Pages

Thursday, December 23, 2010

People Are The Weakest Link

In today's modern day network companies are spending millions protecting their perimeter and keeping the bad guys at bay. They invest in firewalls, web filtering, intrusion prevention systems (IPS), SSL encryption, VPN's, spam filters, etc, to stop the malicious no-gooders from gaining access to their precious data. But what if the bad guys were already in your network? That's today dilemma.

Targeted attacks by persistent individuals will entail days if not weeks of physical reconnaissance on the organization they're looking to infiltrate. This will include watching when employees enter the building and what their habits are around the work place. Trying to get close enough to get a picture of their company badges in order to replicate one and gain access. Going through their trash at night or "dumpster diving", attempting to find information about the company that might not be public. Dressing in a stolen or replica uniform that could allow hackers to walk through the front door without being stopped, and much more. (Have you ever held the door for the Fedex delivery man while he walked up to the building holding a large box? Are you sure that was a Fedex delivery or did you just give some hacker access to your building?)

Another area that doesn't really get looked at enough is the complete and almost blind trust that people allow their cleaning crews. Many if not most cleaning crews are hired as a third party and are normally given keys to almost every office and room in the organization. What if a janitor making minimum wage was given $1000 to put a hardware keylogger on the CEO's workstation for a week and than send it back via mail to a P.O box? Better yet what if he was given multiple hardware keyloggers and asked to place them on the IT staffs desktops for a day, collecting as many high level logins as possible. The hacker for around $1500 dollars could have almost every admin login to the network and systems without even using a computer.

Another way that hackers gain access to an organization is through phishing and social engineering. They use these techniques to con people into giving them information they need. This is normally done over the phone and through an e-mail campaign directed at a compnay to make it look like the correspondence was legitimate. Examples of these would be e-mails coming from someone claiming to be from IT asking you to enter your username and password into a new system as a test (This is a text book example of a phishing e-mail, collecting the credentials that you just gave up willingly to a hacker). Or someone calling as the companies Helpdesk explaining to you that there's been an issue on the system and you need to change your password right away, oh and by the way here's a secure password for you to use.

So as companies continue to tighten their network perimeter the hackers are going to continue going after the low hanging fruit, the employees. You can have a $50 million dollar IT Security budget blown away by the receptionist being tricked into giving away her password over the phone.

Now that the perimeter is relatively secured, its time to start looking inward and securing the new target area; except here you can't buy hardware to stop the attacks. You need to educate the people on how to act and what to look for, which is easier said than done.

7 comments:

  1. When you choose httpmarketing, you can sit back and relax as our digital marketing team ( who have helped hundreds to establish their online presence not only in the Netherland ) will be handling your order with extreme care. We always provide the best quality to boost your website in all major search engines. 100% Google safe linkbuilding method, the best backlinks from sites that Google trusts. Always the latest methods 2020 and updates with the best websites. 100% greate results and we get 100% positive feedback from clients who are satisfied. We only need you website url and main keywords, that's it! Those are all of our requirements. With that information, we will select the best guest posts for your site (based on niche relevancy and SEO power). We will then compose the articles based on your URL and keywords so that they are highly relevant to your niche. Sites that Google trusts!

    ReplyDelete
  2. Superbly written article, if only all bloggers offered the same content as you, the internet would be a far better place.. link building

    ReplyDelete
  3. Muito provavelmente vou marcar seu blog. Você absolutamente tem histórias maravilhosas. Felicidades por compartilhar conosco seu blog programa espiao Android

    ReplyDelete
  4. Thank you for taking the time to publish this information very useful! unique domain backlink

    ReplyDelete
  5. Looking to start a web design business? Learn the tips and tricks of the trade, as well as what you need to get started. No longer is a deep foundation in programming all that's required; we look at the knowledge, the passion, and the business sense you need. Multilingual Link Building Services

    ReplyDelete
  6. If you Pay Someone To Do Your Assignment than get to me ., i'll help you out in best way

    ReplyDelete