Professional Documents
Culture Documents
Network Security Risks and Social Engineering - Edited
Network Security Risks and Social Engineering - Edited
Name
Institution
Course
Tutor
INFORMATION SECURITY 2
Q1. Although the network security risks are not new to many organizations, an increase
in mobile device usage and the advent of technology has resulted in the network security risks
becoming more dangerous. This paper discusses three major security issues and how
administrators can prevent them. First off, ransomware is becoming popular through blockchain
technology. The cybercriminal can anonymously demand payment over the dark web. Besides,
they can avoid prosecution. Many small and medium-sized businesses in the United States have
lost over seventy-five billion dollars each year. However, administrators can defend against
ransomware by replicating and backing their data in multiple locations. Besides, the programs
and applications need to be frequently updated across all devices by an administrator. Lastly, the
staff must be taught how to recognize phishing since they are the primary target.
Secondly, botnets refer to a single hacker controlling an army of computers. The device
becomes part of the botnet once malware infects it; This mostly occurs when a pirated or
outdated software is either downloaded or run (Administrator, 2017). Hence, an attacker aims at
prevent botnet by configuring the network to block invaders. Also, automatically updating
applications is effective. Lastly, an administrator should teach the staff against clicking or
downloading suspicious popups or programs. The third security issue is distributed denial of
service (DDoS), which is increasingly becoming popular due to the devices increasing in the
workplace.
In the instance of DDoS, an online service acquires a massive amount of web traffic due
to an attacker directing thousands of IP addresses. Huge traffic causes the service to slow down
INFORMATION SECURITY 3
and become unstable. Hence, ecommerce businesses or anyone using online or cloud services
platforms are affected. DDoS is dangerous since it can lead to the loss of millions of dollars of
revenue one day. Therefore, an administrator can protect against DDoS by purchasing more
bandwidth and ensuring that the server with load balancing is distributed across multiple data
centers.
whether the person is who they say they are when sharing information. An email from a friend is
a good scenario where an individual share too much of their personal information unknowingly
to a stranger. An attacker, either social engineers or hacks the email password and accesses that
person's contact list (What Is Social Engineering?, n.d.). Moreover, the attacker can access this
person's social network contacts since many people use the same password everywhere.
Therefore, an attacker uses this information to send an email to the person's contacts. They may
However, few easy guidelines can be followed to prevent an individual from sharing too
much personal information unknowingly to a stranger. First off, an individual should delete any
individual should refuse any offers of help or requests for help; this is because companies
considered legitimate do not contact an individual to provide help. In addition, the information is
considered a scam if one does not specifically request doe assistance from the sender.
Consequently, one should delete a request from a charity to help that one has no established
INFORMATION SECURITY 4
relationship immediately. It is much better to seek reputable charitable companies when one
Moreover, oversharing to a stranger can be avoided by setting the spam high. Since all
email programs have filters, an individual can access them through settings options. Searching
the provider's name can help look for a step-by-step guide on setting the spam filters. Lastly, an
individual can avoid oversharing by securing the computing devices; This is achieved by
installing anti-virus software, email filter, and firewalls. Besides, it is important to set the
operating system to automatic update. Applying the anti-phishing tool in a third party or web
Q3. The information collected from a target individual of a bank provides the employees'
positions, the terminology of the bank company, names, and much other information that the
target likely to have mentioned from the questions that l interviewed. Acquiring this knowledge
allows an attacker to appear more believable; This creates trust from the target and contributes to
them asking few questions. However, some of the information gathered of the target does not
sound sensitive to an average person. Nonetheless, they are invaluable in a social engineering
experiment. Examples of such information include birthdates, current and outdated phone lists,
and organizational charts from a company. This information is regarded as non-sensitive and
which is eventually discarded, simplifies an attacker's job. The reason is that they are discarded
The information are gathered to provide a social engineer the next step of the cycle.
Hence, the information provides by the target needs to be increased; This is achieved by looking
INFORMATION SECURITY 5
up the information on the company’s website and web searching for news articles, videos, blogs,
and any other information linked to the financial institution (Long, 2013). Consequently, asking
staff for the bank information provides enough hints necessary to dig deeper into the banking
institution. Therefore, examining the financial institution is done to learn the less available
information.
Some of the information gathering techniques include asking for favors, impersonating,
simple requests, reverse social engineering, and some instances of contriving situations.
Therefore, the techniques give a closer examination of basic information gathered from the
interaction with the bank staff to learn names, which software is used, and learning about phone
numbers of the managers and the rest of the staff. Therefore, this phase in the research findings
marks the next stage, which involves developing relationships. With the information gathered,
the attacker can use it to develop relationships with the organization's staff. This stage ultimately
References
Administrator, N. H. P. (2017, October 24). What are the main security threats to today’s
the-main-security-threats-to-todays-networks
Long, R. M. (2013). Using phishing to test social engineering awareness of financial employees
https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering