The weakest link in network security

Even the most rigorous enterprise network is protected, employees may lose money by inadvertently disclosing confidential information.

Which part is the weakest link in the network? Internet firewall, anti-virus software, remote PC, or mobile office laptop? Most security experts agree that computer hackers may intrude into almost all networks by asking specific users a few simple questions.

They not only use various technical means, but also use the concept of social engineering for fraud. In other words, they will exploit the Inherent trust of humans, their desire to help others, and their curiosity about unknown things. They exploit these vulnerabilities to defraud users and passwords, this makes security measures that adopt various advanced technologies useless.

If you do not have a special understanding of this situation, you can refer to our plug-in "Five tricks that hackers often use ", and reflect on whether you will be fooled easily in that situation. However, the trick involved in that plug-in is only part of the method that hackers use to probe useful information.

In fact, computer hackers can obtain a lot of information without talking to anyone. They only need to access the Web site of your company, you will be able to know the company's leadership positions, financial information, organization charts, and the e-mail addresses and phone numbers of employees. In addition, they will also filter out a lot of valuable things from the old files thrown away by the company, such as the organization chart, market plan, Memorandum, Human Resources Manual, financial statement, company rules and regulations, and process description. Hackers will use this information to gain the trust of employees of the company. For example, disguised members and customers can call or send emails to employees of the Company to gain the trust of each other step by step, they finally enter the company's network.

The following technologies are used to obtain information from company employees:

◆ Use a lot of hard-to-understand information or a variety of strange problems to confuse an employee's ideas, so that you cannot find out what he wants.

◆ Hackers will also intentionally set some technical faults for you and then help you solve them to win your trust. This method is called reverse social engineering.

◆ Use a strong emotional tone or even a threatening tone to command your obedience to his instructions.

◆ If you find that you are in conflict, he will give up a few small requests as appropriate. In this way, you feel that you should also meet his requirements in return.

◆ Keep sharing information and technology with you without asking for any return (at least at the beginning). When hackers make some requests to you, you may think you must tell them.

◆ Pretend to have the same interests and interests as you, and use the opportunity to mix them into your interest group;

◆ Lie that you can help a colleague complete an important task;

◆ Establish a seemingly friendly and unrelated relationship with you, and then set out common company terms, key employee names, servers, and application types from your mouth.

You also need to note that a large proportion of security problems are caused by dissatisfaction with employees or non-employees (such as customers or partners of the company) who often leak information that should not be leaked. People tend to ignore internal risks.

Of course, social engineering is not limited to obtaining confidential information from the company. Hackers often use this technology to obtain credit card numbers, user names, and passwords that can be used for online shopping from individual users. Their common trick is to use e-mail and forged Web websites to convince users that they are visiting a website of a famous big company.

If you still have questions about the role of social engineering, you should at least be vigilant and careful. Kevin Mitnick is one of the most notorious hackers in the 20th century. He has repeatedly told the media that he broke the network more by exploiting human vulnerabilities rather than relying on technology.

On the other hand, most companies are more willing to invest a lot of money in security protection technology, but ignore employee management. Most security products and technologies do not consider social engineering. So what exactly should you do?

You should solve this problem from two aspects: first, you should provide necessary protection for physical locations (including desks, file cabinets, and Web websites) that may leak company information. Second, you should educate employees on security and establish clear rules and regulations.

Physical space security may be relatively simple. Below we list some important tips, most of which cover the above two aspects (physical protection and rules and regulations ).

◆ Enable all company employees and visitors to wear badges or other identifiers that indicate their identities. Visitors must be escorted to their destination.

◆ Check which documents must be locked at any time and which can be thrown into the shredder for processing.

◆ The file cabinet should be locked and placed in a secure and monitored place.

◆ Ensure that all systems (including all client PCs) are password protected. strong passwords should be used and regular changes should be made.

Each machine should also be set to enter the screen saver after several minutes of free use, and set a screen saver password.

◆ If the package on the hard disk contains confidential information, it should be encrypted for storage.

◆ Do not disclose too much information about the company on the public Web site. Establishing a good security system and training employees is more difficult. Company employees generally do not realize the important value of the information they spread. They must always be vigilant in the face of information consultation from strangers so that they will not be cheated easily.

The best way to train employees is to allow teachers to use social engineering technology to extract valuable information from their mouths before training, and then the teacher will analyze and explain these examples as negative teaching materials.

You need to develop a clear set of rules to let everyone know which type of information cannot be disclosed to others under any circumstances. Many seemingly useless information (such as server names, company structures, and Common Terms) are valuable to hackers. The access rules of various information should be described in detail in your rules and regulations, and the security measures to be taken should also be described in detail. Clear punitive measures should be taken for violations of these Regulations. If the rules and regulations you have formulated are detailed and clear, employees will not easily disclose company information.

Currently, tools dedicated to dealing with social engineering are rare, but some content filtering tools and anti-spam products (such as MailFrontier Matador) it can be used to prevent employees from disclosing information through e-mails or prevent external fraudulent emails. Matador uses a series of patented technologies to identify suspicious emails.

Fighting against social engineering is a long and arduous task, as attackers constantly improve their tactics to break through existing preventive measures. Therefore, once a new method of fraud emerges, You need to formulate new rules and regulations as soon as possible to prevent fraud. And keep reminding your employees that they are the true firewall of the company.

5 tricks that hackers often use

① Many people have received such an email: promise you a high bonus, and all you have to do is fill in a registry ticket (write down your username and password ). Surprisingly, many people reply to such emails, A considerable proportion of users fill in the same username and password as they used when logging on to the company network. Hackers only need to send an email to more than 10 employees of a company to easily obtain two or three network logon passwords.

② Sometimes a dialog box pops up on your computer to tell you that the network connection is interrupted, and you are asked to re-enter the user name and password to restore the network connection. Sometimes you may receive an email that appears to be from Microsoft reminding you to run the security upgrade program in the attachment. Have you ever doubted the validity of this dialog box or email?

③ When you leave for smoke and join the chat, you may talk about the failure of the email server of the recent company. For a large company, you may not know all employees, and these chatbots are likely to mix up with one or two unidentified hackers.

④ Suddenly a person came to look at your boss's computer (the boss may be out), saying that the boss's Outlook had a problem and asked him to fix it. This reason sounds reasonable. Outlook software does often have problems, but why do we need to fix it when the boss is not there?

⑤ Sometimes you will receive a call from a girl who claims to be the assistant to the president, asking you to tell her personal or company information. She will name the company leader or inadvertently reveal information that only the company's employees know to dispel your doubts.