Home | Business | Business Network Mkt

Network Security - Vulnerabilities you might not be aware of.

By: Zack S

Read More About Business Network Mkt

Scenario: You work in a corporate environment where you are, at least in part, responsible for network security. You implemented a firewall, antivirus and antispyware, and your computer are all updated with patches and security fixes. You sit there and think about the good work you have done to make sure that it will not be infringed.
What have you done, what most people think, are steps towards a secure network. This is partially correct. And the other factors?
Have you thought about a social engineering attack? What about people who use the network on a daily basis? Are you willing to deal with attacks by these people?

Believe it or not, the weakest link in the security plan is the people who use the network. For most cases, users have no knowledge of procedures to identify and neutralize a social engineering attack. What's going to stop a user to find a CD or DVD in the dining room and bring it to their workplace and to open the files? This disc might contain a spreadsheet or a word processor document that has a malicious macro embedded in it. The next thing you know, the network is compromised.

This problem exists mainly in an environment where a help desk password reset on the phone. There is nothing to stop a person intent on breaking into the network by calling the help desk, pretending to be an employee, and asking for a password reset. Many organizations use a system to generate usernames, so it is very difficult to figure out.
Your organization should have strict policies to verify the identity of a user before a password reset can be done. A simple thing to do is have the user go to the help desk person. The other method, which works well if your offices are geographically distant, is to designate a contact phone in the office that can reset the password. This way everyone who works on the help desk can recognize the voice of that person and know that he or she is what they say they are.
Why would an attacker go to your office or call the help desk? Simple, it's mostly path of least resistance. There is no need to spend hours trying to infiltrate into the electronic system when the physical system is easier to use. Next time you see someone go through the door, and you know it, stop and ask who they are and what they are there. If you do, and it happens that someone should not be there, most of the time will come out as quickly as possible. If a person is to be then there will most likely be able to produce the name of the person that is there to see.

I know I say that I'm crazy, right? Well think about Kevin Mitnick. He is one of the most decorated hacker of all time. The U.S. government thought that the whistle tones to your phone and run a nuclear attack. Most of the hacking was carried out through social engineering. Whether this is due to visit the physical offices, or call, he made some of the biggest hack to date. To learn more about it Google his name or read two books he wrote.
It's beyond me why people try and dismiss these types of attacks. I think some network engineers are too proud to admit their networks that could be breached so easily. Or is it that people do not feel that they should be responsible for training their employees? Most organizations do not give the nationality of their IT departments to promote physical security. This is usually a problem for the manager of a building or facility, and management. However, if you educate your staff, or the slightest bit, you may be able to avoid disrupting the network of natural or social engineering attack.

Article Source: http://depositarticles.com/

This was written by Zack, an avid reader of VPN Security and Layer 2 Network Security topics.

Please Rate this Article

 

Not yet Rated

Click the XML Icon Above to Receive Business Network Mkt Articles Via RSS!
Additional Articles From - Home | Business | Business Network Mkt
Sign Up for a free account.
Our other websites
All about SEO
Beauty Tips Forum
Submit Articles
Member Login
Link Us
Submission Guidelines
Ezine Notifications
Article RSS Feeds
Sitemap
New Stuff
About Us
Developer
Good shopping portal
Link to Us
Contact Us
Privacy Policy
Terms of Service

counter easy hit

Powered by Article Dashboard