Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Network Scanning

You're reading from   Practical Network Scanning Capture network vulnerabilities using standard tools such as Nmap and Nessus

Arrow left icon
Product type Paperback
Published in May 2018
Publisher
ISBN-13 9781788839235
Length 326 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Ajay Singh Chauhan Ajay Singh Chauhan
Author Profile Icon Ajay Singh Chauhan
Ajay Singh Chauhan
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Fundamental Security Concepts FREE CHAPTER 2. Secure Network Design 3. Server-Level Security 4. Cloud Security Design 5. Application Security Design 6. Threat Detection and Response 7. Vulnerability Assessment 8. Remote OS Detection 9. Public Key Infrastructure-SSL 10. Firewall Placement and Detection Techniques 11. VPN and WAN Encryption 12. Summary and Scope of Security Technologies 13. Assessment 14. Other Books you may enjoy

Internet security

These are the basic things you need to understand when you are working with online systems. When working with them day to day, we expose ourselves to risks.

Let's jump into the basic components of internet security.

Password

Since we own internet enabled devices, we are responsible for our own security. So, let's begin with our passwords. As users, we must choose a strong password. Alternatively, organizations should encourage users to choose one.

Password analysis shows that quite a common password used by users is 123456 and other similar, simple patterns. Most users choose the same password across multiple platforms. If a server or database is compromised by hackers, it would be easy to crack passwords such as this.

Few common web portals contain personal information. However, if an employee is required to create a username consisting of their first and last name or employee ID, and this is combined with a simple default password such as abcX123, then their information is easy to guess.

System upgrade and updates

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 triggered by the WannaCry ransomware crypto worm. This attack targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. Such infection happens because people are running outdated software and attackers exploit this. This is not limited to PCs but also to mobile devices and other internet enabled devices.

Phishing

Phishing is a form of online fraud where you receive an email that looks similar to a trusted source. The message may ask you to validate, confirm, or update your account information by logging into fake websites. Targets are contacted via telephone, email, and text message, which are used to extract credit card details and passwords.

This is my own email box, which contains a message stating that I am supposed to get 13,17422 INR, and I need to update my details. While the attacker is using money as a temptation tool, it is important to think instead about your IT return. Is this type of mail really to be expected from the IT department? You can easily guess that this is not a genuine domain just by looking at the email header. Following the instructions of this message can consequently have disastrous consequences:

Beware of phishing phone calls

Attackers might call you on the phone and offer to solve your computer problems by selling you a software license or by obtaining your personal information in order to update your details in a backend system.

Once they've gained your trust, cybercriminals might ask for your username and password or ask you to go to a website to install software that will let them access your computer in order to fix it. Once you do this, your computer and your personal information is hijacked.

In the same way, a banking fraud can take place. This includes cybercriminals calling you and trying to persuade you to share your credit card and banking details.

Some signs of phishing phone calls include:

  • You have been specially selected for any offering
  • You have won money in a lottery
  • You have income tax refund
  • Someone asking about credit card CVV and other details to update a banking database

Phishing protection

Phishing attack protection requires steps to be taken by both users and enterprises. For users, awareness is the key. A spoofed message often contains some mistakes that expose its true identity. These can include spelling mistakes or changes to domain names, as seen in the earlier URL example. Users should also stop and think about why they're even receiving such an email or phone call.

You should report such emails to authorities so that appropriate actions can be taken.

You have been reading a chapter from
Practical Network Scanning
Published in: May 2018
Publisher:
ISBN-13: 9781788839235
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image