Risks and Resolutions
A Computer Network has many benefits to a company. However, it also puts a company at security and privacy risks if they are not tackled with a profound technical know-how. When a computer on a network is hacked, there is a possible threat to other systems getting effected as well. These security breaches can be severe to the organization information and privacy and resolve into a loss of information, leak of confidential data such as bank accounts, and loss of goodwill and trust.
Ping Sweeps and Port Scans Intro
Ping sweeps and port scans are two methods commonly used by hackers to detect vulnerabilities on computer networks (InfoSoc, 2014). ...view middle of the document...
However, hackers can take advantage of Fping to hijack a machine on the network. NMAP is also another tool that does ping sweeps.
If an IP address is live and responds to a ping sweep, the hacker uses port scan method to check for open ports. This process involves probing each port on a host to determine which ports are open. Once an open port is found, then usually it is a matter of breaking the username and password to get it.
Intruders or hackers can connect to a series of ports on the target server or machine and find out what services are running. The target here is a service that is less secure: easy to hack. According to Lawrence Teo, in another type of port scan, the hacker can connect to the port and immediately close the connection. Since a full connection does not happen, the transaction is not logged in the target machine. If the hacker gets an open port in the scan, he will be able to get into the network and steal or create havoc. Financial information and customer information can be compromised and the hacker can illegally transfer money from the financial system to his accounts.
To protect a company from these threats, a company must have a robust security system for its network. Preemptive measures should be established and tools should be in place to ward off malicious attacks. There should be guidelines on what to do in the event of a successful attack. There should also be tools configured to recover from attacks and minimize the losses that arise from attacks like port scans and ping sweeps. Preemptive measures include having an established written security policy. There should be a robust authentication and authorization system. The network should also have a properly configured firewall to help block these attacks by preventing any outside IP addresses from accessing the network. The firewall performs SYN flood protection that drops SYN packets, which resemble denial of service attacks. Network and Host IDs should be configured appropriately as well.
“However, due to the way that port-scanning tools send thousands of SYN packets are very high speeds, these packets are often dropped by SYN flood-protection mechanisms…Attackers can still port-scan and map your network and its services, but tools such as nmap and SuperScan must be reconfigured to increase the delay between sending SYN packets” (Chris, 2004).
In addition, the publicly accessible servers must be kept in a (Demilitarized) DMZ zone where very few services can be accessed by the general public. This means that users can get into the network only by using a secure VPN connection.
For the networks that mainly use IIS webservers (Microsoft), Microsoft provides a tool called URLScan, which filters all URLs that are known to attack IIS web servers. The ISP allows limited ICMP...