Computers and the Internet has become a very important part of our lives. It eases the tasks of our daily life in every way. Whenever we use the Internet for any purpose, we also have some confidential information in it, which we never want to make public, whether we talk about any social media or whether we are in any of our Business. In all these, you have to keep some of your personal information limited to yourself.
If the information of any of these systems gets leaked or someone steals your personal information, then you can suffer a lot of damage. Therefore, Internet Security is very important to avoid any kind of loss or fraud on the Internet.
1. Firewall and System Probing
Hackers are using sophisticated, automated tools to scan for vulnerabilities of a company’s corporate firewall and systems behind the firewall. These hacker tools have proved to be quite effective, with the average computer scan taking less than 2-3 minutes to identify and compromise security.
Companies can prevent this by ensuring that their systems sit behind a network firewall and any services available through this firewall are carefully monitored for potential security exposures.
Here is a list of the best Next Generation Firewalls:
- Perimeter 81 FWaaS
- Fortinet FortiGate (7000 series)
- Forcepoint NGFW
- Palo Alto Networks PA Series
- Juniper Networks SRX Series
- SonicWall Next-Generation Firewall TZ Series
- Barracuda CloudGen Firewall
- Cisco FirePOWER Series
- Sophos XG Series
2. Network File Systems (NFS) Application Attacks
Hackers attempt to exploit well-known vulnerabilities in the Network File System application, which is used to share files between systems. These attacks, usually through network firewalls, can result in compromised administrator access.
To combat this, ensure systems do not allow NFS through the firewall, and enable NFS protections to restrict who can access files.
3. Electronic Mail Attacks
Hackers can compromise network systems by simply sending an e-mail to it. Companies who accept e-mail from the Internet and who have exposed versions of the sendmail program are potential targets from this attack. Last year more than 20,000 systems were compromised due to this exposure.
To prevent this from occurring, check with vendors to ensure systems are running a correct version of sendmail or some more secure mail product.
According to csoonline.com, here are top 15 biggest data breaches:
- Adobe – 153 million user records (Oct 2013)
- Adult Friend Finder – 412.2 million accounts (Oct 2016)
- Canva – 137 million user accounts (May 2019)
- Dubsmash – 162 million user accounts (Dec 2018)
- eBay – 145 million users (May 2014)
- Equifax – 147.9 million customers (July 2017)
- Heartland Payment Systems – 134 million credit cards exposed (March 2008)
- LinkedIn – 165 million user accounts (2012 and 2016)
- Marriott International – 500 million customers (2014-18)
- My Fitness Pal – 150 million user accounts (Feb 2018)
- MySpace – 360 million user accounts (2013)
- NetEase – 235 million user accounts (Oct 2015)
- Sina Weibo – 538 million accounts (March 2020)
- Yahoo – 3 billion user accounts (2013-14)
- Zynga – 218 million user accounts (Sept 2019)
4. Vendor Default Password Attacks
Systems of all types come with vendor-installed usernames and passwords. Hackers are well educated on these default usernames and passwords and use these accounts to gain unauthorized administrative access to systems.
Protect systems by ensuring that all vendor passwords have been changed.
According to NordPass, here are the top 20 most common used passwords:
5. Spoofing, Sniffing, Fragmentation and Splicing Attacks
Recently computer hackers have been using sophisticated techniques and tools at their disposal to identify and expose vulnerabilities on Internet networks. These tools and techniques can be used to capture names and passwords, as well as compromise-trusted systems through the firewall.
To protect systems from this type of attack, check with computer and firewall vendors to identify possible security precautions.
6. Social Engineering Attacks
Hackers will attempt to gain sensitive or confidential information from companies by placing calls to employees and pretending to be another employee. These types of attacks can be effective in gaining usernames and passwords as well as other sensitive information.
Train employees to use a “call-back” procedure to verify the distribution of any sensitive information over the telephone.
Examples of SE Attacks:
- Spear Phishing
- Quid Pro Quo
7. Easy-To-Guess Password Compromise
Most passwords that are easy to remember are also easy to guess. These include words in the dictionary, common names, slang words, song titles, etc. Computer hackers will attempt to gain access to systems using these easy-to-guess passwords usually via automated attacks.
Protect systems by ensuring that passwords are not easy to guess, that they are at least eight characters long, contain special characters and utilize both uppercase and lowercase characters.
Though you should avoid picking any of these passwords for yourself, try guessing from this list of passwords:
8. Destructive Computer Viruses
Computer viruses can infect systems on a widespread basis in a very short period. These viruses can be responsible for erasing system data.
Protect systems from computer viruses by using anti-virus software to detect and remove computer viruses.
Take a look at 10 of the worst destructive computer viruses of all time.
- Code Red
- Storm Trojan
- My Doom
9. Prefix Scanning
Computer hackers will be scanning company telephone numbers looking for modem lines, which they can use to gain access to internal systems. These modem lines bypass network firewalls and usually bypass most security policies. These “backdoors” can easily be used to compromise internal systems.
Protect against this intrusion by ensuring modems are protected from brute force attacks. Place these modems behind firewalls; make use of one-time passwords; or have these modems disabled.
10. Trojan Horses
Hackers will install “backdoor” or “Trojan Horse” programs on businesses computer systems, allowing for unrestricted access into internal systems, which will bypass security monitoring and auditing policies.
Conduct regular security analysis audits to identify potential security vulnerabilities and to identify security exposures.
These are the types of Trojans that you need to be aware of:
- Banking Trojans
- DDoS Trojans
- Game thieves
- Instant messaging Trojans
- Password stealing ware
- Ransom Trojans
- SMS Trojans