-
Meet Hollywood Rainmaker Kevin Allyn - July 17, 2019
-
From Humble Beginnings to Great Success - February 21, 2019
-
Spotlight on Tolga Katas - February 15, 2019
-
Freedom Downtime – The Story of Legendary Hacker Kevin Mitnick - August 25, 2018
-
Steve Wozniak Corrects Inaccuracies About Jobs Movie - August 25, 2014
-
Kevin Mitnick Interview on Steven Colbert - August 25, 2014
-
Legendary Psychoanalyst Adam Phillips on Why the Capacity for Boredom Is Essential for a Full Life - July 19, 2014
-
The Psychology of Your Future Self and How Your Present Illusions Hinder Your Future Happiness - July 18, 2014
-
Media Mistake: Brian Mulligan on Bath Salts – A Story Mistold - June 20, 2014
-
Anna Deavere Smith on Discipline and How We Can Learn to Stop Letting Others Define Us - June 16, 2014
Network Security – The Real Vulnerabilities
You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?
Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.
You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?
Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?
Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.
This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.
Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.
Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.
I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.
It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.
Dennis d’Entremont is the operator of SaveLoad Video Game Directory and Computers-Made-Easy.com
Author: Dennis DEntremont
Article Source: EzineArticles.com
Provided by: PCB Prototype & Manufacturing
6,661 Comments on this Post
bets10 forum
Hi, just required you to know I he added your site to my Google bookmarks due to your layout. But seriously, I believe your internet site has 1 in the freshest theme I??ve came across. Hacklink Panel Hacklink
Tipobet Yeni Giriş
Nice article inspiring thanks. Hello Administ . Hacklink Panel Hacklink
raffle
Play2x – игры с выводом денег
instagram takipçi satın al
Merhabalar, türkiyenin en uygun smm paneline hoşgeldiniz. Ana bayi olduğumuz için kaliteli ve en uygun servislerimiz ile hizmetinizdeyiz.
儿童色情片
Thank you for content. Area rugs and online home decor store. Hello Administ . 儿童色情片
yorum satın al
Merhabalar, türkiyenin en uygun smm paneline hoşgeldiniz. Ana bayi olduğumuz için kaliteli ve en uygun servislerimiz ile hizmetinizdeyiz.
hırdavat batman
Türkiye Hırdavat Online satış nalbur usta, usta nalbur, hırdavat online, en ucuz hırdavat
instagram takipci
Hi, just required you to know I he added your site to my Google bookmarks due to your layout. But seriously, I believe your internet site has 1 in the freshest theme I??ve came across. takipci hilesi
cybersecurity
Hackdra Cybersecurity! This amazing platform offers the best solutions to secure your digital world. If you want to protect your own data and take measures against cyber attacks, Hackdra is exactly what you need. Its professional team detects current threats and provides customized solutions. Visit https://hackdra.io now and take a step towards securing your safety. Rest assured, with Hackdra, you’ll be safe in the digital world!
Sosyal İçerik
Very Nice Article
site de biographie
An amazing article. I read with fascination
Psikolog
Very nice post
Psikolojik Danışmanlık
It’s really a great article
pulibet giriş
pulibet giriş adresi güncel link
eryaman kreşler
Kendine güvenen, özgür, bağımsız kararlar alıp uygulayabilen, insani değerlere sahip, yaratıcı, girişken, etkili iletişim kurabilen, sorun çözebilen bireyler yetiştirmek temel hedefimizdir.
Psikoloji
best psychology blog
psychology
everything about psychology is here
instagram takip
Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. instagram begeni satın al
terapi
very nice post
web3security
Hackdra Cybersecurity! This amazing platform offers the best solutions to secure your digital world. If you want to protect your own data and take measures against cyber attacks, Hackdra is exactly what you need. Its professional team detects current threats and provides customized solutions. Visit https://hackdra.io now and take a step towards securing your safety. Rest assured, with Hackdra, you’ll be safe in the digital world!
therapy
Curious about therapy
Psikodestek
Psikodestek hakkında tüm detaylar için tıklayınız
Psikoterapist
follow us for great blog content
en uygun vds
en uygun vds al
web article
very nice postt
GB
Wouw, amazing!
GB
Nice post admin, keep it!
GB
Thank you admin!
ümraniye marangoz
Ümraniye marangoz firmamız ile tüm mobilyalarınız bizlere emanet. Yaptığımız bu işler içerisinde tüm işlemlerimiz tamamen profesyonel olarak yapılmaktadır.
webseo
Very good post
Gezideler
En iyi gezi bloğu için web sitemizi ziyaret edebilirsiniz.
gmail satın al
gmail satın al
drucker fehlermeldungen
Die besten Druckerfehlercodes auf unserer Website
warumfehler
Hier finden Sie Informationen und Tipps zur Selbsthilfe, einschließlich Tipps zur Fehlerbehebung bei häufigen Problemen und Fehlern
Fayansçılar
thanks for the content
bursa diş beyazlatma fiyatları
Diş beyazlatma; dişlerin yüzeyindeki gözenekli mine yapısında oluşan renkli, organik ve inorganik maddelerin diş beyazlatma jelleri ile giderilmesi işlemidir. bursa’da diş bey
Sweet Bonanza
Thank you for great content. Hello Administ. Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
Sweet Bonanza
Hi, just required you to know I he added your site to my Google bookmarks due to your layout. But seriously, I believe your internet site has 1 in the freshest theme I??ve came across.Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
marmaris yat kiralama
A very nice article. Thank you very much.
Sweet Bonanza
Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me.Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
e-devlet imei sorgulama
thank you red <3
Slot Oyna
Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me.Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
国产线播放免费人成视频播放
Nice article inspiring thanks. Hello Administ . 儿童色情片
Slot Oyna
Thank you great post. Hello Administ .Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
Diyarbakır Masöz Escort
viagra
casino
Nice article inspiring thanks. Hello Administ . Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
国产线播放免费人成视频播放
I really love to read such an excellent article. Helpful article. Hello Administ . 儿童色情片
国产线播放免费人成视频播放
Great post thank you. Hello Administ . 儿童色情片
Slot Oyna
Thank you for great content. Hello Administ. Seo Uzmani Umut Can Skype: By_uMuT@KRaLBenim.Com
maurers
Etkisini kullanmaya başladığınız ilk an hissedeceksiniz ve bu sayede istediğiniz kiloya ulaşacaksınız. orjinal maurers