Wednesday, November 7, 2012
10 Ways Hackers Breach Security
1. Stealing Passwords
Dictionary attacks, brute force attacks and hybrid attacks are methods that are used to guess or crack passwords. These attacks can be minimized by having longer, more complex passwords or using multiple factors for log-in authentication.
2. Trojan Horses
A Trojan horse is a malicious payload hidden in a benign host. A Trojan can be anything- a program that destroys hard drives, corrupts files, records keystrokes, duplicates emails, etc. A Trojan horse could be delivered via email attachment, website download, screen savers or even greeting cards. Anti-virus protection along with malware scanners can prevent a Trojan from causing damage to your computer.
3. Exploiting Defaults
Attacking a network can be very easy if users always use defaults set by vendors or manufacturers. Account and password defaults, along with installation defaults such as path names, folder names, and settings can all be used to hack into your network. Prevent this by always changing passwords and using custom installation settings.
4. Man-in-the-Middle Attacks
A MITM attack occurs when an attacker is able to fool a user into establishing a communication link server or service through a rogue entity. This is often done by sending a legitimate-looking email (maybe from your bank) with a link to a fake website with that looks similar to your bank’s website. Users often enter their log-in credentials, and BAM- the hacker has your information. To prevent MITM attacks, always verify that links from websites stay with trusted domains.
5. Wireless Attacks
While deploying wireless networks is inexpensive and easy to do, it is more expensive to secure a wireless network. In fact, most hacker attacks are more easily accomplished when a wireless network is present. If you have a wireless network, make sure that the appropriate security measures are in place.
6. Doing their Homework
Hackers learn how to overcome your security barriers by researching your organization. A hacker can learn a lot about your company in just a few minutes, and often spend 90% of their time doing background research. Examples of what they can learn: +The operating system you use, major programs, programming languages, platforms and more- from job postings; +Employee home addresses, phone numbers, employment history, driving history and more- from free and paid background research sites; +Usernames, email addresses, directory structure, file names and more- from website scanners.
7. Monitoring Vulnerability Research
Hackers are doing their research, and you also need to! Keep track of discussion groups, website postings, and third-party security oversight discussion groups of every vendor whose products your organization uses.
8. Being Patient & Persistent
Hackers often spend weeks or months researching their targets. Then, they have to select a specific attack point, design their attack, test and drill the attack, improve the attack, schedule the attack, and finally, launch the attack. Attacks are more successful when the hacker does it one small step at a time. Likewise, preventing hacker attacks requires patience and persistence. You must watch the most minor activities on your network with auditing processes keep current on patches, updates, and system improvements.
9. Confidence Games
Many security mechanisms used today are very effective against most hacking attempts. That is why hackers are going for your people. People are the biggest problem with security because they are the only element within a secure environment that has the ability to violate the rules. People can be tricked or coerced into violating the security system to grant the hacker access. Educate your people by training them about what to look for and to report all abnormal interactions. Even those who believe their position is so minor in the company can be targeted- and often are.
10. Already Being on the Inside
The majority of security violations are actually caused by internal employees. Disgruntled employees and those who join the company only to exploit it are reasons that persons on the inside attack. Internal security defenses should be employed to prevent these occurrences. Defenses include keystroke monitoring, preventing users from installing software, not allowing external media sources, disabling USB ports, extensive auditing and internet filtering and monitoring. (Information collected from Global Knowledge)
Are you having security issues? Contact us at 419.534.3010 or via email for help!
Labels:
security
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment