PING command, better known as Packet Internet Groper, checks to see that a device or website is available and how quickly you can access it. More descriptively, PING is “a basic program that allows a user to test and verify if a particular destination IP address exists and can accept requests in computer network administration” (Zola, 2021). It is used diagnostically to ensure that a host computer the user is trying to reach is functioning. According to Impreva (n.d.), “there are a number of ping commands that can be used to facilitate an attack, including:
- The -n command, which is used to specify the number of times a request is sent.
- The -l command, which is used to specify the amount of data sent with each packet.
- The -t command, which is used to continue pinging until the host times out.”
Ping flood attacks and ping of death are two different kinds of Ping attacks. Ping flood attacks Ping flood, “also known as ICMP flood, is a common Denial of Service (DoS) attack in which an attacker takes down a victim’s computer by overwhelming it with pings. The attack floods the victim’s network with request packets, since the network will respond with an equal number of reply packets. The pings are used to overload a target network with data packets, resulting in a denial of service. (Impreva, n.d.).
Ping of death is another a type of denial of service attack. It occurs “when an attacker crashes, destabilizes, or freezes computers or services by targeting them with oversized data packets” (Fortinet, n.d.). Since ping command is used to test the availability of a network resource by sending small data packets to the network resource, ping of death takes advantage of the process and sends data packets above the maximum limit allowed. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot, or crash. (Imperva, n.d.).
Two computer security incidents to discuss in more detail are phishing and password cracking. Phishing is “is an Internet scam that baits a user to share sensitive information like a password or credit card number” (Vahid & Lysecky, 2019). The most common form of phishing is emails. Computer systems are vulnerable to phishing since phishing typically prompts a user to click on items such as links that often lead a user to a website that will download malware to a user's computer, compromising their system. After compromising a system, one damage from phishing can be loss of data to unauthorized persons. The stolen data can then be used for illegal actions, and even used to obtain funds from organizations. Recommendations for protecting a computer system or network from phishing include training and multifactor authentication. “One of the most common practices for preventing phishing attacks is to educate individuals to identify phishing emails” (Alabdan, 2020). Being able to identify phishing emails can minimize the cyberattacks. Multifactor authentication can be helpful if you accidently fall for a phishing email and provide your username and password. Multifactor authentication can be used to make it more difficult for hackers to hijack user profiles with only a username and password by requiring the user during sign in enter a temporary code appearing on the user's mobile phone or requesting access on the user’s end (Vahid & Lysecky, 2019).
Password cracking “is the process of recovering secret passwords stored in a computer system or transmitted over a network” (NIST, n.d.). Attackers use password cracking techniques to get unauthorized access to vulnerable systems. Computer systems are vulnerable to this type of attack because of the effects this type of attack can cause. If a computer system is accessed using password cracking, it allows hackers to change any and everything in a computer to retrieve whatever they want. The damage that can be caused by password cracking is massive. If someone gains access to a system, loss of data can happen. That data can then be used to conduct illegal activities. Manipulation of a database or computer system can also occur to benefit the hackers needs. Recommendations for protecting a computer system or network from password cracking are following password policies and using two-step verification when possible. Password policies can stress the importance of avoiding short and easily predicable passwords or avoiding using passwords with predictable patterns. Two-step verification is similar to multifactor authentication, which helps secure a user's account by requiring the user during sign in to enter a temporary code appearing on the user's mobile phone or other device using push notifications.
Alabdan, R. (2020). Phishing Attacks Survey: Types, Vectors, and Technical Approaches. Future Internet, 12(10), 1h. https://doi.org/10.3390/fi12100168
Fortinet. (n.d.). Ping of Death. https://www.fortinet.com/resources/cyberglossary/ping-of-death
Imperva. (n.d.). Ping flood (ICMP flood).https://www.imperva.com/learn/ddos/ping-icmp-flood/
Imperva. (n.d.). Ping of Death (POD). https://www.imperva.com/learn/ddos/ping-of-death/
National Institute of Standards and Technology (NIST). (n.d.). Password Cracking. https://csrc.nist.gov/glossary/term/password_cracking
Vahid, F., & Lysecky, S. (2019). Computing technology for all. zyBooks.
Zola, A. (2021, July). Ping. TechTarget. https://www.techtarget.com/searchnetworking/definition/ping
Comments
Post a Comment