Post #6: Network Security

 

Network Security

There are many ways that a computer can fail. Unfortunately, one of the more common failures is due to an intentional attack. These attacks commonly occur from outside and are conducted via a computer’s network connections. For this reason, network security is more important than ever. While there are many possible problems, this paper will focus specifically on security holes/vulnerabilities and phishing.

Security Holes and Vulnerabilities

With the looming threat of malicious attacks, many computers are built with security in mind. The textbook describes many of the threats and discusses computer security. “Computer security is the prevention of unauthorized computer access, including viewing, changing, or destroying a computer or data” (Vahid & Lysecky, 2019, sec. 8.1). Despite the large amount of effort put into making computers and networks more secure, security holes—vulnerabilities—still exist. “A security hole, or vulnerability, is an aspect of a computer that can be used to breach security” (Vahid & Lysecky, 2019, sec. 8.1). What is worse is that there are a whole host of people constantly probing networks to try to discover new vulnerabilities.

These continued attacks make creating a secure system a daunting task. There is a constant effort to close security holes and keep networks safe. Whenever a vulnerability is discovered developers work quickly to close it with an update. One of the best ways to keep a network secure is simply to keep it updated. “Thus, computer users are advised to keep their OS'es up-to-date, not only to gain new features, but to close security holes” (Vahid & Lysecky, 2019, sec. 8.1). A second recommendation be aware of, and regularly update, security and privacy options. As an example, a common source of in-home cameras being hacked, it turns out, is caused when users do not change the default password (Spadafora, 2021). Taking the time to set up basic security and privacy features can be an important step.

Phishing

These attacks can be serious. As early as 2006 the FBI did a survey of a handful of businesses to assess the cost of computer crimes. “The average cost per company was more than $24,000, with the total cost reaching $32 million for those surveyed” (Evers, 2006, para. 1). With that survey, the FBI estimated that the total cost for American businesses was almost $70 billion a year. However, the attacks above describe vulnerabilities in the system itself, but there is another weakness, the user. Authors Mahmoud Khonji, Youssef Iraqi, and Andrew Jones describe how hackers attack the user as a vulnerability. “PHISHING is a social engineering attack that aims at exploiting the weakness found in system processes as caused by system users” (Khonji et el. 2013, p. 2091). With a phishing attack, hackers do not need to find a vulnerability or guess a password, they trick the user into giving them access.

Users can protect against this type of breach by exercising caution. One approach is to never enter a password (or other information) into a page that was reached by clicking a link in an unsolicited email. Instead, if an email alerts a user to a problem with an account they have, the user should use their browser to navigate directly to that account’s website. Another recommendation would be to practice good password discipline. “Signing out regularly, changing passwords frequently, never writing a password (in a file, email, or paper), using different passwords for different sites, and using hard-to-guess passwords can improve account security” (Vahid & Lysecky, 2019, sec. 8.4). In this way, even if a password is compromised, the damage may be minimized.

Conclusion

There are certainly many more possible problems, but this paper looked specifically at security holes/vulnerabilities and phishing attacks. It may seem that these are highly technical problems and the solutions would be overwhelming to the novice user. However, the recommendations in this paper, to keep your OS updated, to set and maintain basic security and privacy settings, to never click on a link in an unsolicited email and then enter personal data (actually, never clicking a link in an unsolicited email at all is probably the best practice), and practicing good password discipline are easy steps that even the most basic user can achieve and benefit from.

References

Evers, J. (January 20, 2006). Computer crime costs $67 billion, FBI says; Dealing with viruses, spyware, PC theft and other digital crimes adds up to a hefty total for businesses. CNET. https://www.cnet.com/news/privacy/computer-crime-costs-67-billion-fbi-says/

Khonji, M. Iraqi, Y. Jones, A. (2013). Phishing detection: A literature survey. IEEE Communications Surveys & Tutorials, Vol. 15, No. 4, Fourth Quarter 2013. http://romisatriawahono.net/lecture/rm/survey/network%20security/Khonji%20-%20Phishing%20Detection%20-%202013.pdf

Spadafora, A. (April 20, 2021). Default passwords make IP cameras surprisingly easy to hack: Over 380,000 public-facing cameras have been discovered online. Techradar.pro. https://www.techradar.com/news/default-passwords-make-ip-cameras-surprisingly-easy-to-hack

Vahid, F., & Lysecky, S. (2019). Computing technology for all. zyBooks.