Common Threats and Safeguards to Be Aware of

Social Engineering is one of the most difficult hacking techniques to defend against because it is all about attacking the human elements. It is about manipulating employees and using non-technical means to discover information about the company or users to exploit them to gain access to the network. The best safeguard to use against social engineering is to educate the users and executives of the company. Educate them not to give personal private information to others without the employees knowing who they are. No one should have a need to know the user's password or access codes to their equipment. Train the employees on the proper way to discard sensitive information. Train them in not throwing papers with social security numbers or financial information in a regular trash can. Teach them the proper use of shredding material. Security is all about trusts and forming trust relationships. If you do not have trust then how can you be secure, that is why social engineering is so difficult to secure against because you are putting trust in your employees to not click on links in e-mails, give passwords to strangers, not to keep their passwords in the open, and not throw away sensitive information in normal trash.


A Denial of Service Attack (DoS) is attacks on a network and a web infrastructure. Its major objective is to prevent legitimate use of a network by preventing authorized access to resources, delay time critical operations, and by degradation of services. One of the most common types of DoS attacks is called TCP SYN Flooding also known as IP spoofing. A safeguard of this kind of attack is by installing a filtering router that restricts the input to your external interface, known as an input filter or ingress filter. You also should filter outgoing packets that have a source address different from your internal network to prevent a source IP spoofing attack from originating from your site.

E-Mail Attacks are very common as more people are being connected. You can have spam, phishing, and malware sent though e-mail. How do you safeguard against these types of attacks? It is simple don’t use e-mail. Make phone calls or send a letter to the person you are trying to reach. Those are not very good solutions. Just because a technology is not safe to use does not mean you cannot use it safely. If that were the case, why are you on a computer or using a pen or telephone? To protect your network from e-mail attacks remember to educate the users. Don’t click on links in an e-mail. If you have to go to the link open up a new browser and type that link in the browser. If you are told to log-in to your bank or credit card site then do it from the home page, and remember that a bank will never ask you to log in to change records or verify account information. If they do you need to change banks because they lack good Information Security procedures. Do not run a program from your e-mail. Save it to your desktop, and run it from there.

Knock, Knock Let Me In

Do you know who is trying to get in to your network. Someone is always knocking at your door. The doors of the network is called ports. Anyone working on my network should have a fairly good understanding and knowledge of why a port is open, and if they do not have a good reason for it to be open then close it. Port knocking provides a stealthy method of authentication and information transfer to a networked machine that has no open ports. Some basic functionality needs to be provided with any port knocking implementation:

1. A way to monitor the firewall log file needs to be devised. 
2. A method to extract the sequences of ports from the log file and translate their payload into usable information. 
3. Once the information is obtained from the sequence, the implementation must provide some way to manipulate the firewall rules.

Port knocking sounds like a great solution when it comes to monitoring closed ports on a firewall, but it does come with a few disadvantages. You have to use client script in order to perform the knocks. This script should be kept a secret and on a removable media such as a USB drive. A number of ports need to be allocated for exclusive use by the system. Any system that manipulates firewall rules in an automated fashion requires careful implementation.

Awards and Achievement

Well it is 2:37pm and I am in the process of getting ready to be inducted into Alpha Beta Kapa National Honor's Society. I do admit I have worked hard towards this event. I know my family and I have both sacificed a lot and will sacifice a lot for this achievement. I have given up my weekends, most of my nights, and days. I could have been with my wife on those times, but my choices have lead me down this path. We both wonder sometimes if the pressure of school is worth it in the end...

I think it will be. I have just one goal, and that is to provide a better lifestyle for my wife and our future child together. That is what this degree is all about to me. Some of my classmates only sees it as a way to get a job and have fun. I see it more than that. I know my value, and I must convey that to any partential employees. That is way I will not settle for just any job it has to be that right job. I have done that before, and I will not go down that road again.

I am very excited about being a member of such a prestiagous organization. I am ready to prove everyone that I am smart and that the decision to go to school was the right one. By December I hope with the help of God that I will be Validictorian of my class. If not that then at least in the top ten percent. I just wish that I had applied myself like this in high school. I may would have turned out a little different. I finally get to right that wrong.

Back to the question... Is the ABK Honor important to me? Heck yes it is. Some people it may not be. I just hope that I can live up to the standards and do them and my family proud.