Scam Protection with Encryption, Authentication, Network Design, and Policies

When I think about being scammed I think about someone tricking me into doing something that I would not do if I knew otherwise.  However, that is not always the case when it comes to scams conducted on the Internet.  According to SCAMwatch (n.d.), “A lot of internet scams take place without the victim even noticing.  It is only when their credit card statement or phone bill arrives that the person realizes that they might have been scammed” (Online Scams).

Scammers use a variety of techniques to obtain information that they feel will be of value to them.  Some of the scams can use passive attacks.  A passive attack is difficult to detect because the scammer does not alter any data.  Some passive attacks are shoulder surfing or dumpster diving.  On the other hand, some scammers choose to employ active attacks to carry out their scams.  According to Stallings (2014), “Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service” (p. 11).

A masquerade attack occurs when an attacker poses as a valid entity to obtain access to a system.  Replay attacks take place when an attacker intercepts data during a transmission and then resends the data to create an undesirable effect.  Modification of messages involves altering message content to something that will benefit the person conducting the malicious act.  Modification of messages can also be used to delay or reorder messages to create an unauthorized effect.  Denial of service occurs when an attacker disrupts or delays the normal operation of a specific target or network.

Completely eliminating passive and active attacks is unrealistic.  However, the threats can be mitigated with the incorporation of encryption, authentication, network design, and policies.  Encryption makes messages unreadable to anyone that does not possess the key required to unencrypt them and make them readable.  Authentication is a measure that ensures entities are who they say they are before full access is granted to resources.  Network design is the concept of incorporating security standards that are known to be effective at preventing attacks.  An example of a network design security standard is a demilitarized zone (DMZ).  Policies are important because they outline security procedures to users in an effort to prevent passive attacks like shoulder surfing and dumpster diving.

There is no doubt that there are people out there conducting active and passive attacks.  The attacks they conduct can be difficult to detect and mitigate.  However, implementing the aforementioned measures will stop many attacks before they can penetrate the network’s perimeter, provide early detection, and facilitate recovery operations in the event an attack occurs.

References

Online scams. (n.d.). Retrieved August 21, 2013, from http://www.scamwatch.gov.au/content/index.phtml/tag/onlinescams

Stallings, W. (2014). Network security essentials (5th ed.). Boston, MA: Pearson Education.