Vulnerable Operating Systems: Social Engineering and Virtual Private N

Answer:

Introduction:

Vulnerable Operating Systems 

Vulnerabilities are defined as the potential threat or risk of an attack on a computer system or an application that may hamper the regular services of the same and may also result in negative impacts in terms of privacy and security of the information that is present within. 

There are a number of computer and mobile based Operating Systems (OS) used by the users such as Windows, Linux, iOS, Android and many more. These operating systems are also exposed to such vulnerabilities with varying degree of likelihood and the same has given birth to the term called Vulnerable Operating Systems. Any sort of vulnerabilities to the operating systems make them vulnerable to a number of different malware and attacks such as viruses, worms, logic bombs, Trojans, network attacks and many more. The features of these operating syste
ms vary from one to the other and the same also forms the factor of an attack of a probable vulnerability on the same. For instance, Linux kernels allow it to be upgraded without affecting the rest of the operating system which is not the features present in any of the version of Windows. 

These vulnerabilities are also classified in to several categories as high, medium and low on the basis of their impact. Highly vulnerable Operating Systems have the gaps in their design and functionalities that make them easy targets for the attackers (Kingsley-Hughes, 2015). As per a recent report, Apple Mac OS is one of the most vulnerable OS in the present era. There are also medium and low vulnerability OS such as Linux Kernel and some of the versions of Windows OS. 

Intruders and attackers are constant putting an effort to come up with newer set of vulnerabilities to affect the functioning of all of these vulnerable operating systems and to gather unauthorized access to the information. It is because of this reason that the vulnerable Operating Systems have come up with a number of restrictions and access control to boost their respective security features. These security aspects reduce the vulnerability of any nature with respect to the OS. These also ensure that the confidentiality, integrity and the availability of the information that is present in the system remains intact at all times. It is possible to adapt the security mechanism while designing and implementation of the OS in order to avoid these vulnerabilities in terms of the security of the system.

Social Engineering 

Social Engineering is defined as a category of attacks that forms its base on the human interaction and the level of the same to break the security norms through unauthorized measures. It is a human approach of attack which is executed in such a manner that the participants do not realize their role in the same. 

Social engineering has been further classified in to two categories as computer/technology based deception and human based deception. The former makes use of technology to break in to the security of a system. For instance, an attacker may impersonate itself as an authenticated entity and demand the login credentials from the user. The user unaware of such an attempt will proceed to provide the same to the attacker which may result in adverse impact to the system. The second category relies on the in-person human interactions to execute an attack such as breaking the physical security by impersonating as an authenticated user. 

There are many adverse impacts of social engineering attacks on the organizations and for the users as well. These attacks put the user information at risk and plays with the confidentiality, integrity and privacy of the same. For the organizations, these may become the cause of heavy penalties and may also put the reputation at stake (Gulati, 2016). 

There are a number of techniques that are followed to execute social engineering attacks such as direct approach, dumpster diving, spying, eavesdropping, assistance of technical expert or support staff, use of authority and popup windows. Ignorance, undue curiosity and inadequate due diligence, revenge and personal gains are the few factors that form the causes or common behavior for such attacks on the system. 

Many countermeasures have been suggested and designed to prevent these attacks and to maintain the security of the system and the information. Some of the common measures include avoiding of the unfamiliar links and popup windows and reporting the same to the security team. Website managers must constant check their website for unnecessary traffic or an unwanted event. USB devices in a system that consists of private information must be blocked to avoid baiting which is another form of Trojan. Enhanced physical security and access control mechanisms can also aid in the prevention and control of such attacks. Also, an unknown entity whether real or virtual should never be trusted and provided with the confidential information associated with a particular user or organization (Perlman, 2014).

Virtual Private Networks 

Virtual Private Networks, popularly known as VPNs are the category of the networks that allow the organizations or the users to setup and make use of their own network over public or shared network infrastructure such as Internet. There are a number of VPN devices that are important to implement such network architecture for an entity. These devices include Customer devices such as routers and switches, Customer Edge devices, Service Provider devices and Service Provider Edge devices.

There are a number of protocols and technologies that are used to design and implement a site-to-site virtual private network. IP Security or IPSec is one such suite of protocols that provides protection to the IP traffic in a network. GRE is another technology that protects the multiprotocol traffic in a network. Draft Martini allows the safe point-to-point (PPP) transmission of protocols such as Frame Relays and Ethernet. The list of protocols is different for the Remote Access VPNs. These include Layer Two Forwarding (L2F) protocol that enables tunneling of PPP between access points and the VPN gateways. There are also many other protocols that allow remote access VPNs to function accurately such as Point to Point Tunneling protocol (PPTP), Secure Socket Layer (SSL) and IPSec. The figure presented below illustrates the various types and protocols that are used for the setting of a VPN.

VPN – Types and Protocols

As the name suggests, service provider provisioned VPNs are provided and managed by the service provider and the customer provisioned VPNs and configured and handled by the customer itself (ptgmedia.pearsoncmg.com, 2016).

There are a number of advantages that are offered by VPNs such as the security of communications that are done over a VPN is much higher as compared to any other network type. VPNs are also free from complex equipment for installation and long distance leased lines which makes them extremely low on cost parameter. Flexibility and scalability comes easy with a virtual private network that makes them adaptable to the changing requirements of a user or an organization. There are also a few disadvantages that are associated with VPNs. These networks demand an experienced professional for implementation and maintenance as they can be a bit complex on the design front. Reliability and availability of these networks also depend upon a number of additional factors in terms of infrastructure which may enhance the downtime in case of an attack. Also, there may be compatibility issues in the scenario of VPNs from multiple vendors.

References

Gulati, R. (2016). The Threat of Social Engineering and Your Defense Against It. Sans.org. Retrieved 10 August 2016, from https://www.sans.org/reading-room/whitepapers/engineering/threat-social-engineering-defense-1232

Kingsley-Hughes, A. (2015). Mac OS X is the most vulnerable OS, claims security firm; Debate ensues | ZDNet. ZDNet. Retrieved 10 August 2016, from https://www.zdnet.com/article/mac-os-x-is-the-most-vulnerable-os-claims-security-firm/

Perlman, M. (2014). 8 Tips to Prevent Social Engineering Attacks. LightCyber. Retrieved 10 August 2016, from https://lightcyber.com/8-tips-to-prevent-social-engineering-attacks/

ptgmedia.pearsoncmg.com,. (2016). Virtual Private Networks. Retrieved 10 August 2016, from https://ptgmedia.pearsoncmg.com/images/1587051796/samplechapter/1587051796content.pdf