Share

Network Security – The Real Vulnerabilities

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?

Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.

Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.

Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.

I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.

It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.

Dennis d’Entremont is the operator of SaveLoad Video Game Directory and Computers-Made-Easy.com

Author: Dennis DEntremont
Article Source: EzineArticles.com
Provided by: PCB Prototype & Manufacturing

6,637 Comments on this Post

  1. Money-X: игровой сервис с мгновенным доступом на официальном сайте

    Reply
  2. Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me.Website Giriş için Tıklayın: jojobet

    Reply
  3. bedava eticaret sitesi için buraya tıklayınız

    Reply
  4. Eğitim, refah anında bir süs, felaket sırasında bir sığınaktır. Can dostunuzun profesyonel eğitim ihtiyaçları için hemen rezervasyon oluşturun!

    Reply
  5. Thank you for great content. Hello Administ. Website Giriş için Tıklayın: jojobet

    Reply
  6. This is why I keep coming back to this blog. Quality content, every time.

    Reply
  7. IP lookup is a method used to determine the geographical location, owner, or connected network of an IP address.

    Reply
  8. iqos terea çeşitleri en uygun fiyata terea amber terea yellow satın al

    Reply
  9. en iyi en kaliteli escort sitesi güngören merter escort sitesine hoşgeldiniz

    Reply
  10. This article truly resonated with me! It’s refreshing to see such insightful content in a sea of noise.

    Reply
  11. Refreshing to see a blog post that respects readers’ time while delivering valuable insights.

    Reply
  12. Brilliantly crafted. I’m in awe of the writer’s ability to convey so much in so little.

    Reply
  13. can nurse practitioner do surgery

    Reply
  14. despa yurt dışı eğitim kazan federal üniversitesi yetkili Türkiye temsilcisidir

    Reply
  15. Zonguldak ilinde meydana gelen son gelişmeleri takip edin! Kömür havzasının kalbindeki şehir, güncel olaylarla dolu. Madencilikten sanata, eğitimden siyasete kadar her alanda yaşananları keşfedin. Zonguldak’ın öne çıkan haber başlıkları, yerel etkinlikler, spor müsabakaları ve daha fazlası burada! Takipte kalın, Zonguldak’ın nabzını tutun!

    Reply
  16. Трикс играть онлайн раздача каждый день

    Reply
  17. antalya halı yıkama antalya temizlik antalya koltuk yıkama hizmetleri

    antalya halı yıkama antalya temizlik antalya koltuk yıkama hizmetleri Antalya Temizlik

    Reply
  18. Thank you to the person who wrote a great content

    Reply
  19. Hızlı haberin adresi. son dakika haberleri haber ekspreste

    Reply
  20. The quality of the content on this site is exceptional. The articles are well-researched, thought-provoking, and provide a nuanced understanding of the subject. I highly recommend it to anyone interested in the topic.

    Reply
  21. Thank you to the person who wrote a great content

    Reply
  22. Jinekomasti günümüzde erkek hastaların en çok sıkıntı çektiği durumlardan birtanesi olarak söylemek yanlış olmaz.

    Reply
  23. Nice article inspiring thanks. Hello Administ . Website Giriş için Tıklayın: Yabancı dizi

    Reply
  24. After all, what a great site and informative posts, I will upload inbound link – bookmark this web site? Regards, Reader.Website Giriş için Tıklayın: Yabancı dizi

    Reply
  25. Great post thank you. Hello Administ . Website Giriş için Tıklayın: Yabancı dizi

    Reply
  26. good job awesome content thanks

    Reply

Leave a Reply to saç ekimi fiyatları Cancel reply