Five common network security vulnerabilities

Common vulnerabilities

1. Weak passwords
2. Phishing emails
3. Man in the middle (MITM)
4. Remote keylogger
5. Denial of Service (DoS)

1. Weak password

If the password is simple and commonly used, such as nicknames, phone numbers, partner names, pet names, etc., hackers can easily crack your account by guessing or performing brute force attacks. Once the hacker obtains your password, they can do whatever they want with your account

How to prevent weak passwords

Users should implement strong passwords that combine numbers, symbols, spaces, and uppercase and lowercase letters. It’s important that the password they create for your account is unique and different from the passwords used for other social media or email accounts.

This will reduce the risk of your account being compromised. The common site to verify that your account is safe is here, you can check if your credentials have been leaked to the public

2. Phishing email

Phishing emails are an easy way for attackers to break into your account. An attacker can create a fake email to make it look like it was sent from Facebook. These are some examples of what an email might look like:

-Notifications about friend requests, messages, events, photos and videos
-Falsely claim that you violated their community standards
-Warning, if you don’t update or take certain measures, something will happen to your account
-Statements or offers that sound too good to be true (e.g. winning a lottery)

How to prevent phishing attacks

Users should be educated and informed about the characteristics of phishing emails in order to pay close attention to them. You can do the following:

-Don't click any links or open any attachments in suspicious emails
-Don’t respond to suspicious emails, especially emails that ask you to provide your password, social security number, or credit card information
-Do not enter personal information from the pop-up screen (note: legitimate companies will never ask for personal information through the pop-up screen)
-Pay attention to spelling errors in email content

3. Middleman (MITM)

When a user unknowingly connects to a fake WiFi connection, a man-in-the-middle attack may occur. This is another technique that hackers can use to hack into your account. In most cases, you may not be able to tell which WiFi is real because it is public and will take you to the login page before granting Internet access, where it is normal to ask you to enter your email and password. Similarly, without your knowledge, the attacker has recorded this information and can test these login credentials on other social media platforms

How to prevent man-in-the-middle attacks

You should never connect your mobile device or laptop to a public WiFi network because they are insecure and an easy way for hackers to obtain information. If you want to connect to public WiFi, then I suggest you use a VPN to ensure your connection is secure

4. Remote keylogger

The hacker first needs to access your mobile device or laptop to install a software to record whatever you type on the device. After installation, anything entered (password, login credentials, bank information, etc.) will be recorded and can be viewed by hackers. This is a hidden technique for attackers to break into your account. For example, if an attacker invades your laptop in some way and installs keylogger software, then anything you type will be recorded for the attacker to use. Not only will it record your credentials, but also your bank credentials, email account, and any other accounts you have

How to prevent remote keyloggers

-Don't use third-party keyboard apps
-Do not open any attachments or click on links in emails, because the keylogger may be embedded in the attachment
-Install anti-spyware applications to help detect, disable, and isolate software-based keyloggers (Norton)

5. Denial of Service (DoS)

A denial of service attack "is a malicious attempt to affect the availability of a target system (such as a website or application) to legitimate end users." Attackers usually generate a large number of packets or requests to flood the website. When such an attack occurs, users will not be able to access the website and cannot log in

How to prevent denial of service attacks

-Monitor the network so you can understand what normal incoming traffic looks like
-Implement web application firewall
-Understand the common signs of a denial of service attack so that you can mitigate the attack as soon as possible