Network Security - The Real Vulnerabilities

Network Security - The Real Vulnerabilities

Scenario: You work in a corporate environment in which you're, a minimum of partially, responsible for network security. You've implemented a firewall, virus and spyware protection, as well as your computers are all current with patches and security fixes. You sit there and take into account the lovely job you have carried out to make sure that you will not be hacked.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. How about the other factors?

Perhaps you have considered a social engineering attack? How about you who make use of network on a daily basis? Have you been prepared in working with attacks by these folks?

Believe it or not, the weakest link inside your security plan's the folks who use your network. Typically, users are uneducated about the procedures to recognize and neutralize a social engineering attack. What's likely to stop an user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you realize, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There's nothing to stop an individual set on breaking into your network from calling the help desk, pretending to become an employee, and asking to have a password reset. Most organizations make use of a system to create usernames, so it is not very difficult to figure them out.

Your business should have strict policies in position to make sure that the identity of an user before a password reset can be done. One simple thing to do would be to have the user go to the help desk personally. Another method, which works well if your offices are geographically far, would be to designate one contact at work who are able to phone for a password reset. By doing this everyone who works about the help-desk can recognize the voice of the person and know that he or she is who they are saying they're.

Why would an attacker see your office or create a phone call towards the help-desk? Simple, it is almost always the road of least resistance. There isn't any have to spend hours trying to break into a digital system when the physical system is easier to exploit. Next time the thing is someone walk-through the doorway behind you, and do not recognize them, stop and ask who they are and what they're there for. Should you choose this, also it happens to be somebody that isn't said to be there, more often than not he'll escape as fast as possible. If the person should really be there he then will most likely have the ability to produce the name of the person he's there to see.

I understand you are stating that I'm crazy, right? Well think about Kevin Mitnick. He's probably the most decorated hackers of all time. The federal government thought he could whistle tones right into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by looking into making a telephone call, he accomplished some of the greatest hacks to date. If you want to learn more about him Google his name or browse the two books he has written.

It's beyond me why people try and dismiss these kinds of attacks. I suppose some network engineers are just too proud of their network to admit they might be breached so easily. Or could it be the truth that people don't feel they must be accountable for educating their employees? Most organizations don't give their IT departments the jurisdiction to advertise physical security. Normally , this is a problem for that building manager or facilities management. None the less, if you're able to educate the employees the least bit; you might be in a position to prevent a network breach from a physical or social engineering attack.

POST COMMENT

Zero Resistance Weight Download-Zero Resistance Weight Download Tonsillensteine Download-Tonsillensteine Latest Mobile Downloads-Latest Mobile Downloads Review Theoilbiz Download-Theoilbiz Fifty Dollars A Day Download--How To Make Fifty Dollars A Day Advantages of PHP in Web Development New Gaming Experience Download-New Gaming Experience Scam Network Security and Why You Need It Network Assessment: Finding Vulnerabilities and Protecting Against Threats How To Earn Money On The Internet Review Empowered Nutrition Meal Plans Download-Empowered Nutrition Meal Plans Extra1x2 Download-Extra1x2 Scam The Best mp3 Mix Download-The Best mp3 Mix Scam