As most programmers think, you have taken the main steps to have a safe and risk-free network. This is partially correct. What about the other factors?
Scenario: Suppose you work in a company, it does not matter what type of company the company works, and they appoint you as a network development and security officer.You have done your firewall, virus firewall and malware firewall, all your computers are properly updated and complete and all the security fixes are done, then you think you finished your job with confidence and you are sure that it will be safe.
You, like most people, have taken major steps toward a secure network.. This is partially correct. What about the other factors?
Have you thought about a social engineering attack? Have you ever wondered about the users who use your network on a daily basis? Are you prepared to deal with the attacks of these people?
Do you know that the weakness of your security plan lies in the people who use your network except whether they are employees or non-employees who can access and connect to the network, most users do not know what the procedures and identification of a social engineering attack are, example: one of the users finds a DVD or USB And took him with him to his place of work and opened the files?
And this disk or flash contained data that processed words that contained malicious macros.. The next thing you know, your network is compromised, Did you think about this or did you ignore a topic that you thought was secondary, which is basically a very important main topic to see.
Such a problem is especially found in an environment where help desk personnel reset passwords over the phone.. There is nothing to stop a person intent on breaking into your network from calling the help desk, Make sure that you are not manipulated by a fake person impersonating the Support and Maintenance Center, pretending to be an employee, and asking to have a password reset. Most of these organizations use a system for creating usernames, of course it is not too difficult to find out.
Your company is supposed to have strict policies for verifying the identity of the user before doing a password reset, for example: the user must personally go to the help center. And not only this, an administrator must be assigned to communicate by phone to reset the password.. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are, Take strict security measures so that no one is manipulated by impersonating you.
Think with me, why would an attacker go to your office to make a phone call to the helpdesk? Simple, usually the least dangerous route. An attacker doesn’t need to spend hours trying to break into an electronic system when the physical system is easy to exploit. Don’t go easy on the next time someone visits your office and you don’t know who it is, stop them and ask what brought you here and call for in-company protection..
If this is true and the person is there, he will probably be able to provide the name of the person who is there to see.
You’ll tell me I’m crazy, won’t you? Well think of Kevin Mitnick. He is one of the Most scams of all time.
The US government believed that this attacker could ring the phone and launch a nuclear attack. He has done most of his hacking through social engineering. Whether it’s through actual office visits or by making a phone call, he’s accomplished some of his greatest hacks to date.
Why do most people say he is far from me and rule out these kinds of attacks. I personally think that some network engineers are so proud of their network that they can’t admit it can be hacked so easily.
Or the fact that people don’t care and don’t feel that they should be responsible for educating their employees and giving them educational programs about protecting themselves from cyber attacks? In fact, technology and information engineers often neglect the fact that most organizations do not give their information departments the jurisdiction to enhance physical security.
Usually this is a CEO or facility management problem. Nothing less, if you can educate your employees a little bit; You may be able to prevent a network intrusion from a physical or social engineering attack The employer must not underestimate this danger, because it may destroy the company from its foundation.
You must be logged in to post a comment.