Network Security

     Three common methods of attacking computer systems are denial of service attacks, phishing, and social engineering. According to Deris, “Denial of service (DoS) is the most popular method used to attack IoT networks, either by flooding services or crashing services. Intrusion detection system (IDS) is one of the countermeasures for DoS attack. “(Deris, 2021). Another common method is turning off responses to ping requests when a network is at high risk. By allowing these types of attacks to continue, network administrators risk the business usability of their systems. Often, this is discovered by slowness in response. Customers will complain that systems are unusable. In their testing of the impact of DDoS attacks, Yihunie found that “The attacked server stopped responding after 45 minutes because of the severe impact of the DDoS attack on that server.“(Yihunie, 2018). This is not very long in the scale of things, and identifying it is essential to keeping company systems available for real traffic.

            Phishing attacks are another reliable method for hackers to enter computer systems. By subtly altering logs and links, hackers can convince employees that they are responding to legitimate requests. Posing as company HR, popular subscription services, or adding urgency to the request are great ways to motivate a user to click on a link without inspecting it carefully.

Per Qahri-Saremi, “Social media phishing attacks persist because people are prone to inattentively engage in gratifying, tempting behaviors, such as engaging with messages from people they do not know. “(Qahri-Saremi, 2023). With inboxes full, rushing through emails to clear a worker’s plate for other assignments is common. This can expose the company to creatively formatted requests where the user reveals confidential information or security information. Ways to avoid these attacks include validating that the links you will click on are typed correctly and validating any request for urgent requests with the departments mentioned by the request.

            Social engineering is different from phishing, usually through direct communication with employees. Salama states, “Social engineering is the art of fooling or manipulating someone into giving their personal and sensitive information through a digital environment.” (Salama, 2023). In this case, a common attack vector allows people to enter passkey-locked doors when the people following the employee are unknown. A social engineer will try to pass as a real employee, gaining internal access to systems once they pass the doors. They will find network access or unused workstations, giving them attack vectors to the company inside network firewalls and systems, preventing external attackers from getting in. Looking over a remote worker’s shoulder as they work in coffee shops or restaurants is another vector where the heads-down employee can inadvertently provide information the hacker would not normally access. Awareness is the key to employees avoiding these types of problems. Not allowing unknown people to follow you into the building should not be considered rude. A joking, “Can I see your badge so I know you are not a spy?” can obviate any embarrassment of challenging a fellow employee. Being attentive to the environment and not accessing secure information in public places where it can be observed is the worker's responsibility if remote access is allowed.