.: Network Security – The Real Vulnerabilities
Category:Home / Computers / Networks
Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.
You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?
Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?
Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.
This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.
Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.
Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.
I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.
It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.
Article keywords: tech, support, computer, social, engineering, users, user
Article Source: http://www.articles32.com
Dennis dEntremont is the operator of SaveLoad Video Game Directory - www.saveload.net and www.Computers-Made-Easy.com
.: New Networks Articles
1). How to Build a Cat 5 Cable
STEP 1 - Stripping
Start by pulling out about 12 feet of bulk network cable to making the process a little easier. Carefully remove the outer jacket of the cable exposing about 1 1/4" of the twisted pairs. Be careful when stripping the jacket as to not nick or cut the internal wiring. After removing the outer case you will notice 8 wires twisted in pairs and a rip cord (white thread).
2). Network Security – The Real Vulnerabilities
Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.
3). Small Business Networking: Suggesting Dedicated Servers to Clients
PC-based servers and LANs may be relatively mature technologies. However, small businesses need your firm’s expertise, more than ever. For these businesses, you'll need to select, configure, customize, secure and maintain the right small business networking tools for their unique needs.
Real Small Business Networking Solutions Begin with Real Servers
How.
4). Network Cabling: Available Options
As their IT consultant, your small business prospects and clients will need you to explain the different network cabling options available to them.
Traditional Wired Ethernet (Category 5)
Until very recently, Category 5 data cabling was the de facto standard for both enterprise and small business LANs. Today, you’ll find some enhancements available to Category 5 cabling, as well as booming interest in wireless Ethernet solutions.
5). Recognize And Understand Home Networking Components
If you have not decided already,you will soon want to network your two or more computers in your home. You want to be armed to the teach with knowledge of just what it takes to connect your computers to one another.
You first should decide which network is best your you. If your computers are in the same room,the Wireless network should not be considered.
6). The Simplest Way to Get Online Passive Income
Based on my research, this seems to be the basic principle that website owners have been following to get passive income online:
* Get many people to come to your website * Get them to click on your Adsense links
Sounds simple enough. Get people into your website from Google search, then link out to an Adsense Ad. Search In – Adsense Out.
Practically applying it to get sufficient commendable income, however, can be quite a challenge.
7). What is search engine gateway?
Navino launched its search engine gateway service recently. For most of the Internet surfers, search engine gateway is a pretty new concept compared with meta search engine or multi search engine. Put it in simple, it is a web service, which can let you search the best information from the best content providers in one website.
When we try to find information everyday, most of us might go to Google.
.: Top Networks Articles
1). Computer Networking Fundamentals
Computer network is an integral part of our daily lives, with the most important reason being that of communication.
2). Router - Denial Of Service Attacks
Routers are not perfect. For that matter, nothing is. So if somebody wants to give a router more than it can handle there is a way to do this. We're going to take a look at what are called denial of service attacks.
A router can only handle so much information coming into it at one time. Every machine has its limits and routers are no exceptions. Well, when the nasty trend of denial of service attacks started early this century, routers were unprepared for them.
3). Ethernet - explained
Do you use Ethernet? You might think that you don’t, but don’t be so sure. Ethernet is everywhere – if you use a networked computer, whether it’s at home or in your office, you’re using Ethernet.
Ethernet is two things: a kind of cable for connecting computers together, and the method of communication that the computers use over the cables. Essentially, it is the glue that holds LANs (local area networks) together.
4). Building a Cat 5 Cable
This will show you step by step how to build an ethernet, Cat 5, or Cat 6 Cable.
5). Finding Your MAC Address On Wired And Wireless Network Cards
The Answer To The Media Access Control Question
----------------------------
Over the past few weeks I have received quite a few e-mails about Ethernet cards, both wired and wireless, and more specifically, about Media Access Control (MAC) addresses. I think the main reason I’ve received so many questions about Ethernet cards and MAC addresses is people trying to secure their home wireless networks and their desire to use MAC address filtering.
6). There’s no mystery in the IP address!
The Computer is a very complicated device we use for our every day comfort and the importance of some of its numerical aspects is sometimes neglected. For example: a different number is given to each computer when its user goes online or when it is part of a network. This number is the IP address and knowing about it is like knowing where you live…
What’s my IP and what do its numbers stand for?
IP stands for Internet Protocol and the address is formed from 4 numbers separated by periods.
7). Recognize And Understand Home Networking Components
If you have not decided already,you will soon want to network your two or more computers in your home. You want to be armed to the teach with knowledge of just what it takes to connect your computers to one another.
You first should decide which network is best your you. If your computers are in the same room,the Wireless network should not be considered.