Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on December 1, 2006 4:23 PM.

The previous post in this blog was More on the Blackberry Hacks.

The next post in this blog is Targeted spear phishing example.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« More on the Blackberry Hacks | Main | Targeted spear phishing example »

Social engineering your way into a network and applications

I recommend that you read the story "Banking on security" published Nov 29 in Dark Reading. The story outlines how a penetration testing team successfully penetrated a bank posing as a copier repair person and then quickly obtained uids and passwords for the banks senior management after successfully accessing their network.

The article shows how relatively easy it is to penetrate an enterprise physically and then obtain internal network access. Then criminals have a variety of tools at their disposal to use including malware, masquerading, etc.

The enterprise needs to have a layered enterprise defense using strong authentication as the user drills to higher risk applications, information and networks. Many of the layers must occur behind the enterprise perimeter. Additionally, employees need to be continually trained to watch out for social engineering attacks. If you don't, someone might literally walk in the front door and leave with all sorts of enterprise secrets and access privileges.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on December 1, 2006 4:23 PM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/62

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)