Skip to content Skip to sidebar Skip to footer

Vulnerabilities in Network Security - What Are They?

Vulnerabilities in Network Security - What Are They?

Assume the following scenario: you work in a corporate setting where you are, at the very least, a member of the team responsible for network security. You've put in place a firewall, virus and spyware protection, and you've kept all of your machines up to date with the latest patches and security updates. You sit there and think about the wonderful work you have done to ensure that you will not be hacked into your computer.

You have completed what the majority of people believe to be the most important stage in establishing a secure network. This is only partly true, though. What about the other considerations?


Have you considered the possibility of a social engineering attack? Is there anything you can do to help the people that use your network on a regular basis? Are you prepared to cope with an assault by these individuals if they come at you?

Contrary to popular belief, the individuals who access your network are the weakest link in your security strategy. The majority of users are unaware of the steps to be followed in order to detect and neutralize a social engineering assault. What is going to prevent a user from discovering a CD or DVD in the lunchroom and bringing it to their workstation and accessing the contents of it? Nothing, really. This disk may include a spreadsheet or word processor document that has a harmful macro that has been inserted into it. It doesn't take long until your network has been hacked.

This issue arises in particular in environments where help desk personnel are responsible for password resets over the phone. Anyone bent on getting into your network may contact the help desk, pose as an employee, and request that their password be changed. There is nothing that can stop them. Because most companies utilize a method for creating usernames, it is not difficult to find out what they are in most cases.

Users' identities should be verified before a password reset can be performed in your company, and you should have strong rules in place to ensure this happens. One easy solution is to have the user come in person to the help desk and ask for assistance. The second option, which is particularly useful if your offices are located in different locations, is to select one person in the office who may be contacted to request a password reset. In this manner, everyone who works at the help desk will be able to identify the voice of this individual and be certain that he or she is who they claim to be.

When an attacker comes to your office or calls the help desk, what makes them think they'll be successful? Simply said, it is the route of least resistance most of the time. No longer is it necessary to spend hours attempting to get into an electronic system when the physical system is much more straightforward to compromise. You should always stop and inquire who someone is and what they are there for the next time you see them come through the door behind you and aren't familiar with their face. If you do this and it happens to be someone who is not meant to be there, he will almost always leave as soon as he can after you tell him what you are doing. If the individual is meant to be there, he or she will very certainly be able to provide the name of the person with whom he or she is supposed to be meeting.

I'm sure you think I'm insane, don't you think? Consider the case of Kevin Mitnick. He has the distinction of being one of the most decorated hackers of all time. The United States authorities believed he was capable of making whistle tones on a telephone and launching a nuclear strike. The majority of his hacking was accomplished via the use of social engineering. Whether it was via actual trips to workplaces or phone calls, he was able to pull off some of the most incredible hacks to date. If you want to learn more about him, you may look him up on the internet or read the two books he's authored.

It baffles me why people attempt to brush off these kinds of assaults and ignore them. Maybe some network engineers are simply too proud of their networks to acknowledge that they might be compromised so easily. It may also be due to the fact that individuals do not believe they should be held accountable for the education of their workers. The majority of companies do not delegate authority to their information technology departments to enhance physical security. Most of the time, the building manager or facilities management has to deal with this issue. If you can educate your workers even just a little bit, you may be able to avoid a network breach caused by either a physical or social engineering assault on your network.

Post a Comment for "Vulnerabilities in Network Security - What Are They?"