Social Engineering is one of the most difficult hacking techniques to defend against because it is all about attacking the human elements. It is about manipulating employees and using non-technical means to discover information about the company or users to exploit them to gain access to the network. The best safeguard to use against social engineering is to educate the users and executives of the company. Educate them not to give personal private information to others without the employees knowing who they are. No one should have a need to know the user's password or access codes to their equipment. Train the employees on the proper way to discard sensitive information. Train them in not throwing papers with social security numbers or financial information in a regular trash can. Teach them the proper use of shredding material. Security is all about trusts and forming trust relationships. If you do not have trust then how can you be secure, that is why social engineering is so difficult to secure against because you are putting trust in your employees to not click on links in e-mails, give passwords to strangers, not to keep their passwords in the open, and not throw away sensitive information in normal trash.
A Denial of Service Attack (DoS) is attacks on a network and a web infrastructure. Its major objective is to prevent legitimate use of a network by preventing authorized access to resources, delay time critical operations, and by degradation of services. One of the most common types of DoS attacks is called TCP SYN Flooding also known as IP spoofing. A safeguard of this kind of attack is by installing a filtering router that restricts the input to your external interface, known as an input filter or ingress filter. You also should filter outgoing packets that have a source address different from your internal network to prevent a source IP spoofing attack from originating from your site.
E-Mail Attacks are very common as more people are being connected. You can have spam, phishing, and malware sent though e-mail. How do you safeguard against these types of attacks? It is simple don’t use e-mail. Make phone calls or send a letter to the person you are trying to reach. Those are not very good solutions. Just because a technology is not safe to use does not mean you cannot use it safely. If that were the case, why are you on a computer or using a pen or telephone? To protect your network from e-mail attacks remember to educate the users. Don’t click on links in an e-mail. If you have to go to the link open up a new browser and type that link in the browser. If you are told to log-in to your bank or credit card site then do it from the home page, and remember that a bank will never ask you to log in to change records or verify account information. If they do you need to change banks because they lack good Information Security procedures. Do not run a program from your e-mail. Save it to your desktop, and run it from there.
No comments:
Post a Comment