Please support our Tech Talk advertiser:
Featured Entry 
Nov 30th, 2006, 9:26 pm
When computer systems get "owned", you may think it takes a master-geek with an extensive amount of knowledge to hack into tightly-secured systems. After all, security bugs are quickly found out, and patches can be released within a few days.
But when securing a computer system or network, especially the larger ones, many network administrators forget the most dangerous kind of hacking: social engineering. It may not sound like a threat, but it is.
As Dark Reading writes, a spy went into the bank to do some transactions, but while doing so, taking note of all the equipment in the room. Once they had gathered enough information, the author went in to "attack", posing as a photo-copier repair person. A laptop was set up, and within a few seconds, login data for a number of users had been stolen.
The problem with stopping social engineering is that all your computers are controlled by humans. There isn't a single computer in the world that doesn't rely on a human being at some point.
This brings in a whole new aspect. Not only do you have to protect yourself against invaders through the ethernet cable that is plugged into the network/internet, you now have to protect your staff and yourself from people trying to hack socially. Hackers will try to intimidate staff, and humans are only so perfect.
Establishing network and password policies is a good first step. Making sure that people are who they really say they are, and even calling someone to confirm this, offers good protection.
You have to remember that hackers are without ethics, and when you think about this, you will realize that hackers will do anything to gain access to a computer system.
So, social engineers are essentially hacking the human itself to steal login information. Unfortunately, iptables and other standard computer security isn't available for the human platform. This should help you visualize the vulnerability of your network. Remember, "Your network is only as strong as its weakest link."
So watch out!
But when securing a computer system or network, especially the larger ones, many network administrators forget the most dangerous kind of hacking: social engineering. It may not sound like a threat, but it is.
As Dark Reading writes, a spy went into the bank to do some transactions, but while doing so, taking note of all the equipment in the room. Once they had gathered enough information, the author went in to "attack", posing as a photo-copier repair person. A laptop was set up, and within a few seconds, login data for a number of users had been stolen.
The problem with stopping social engineering is that all your computers are controlled by humans. There isn't a single computer in the world that doesn't rely on a human being at some point.
This brings in a whole new aspect. Not only do you have to protect yourself against invaders through the ethernet cable that is plugged into the network/internet, you now have to protect your staff and yourself from people trying to hack socially. Hackers will try to intimidate staff, and humans are only so perfect.
Establishing network and password policies is a good first step. Making sure that people are who they really say they are, and even calling someone to confirm this, offers good protection.
You have to remember that hackers are without ethics, and when you think about this, you will realize that hackers will do anything to gain access to a computer system.
So, social engineers are essentially hacking the human itself to steal login information. Unfortunately, iptables and other standard computer security isn't available for the human platform. This should help you visualize the vulnerability of your network. Remember, "Your network is only as strong as its weakest link."
So watch out!
This blog entry was written by John Altenmueller, staff writer aka John A. It has received 1,606 views, 0 comments, and 12 linkbacks. 2 voters have rated this entry an average of 4.5 out of 5 stars. It was promoted to featured status Dec 2nd, 2006.
•
•
•
•
article bbc belgium browsing business capacity china cia credit cards crime cult of the dead cow dani web data dns espionage europe forensic google hacking harry potter help internet iphone iplayer kb linux michael knight mmorpg month myspace network networking news per phishing pirate power removable devices rfid search security social software telephone terrorism usb voip windows xp workgroup
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Viacom defends itself over YouTube data log disclosure (22 Hours Ago)
- Apple slow to patch iPhone security holes (1 Day Ago)
- Microsoft 'Equipt' to Battle Free Software (1 Day Ago)
- 12,000 laptops lost in US airports EVERY WEEK (2 Days Ago)
- Ballmer Again Chomping At The Bit for Yahoo (3 Days Ago)
- Apple iPhone 3G creates shortage of flash memory chips (3 Days Ago)
- Seeing double, twice, with Matrox M-Series QuadHead GPU (4 Days Ago)
- Good-bye Windows XP, Hello Open Source? (4 Days Ago)
- Tux, Please Pass The Packets. (5 Days Ago)
- The ipodmechanic is sued by Apple (8 Days Ago)
Related Forum Threads
- C++ que (C++)
- What are your opinions on Simple Machines (SMF) forum? (Growing an Online Community)
- My Birthday (Geeks' Lounge)
- Help appreciated on a display problem (Windows 9x / Me)
- Hacked satellites (Geeks' Lounge)
- knoppix or else (Getting Started and Choosing a Distro)
- wow 37 pop ups (Web Browsers)
- ATTN: VMWare Users (*nix Software)
