While the ping command is incredibly helpful in determining the
reachability of different IP addresses, it has the potential to be used
maliciously.
The Ping of Death attack was a popular denial of service (DoS)
attack between 1996 and 1997 which involved deliberately fragmenting IP packets
to make them larger than the maximum allowed 65,536 bytes. A denial of service (DoS) attack is derives
its name from the impact that it has – users are denied service by the servers. Operating system vendors provided patches to protect
against these attacks but many websites continue to block ICMP ping messages.
With regards to preventing social engineering schemes, employees should be trained to identify phishing emails, inform IT specialists within the company when those emails are received and how to handle the email itself. Further, badged access and/or 2-factor authentication can be used to further reduce the likelihood of malicious intrusion into networks.
Further, attackers use tools such as whois to determine the IP addresses
of target organizations and then use automated ping sweeping tools to
methodically ping the publicly addresses within a range or subnet. From there
they use port scanning to search for open ports and determine what applications
or operating systems are being used and whether there is an exploitable
vulnerability. These vulnerabilities might include the absence
of patches to operating systems, firmware, and more. For instance, an operating
system that went unpatched to deal with the Ping of Death attack would be
vulnerable to future Ping of Death attacks.
In contrast, social engineering is a tactic utilized by attackers which
exploits human failure. Social engineering attacks may include phone calls,
phishing emails, watering hole attacks and more. Attackers using social engineering methods will often take weeks and
months getting to know a place before even coming in the door or making a phone
call. Their preparation might include finding a company phone list or org chart
and researching employees on social networking sites like LinkedIn or Facebook.
In truth, networks will
always be vulnerable.
The proper approach is to reduce vulnerability.
To reduce vulnerability,
avoid the following:
- Misconfigured firewalls
- Unpatched vulnerabilities
- Unsecured wireless access points
- Default/overused passwords.
With regards to preventing social engineering schemes, employees should be trained to identify phishing emails, inform IT specialists within the company when those emails are received and how to handle the email itself. Further, badged access and/or 2-factor authentication can be used to further reduce the likelihood of malicious intrusion into networks.
0 Comments:
Post a Comment