve many research challenges.
The Honeynet Project is an international security research organization investigating the latest attacks, developing open-source security tools to improve Internet security, and learning how hackers behave. It is an example of an Early Warning System. The project also provides a HoneyMap, which displays attacks in real time.
Share Cyber Intelligence
Sharing cyber information and intelligence is a technique to prevent hostile cyber-attacks. InfraGard is a partnership between the FBI and the private sector, which is an example of the widespread sharing of cyber intelligence.
ISM Standards
The ISO/IEC 2700 standards are an example of information security management standards. They are also called ISO 2700 standards. The ISO/IEC 2700 standards help organizations keep information assets secure, such as financial information, intellectual property, employee details, or information entrusted to them by third parties. They are the best-known standard in the family, providing requirements for an information security management system (ISMS).
New Laws
ISACA is a self-governing, nonprofit, global association that tracks laws related to cybersecurity. It is previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only.
These laws address personal privacy for the protection of intellectual property. These laws include the Cybersecurity Act, the Data Breach Notification Act, the Federal Exchange, and the Data Accountability and Trust Act.
The typical cybercriminals in the cyber world in the early days were youngsters or hobbyists. Their attacks were generally limited to pranks and vandalism. But now, cybercriminals have become very dangerous. The attackers are individuals or groups. They try to make use of the vulnerabilities for their mission. These criminals are interested in credit cards, product designs, and anything with some value. The type of cybercriminals are the following:
Amateurs
Amateurs are also called script kiddies. They have only some skills and want to be hackers. They lack any serious technical expertise and usually use existing tools to start attacks. Some are just curious, and others try to show their skills and cause damage. They are just using basic tools and usually can attack very weakly secured systems, but the results can be very destructive.
Hackers
The term hacker is first used in the early days of the 1960s. It describes a programmer or somebody who can hack computer code. Usually, they work secretly and create tools for hacking. They often break into computers or networks to gain access for various reasons. The goal of the break-in determines the categorization of these hackers as white, grey, or black hats. The figure below illustrates the type of hackers.
White Hat Hackers
These are ethical hackers who use their programming skills for good and legal processes. They break into networks or computers with the permission of the owners to find weaknesses in these systems and improve security aspects. White hat hackers use their skills to discover network vulnerabilities and report to developers and owners for fixing these issues before the vulnerabilities can cause damage.
Black Hat Hackers
The black hat attackers are people who take advantage of any vulnerability for illegal missions. Blackhat hackers are unethical hackers. These hackers compromise the network permission for their gain. They also attack a network for malicious.
Gray hat hackers
These hackers are between white and black hat attackers. The grey hat attackers may find the vulnerability and report it to the system’s owners to fix the problem. Some grey hat hackers publish the facts about the vulnerability on the Internet so that other attackers can exploit it.
Organized Hackers
These are cybercriminals’ organizations, including hacktivists, terrorists, and state-sponsored hackers. These criminals are generally groups of skilled criminals focused on control, power, and wealth.
Hacktivists
Hacktivists are cybercriminals who make political statements to raise awareness of different issues regarding their rights. Hacktivists also publish awkward information about their victims publicly.
State-sponsored
State-sponsored attackers collect intelligence or situate damage on behalf of their government. These attackers are very high and well-trained. Their attacks focus on particular goals that are helpful to their government. These attackers are usually members of their country’s armed forces.
Weaknesses of the network which is intrinsic in every network and its device which included routers, switches, servers, desktops and even security devices e.g. firewall etc. Usually, the endpoints, such as servers and desktop computers, are under attack.
Defending the privacy of information, securing from unauthorized access and shielding the network against attacks is the primary issue of network security professionals today. There are three primary vulnerabilities of the network. Which lead to various attacks on the network, including malicious code attacks and network attacks.
Technological
HTTP, ICMP, and FTP are insecure. SMTP and SNMP are related to the insecure structure upon which TCP was designed. The operating system UNIX, Linux Mac OS, Mac OSX, Window has the security problem. The network administrator must consider these problems.
There are various types of network equipment, such as switches, routers, and firewalls. These all have security weaknesses, including password protection, lack of authentication, protocols, and firewall weaknesses that must be acknowledged and protected.
Configuration
The vulnerabilities of the configuration are the following:-
The transmission of user account information over an insecure network exposes usernames and passwords.
Passwords and usernames, which are quickly figured out, are another common vulnerability. The system account password must contain an uppercase letter, lowercase letter, figures, and signs.
JavaScript in the web browser, enabling attacks by hostile JavaScript when accessing untrusted sites.IIS, FTP, and terminal services also pose problems
The difficult setting of devices enables security holes.
Misconfiguration of the equipment is also a big security problem.
Security policy
The vulnerabilities of security policy are the following:-
The security policy must be available in written form.
Default passwords and poorly chosen passwords like dictionary words can easily allow hackers unauthorized access to the network.
Unauthorized changes to the hardware and software which not meet the policy can create security risks.
Security Threats to network are an emergent problem for the individual as well as organizations in the whole world, and the security threats become worse and multiply day by day. Computer networks are necessary for everyday activities and both Individuals and organizations depend on their computers and networks.
Intrusion to these computers by an illegal person can result in a network breakdown and loss of data and work. Attacks on a network can be disturbing, resulting in a loss of time and money due to damage or theft of significant information.
The Intruders can enter the network through software vulnerabilities, guessing someone’s username and password, and hardware attacks. An intruder is an individual, commonly called a hacker or software, that enters a computer without authorization. When an intruder (hacker) successfully gains access to the network, four types of security threats may happen:-
Loss of Data and manipulation
When a hacker successfully enters someone’s computer, he destroys or alters data records. Examples include sending a virus reforming a computer’s hard drive and breaking into a records system to change information.
Information Theft
In this case, an intruder accessed the computer and obtained confidential information. The intruder used this information for different purposes and also sold it.
Identity Theft
The individual usually obtains the personal document on their personal computer. The intruder stole this personal information. Using this information, an intruder can get legal documents, make an unauthorized purchase, and apply for credit.
Disruption of service
If the intruder can’t get in, he tries to ensure that no one else can. This is the Dos (denial-of-service attack). This kind of security threat does not try to get information directly. Depending on which service crashes under the load, its effect can expose other previously protected resources.
Physical Security Threats
Physical security is another crucial aspect of network security. The elements of physical security must be dealt with in the organizational policy. Physical security threats have four classes:
Hardware security threats– this is a security threat related to hardware. It damages network devices, servers, and workstations.
Electrical threats—This threat concerns the input voltage. The voltage may be insufficient, spike, unconditioned, or loss of power.
Maintenance threats—This threat concerns poor handling of electrical components, poor cabling and labeling, and a lack of spare parts.
Environmental threats—Environmental threats are also significant. Temperatures that are too hot or cold and humidity that are too wet or dry are ecological threats.
To Limit the physical damage to equipment, make a security plan as follows:-
Lockup equipment
Prevent unauthorized access
Maintain electronic logs of entry and exits
Use security cameras
The figure below illustrates a general floor plan for a secure computer room for a network.
Defense Against Threats
In defending against network attacks, there are four sets of tools that will help you keep your network secure against unauthorized access, monitoring, and network attacks: management, firewall, encryption, and endpoint security.
Management
Management is the primary defense against network attacks. The following actions should be implemented in configuration management against network attacks.
Backup, Upgrade, Update, and Patch
The machines in the network should be running up-to-date because the latest update can provide more effective defence against network attacks. Whenever new malware is released, the operating systems need the latest update with the latest antivirus software. The best way to keep up-to-date against network attacks is to download security updates and patches from the operating system vendor.
The management needs to create a central patch server for critical security patches. All other systems must have access from time to time. Any required security patches not installed on a host are automatically downloaded from the server and installed automatically for user intrusion.
Backup is essential when defending against network attacks. Each computer should have the latest copy of the backup. All configuration files in your Operating Systems or Applications should have enough security.
Authentication, Authorization, and Accounting
Authentication, authorization, and accounting (AAA) network security services provide primary access control on a network device. AAA authenticates and controls access to a network; it also controls the users’ what they can do while they are logged in.
Passwords
The password is very important to protect network devices against attacks. It is important to use strong passwords rather than the default password or an easy password. For passwords, implementation follows the below steps.
Use a complex password, including uppercase letters, lowercase letters, numbers, symbols, and spaces, only if allowed.
Use a minimum of 8 characters password, preferably 10 or more characters.
Do not use common dictionary words for the password.
Avoid passwords based on repetition, number sequences, letter sequences, usernames, relative or pet names, and misspell words.
Do not use biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable information.
Change passwords often.
Do not write passwords down and leave them in precise places.
Following are examples of passwords
Weak Password
Amrick
Michel
Yasir
Nokia
Khan1975
1234567
Strong Password
P@12>fo<ur^1978
No ^^&34@fsc^hub
On Cisco routers and switches, leading spaces are ignored for passwords, but spaces after the first character are part of the passwords. The passphrase is a password that uses the space bar to create a phrase of many words. The passphrase is also a strong password.
Firewalls
A firewall is the most efficient security tool for protecting users from network attacks. The firewalls exist in between two or more networks, controlling traffic and preventing unauthorized access between them. End systems also use a personal firewall. The following are different techniques that use a firewall for filtering:
URL filtering prevents or allows access to websites using Keywords or URLs. Packet filtering uses a MAC address or IP address to prevent or allow access.
Application filtering – Prevents or allows access by specific application types.
State full packet inspection (SPI) – Incoming packets must be valid responses from internal hosts. Voluntary packets are blocked unless permitted particularly. SPI also recognizes and filters specific types of attacks.
Encryption
The administrator can use encryption as a defense against network attacks. It can give protection against eavesdropping as well as sniffer attacks. Internet Protocol Security (IPSec), Private Key Infrastructure (PKI), and Virtual Private Networks (VPN) can also secure a network against attacks.
Endpoint Security
Individual computer (host) system or device that acts as a network client, common endpoints are laptops, desktops, servers, smartphones, and tablets. Securing and preventing these devices from a network attack is the most challenging task for a network administrator.
Securing endpoints must have well-documented policies, and the employees must be aware of these rules. The employees must be trained for proper using the network. The policies also include the use of antivirus software and host intrusion prevention.
