|
 |
|
 |
 |
|
|
|
|
|
|
|
|
http://www.ecommerce-guide.com/news/trends/article.php/125561
By Mark Merkow, CCP, CISSP October 8, 1998 Password controls and protections have become somewhat of a joke to those within the corporate environment. User Ids and passwords scribbled on Post-it Notes and stuck on top of monitors or PCs offer no value to security. Even your cleaning crews know to look for them. Aside from the lack of keeping log-in information secret, typical users aren''t that good at creating passwords in the first place. Easily guessed or brute-force attacks on passwords add to their vulnerability. Later on in the series we''ll take a look at what constitutes a ''good'' password. "Social Engineering" is probably the most common form of gaining sufficient information to access systems since it targets the weakest link in the security chain -- humans. Over time, attackers become very good at persuading people within the organization to ''do something'' they''ll later regret. What may seem like an innocent call from a service technician may in fact be an attempt to steal log-in information or gain physical access to devices. Packet-sniffing offers a way to collect sufficient information to log-in to a system by simply ''listening'' long enough to the traffic traversing the network wires themselves. This is perhaps the most insidious kind of attack since the activity is hard to detect while it''s occurring. In terms of sheer numbers, the U.S. Department of Defense claims there "may have been" 250,000 attacks on DoD networks in 1995 -- long before the Internet became what it is today. Of the 38,000 "friendly" (Red Team) attacks, 65 percent of them succeeded using only low-end hacker tools. Today these tools are far improved and far easier to obtain. Only 4 percent of the successful attacks were noticed by network administrators and only a small percentage of those detected were reported... |
| Go to page: Prev 1 2 3 4 Next |
|
|
