Network Security - The Real Vulnerabilities

Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?

Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What's going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.

Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.
Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.

I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.

It's beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don't feel they should be responsible for educating their employees? Most organizations don't give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.


============================================================
You can visit any of the links below to revise this article and create a fresh unique one:

http://adf.ly/Il0LP

http://adf.ly/Il0S8

You can also visit this link to check your article for plagiarism (FREE):

http://adf.ly/Il0lL

For free computer application you may visit this link:

http://easypchacks.blogspot.com/

How to find Adware removal that is really free and avoid the pitfalls

Really free adware removal programs can sometimes seem hard to find. You click on a link that promise really free adware removal programs, but end up on a site with programs that eventually turn out to have a lot of strings attached. You might only be able to try out the really free adware removal program for a very short time, such as a few days, before you must purchase an expensive version of the program. A few days is usually not enough to find if you are comfortable with you Adware removal program or not. Another disadvantage with this system is that when you purchase an expensive Adware removal program, you will most likely stick to that program even if the program becomes out-dated or a better program is offered on the market. In other cases, you can use the really free adware removal program for as long as you wish, but it turns out to be so basic that it offers very little protection from Adware. You are then encouraged to buy a better, but pricey, version of the program. Sometimes it is actually a really great free adware removal program that you are offered, but the updates cost quite a lot of money. Since all Adware removal programs need to be updated frequently to stay modern, this can turn out to be very costly in the end.

There are however examples of really free adware removal programs that are available for download online, but you might have to spend some time looking for them. Really free adware removal programs are seldom available off-line, since it would be too expensive to distribute them. Be vigilant when you choose a website from which to download a really free adware removal program, since there are a lot of dishonest sites offering fake adware removal programs. When more and more computer users began to protect their computers from adware with adware removal programs, the deceitful companies that gain from the Adware programs developed their own fake really free adware removal programs.
These fake programs are promoted vigorously on the Internet, and many computer users are lured into installing what they think is a protective. If you spend some time online, you will probably sooner or later stumble over a banner add that warns you about the dangers of Adware, or claim that your computer is already infested with Adware. You will be offered a great really free adware removal program, and if click on the banner your will be sent to a website. From this website you can download something that looks like a very good and really free adware removal program, but it is actually a fake. Your computer will not be protected from Adware when you use this fake adware removal program, and the fake adware removal program will probably also install Adware, Spyware and other types of Malware in your computer. You can minimize the risk of downloading a fake adware removal program by only downloading really free adware removal programs from trustworthy web pages with a good reputation.


============================================================
You can visit any of the links below to revise this article and create a fresh unique one:

http://adf.ly/Il0LP

http://adf.ly/Il0S8

You can also visit this link to check your article for plagiarism (FREE):

http://adf.ly/Il0lL