Network Security - The actual Vulnerabilities

Related Articles

• Why You Should Buy Wholesale Electronics From China
• Mini Home Theater Systems
• Must Have Xbox Accessories For Your Console
• Create unique website through Bigcommerce templates
• Why to buy paid private proxies rather than free proxies?

HTML Ready Article. Click on the "Copy" button to copy into your clipboard.

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'><html><head><title>Look For Articles - Articles Directory | Network Security - The actual Vulnerabilities </title></head><body><h3>Network Security - The actual Vulnerabilities </h3><br><br> By: Carol Martin<br><br><p>Scenario: You're employed inside a corporate environment by which you are, at least partially, accountable for network security. You have implemented a firewall, virus and spyware protection, and your computers are up to date with patches and security fixes. You sit there and think about the lovely job you have done to make certain that you won't be hacked. </p> <p>You have carried out, what most people think, would be the major steps towards a secure network. This really is partially correct. What about another factors? </p> <p>Have you thought about a social engineering attack? What about the users who use your network every day? Are you prepared in dealing with attacks by these people?</p> <p>Believe it or not, the weakest link in your security plan's the people who make use of network. Typically, users are uneducated on the procedures to identify and neutralize a social engineering attack. What's going to stop a person from getting a CD or DVD within the lunch room and taking it for their workstation and opening the files? This disk could have a spreadsheet or word processor document which has a malicious macro embedded in it. The next matter you know, your network is compromised. </p> <p>This problem exists particularly in a breeding ground the place where a help-desk staff reset passwords over the telephone. There is nothing to stop a person intent on entering your network from calling the assistance desk, pretending to be a worker, and asking to possess a password reset. Most organizations use a system to generate usernames, so it's not so hard to figure them out.</p> <p>Your organization must have strict policies in place to verify the identity of the user before a password reset can be achieved. One easy move to make is to possess the user navigate to the help-desk in person. The other method, which works well in case your offices are geographically far away, is to designate one contact in the office who can phone for any password reset. By doing this everyone who works on the help desk can recognize the voice of this person and realize that they're who they say they are. </p> <p>Why would an opponent go to your office or make a telephone call to the help-desk? Simple, it is usually the path of least resistance. There is no need to spend hours attempting to enter a digital system when the physical product is simpler to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and get who they really are and what they are there for. Should you choose this, and it happens to be somebody that is not supposed to be there, most of the time he'll get out as soon as possible. When the person is supposed to be there then he will in all probability be able to produce the specific person he is there to determine. </p> <p>I understand you are stating that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers ever. The US government thought he could whistle tones into a telephone and launch a nuclear attack. The majority of his hacking was done through social engineering. Whether he made it happen through physical visits to offices or by looking into making a phone call, he accomplished some of the greatest hacks to date. If you wish to know more about him Google his name or browse the two books he's written. </p> <p>It's beyond me why people try to dismiss these types of attacks. I guess some network engineers are simply too happy with their network to confess that they could be breached so easily. Or is it the fact that people don't feel they should be accountable for educating their employees? Most organizations don't give their IT departments the jurisdiction to promote physical security. This is usually an issue for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from the physical or social engineering attack.</p> <br><br> <b>Author Resource:-></b>  Franklin Publishing Group provides specialized reports for clients across the world. Our client <a href="http://www.alloutcomputers.net/atlantacomputerrepair.htm">Atlanta Computer Repair</a> Nerds Next Door offers expert <a href="http://www.alloutcomputers.net/computerrepairatlanta.htm">PC Repairs in Atlanta</a> <br>. To learn more you need to call up Nerds Next Door at 888-596-4321 <br><br><br><b>Article From</b> <a href='http://www.look4articles.com/'>Look For Articles - Articles Directory</a><br></body></html>