|
Maybe Not! The link you clicked COULD have
also done something else. It could have downloaded a piece of code from
our web server, and installed it on your PC. You wouldn't have noticed
it, because it's designed to work that way. This tiny little piece of
code could be busy establishing a connection back to our PC at the
office, and happily reporting every key stroke you make. Think about
that for a moment. If you didn't know about this code, you would come
into work tomorrow, type your user name and password and then set about
your day's work, completely unaware that we now have access to your
network. Not only that, but you may decide to check your bank balance
online, or buy that gift for your nephew - using your credit card of
course.
OK - the truth is that the link you clicked ONLY
launched your browser and brought you to this page. We HAVEN'T
downloaded any kind of nasty code to your machine and we're not spying
on you. However, the above scenario does happen - every day - to lots
of people. This doesn't happen because the victims are gullible, or
careless; it happens because they are not informed about the abundance
of threats to the security of their data. It also happens because those
who would attempt to compromise data security have a vast array of ever
evolving tools and techniques at their disposal.
In
light of that, can you be 100% certain that your data is secure? You
might think that having your network credentials would only provide
access to part of your network, but one foothold is all a good "hacker"
needs. After that, it's often only a matter of time before they are
able to escalate their own privileges to administrator level, and then
run amok through your network.
What
steps can you take to stop them? The first step is to check your
network for known security vulnerabilities, identify them and lock them
down.
Suna
can perform these test for you and then make recommendations designed
to improve your data security. Broadly speaking, we are able to test
your existing security against the following
Remote Attacks - Attacks launched against your
network via the internet. These attacks do not require the attacker to
have access to the victim's offices and can be implemented using a
staggering variety of methods.
LAN Attacks - Attacks launched against your
network from the inside! Something as seemingly innocuous as a
colleague or visitor with an iPod could result in a catastrophic
security breach. Sound unlikely? OK, consider this. Most modern
personal electronic devices such as mobile phones and iPods (not to
mention USB keys!) have their own hard drive and can transfer data to
and from a PC.
Social Engineering Attacks - Attacks that don't even need
access to a computer! We all have a desire to be helpful and can be
easily persuaded to reveal a small piece of apparently useless
information to a colleague. But - is that person on the phone really
who they say they are? Gaining access to data in this way is like
assembling a jig-saw - a little piece of information here, used to gain
the trust and cooperation of another helpful employee there.....
|
