0.0 Introduction to Security
(Page 4 of 5)
The Biggest Challenge in Security is People
There is a term for this challenge12: social engineering. There is one school of thought that suggests social engineering is not part of the security issue. The argument attempts to split technology from people. While your authors understand the difference, this is a work concerning security and we have kept in mind that people are parts of the security issue a statement with which both the CompTIAs exam objectives and a CompTIA survey agree13.
The first part of your effort here is selling the idea that security is in the other persons best interest. It was Samuel Clemens (also known as Mark Twain) who, in his essay What Is Man?14 stated that, every one of us acts at all times in his own interest. The trick is to supply the data to the users in a form through which security can be properly applied to suit their own best interests.
Your authors do not mean to imply that most workers dont care about their jobs. Social engineering, which is the most successful form of attack used by the outside intruder, often specifically takes advantage of workers desire to be helpful to coworkers, vendors or other business partners while doing their jobs. For example, the intruders first phone call to an employee reveals the name of the person in charge of the phone system. The second phone call wants to know the make and model of the phone system. This gives the intruders the data to make the third phone call -- to get a person do perform some simple step, as requested by (insert obtained name from the first call). With this, the intruders just got an employee, who thought they were doing their job, to prop open a door on the phone system for the intruders. A perfect example for this attack is the Kevin Mitnick scandal.
We have carefully chosen one example to highlight as a typical method into your network that is not often thought of ..your modem. Modems tend to be forgotten because they are not as new and super fast as a network broadband connection.
Even at 28Kbps, a modem that is not monitored for a few days can be the loophole allowing a fair amount of data to slip out undetected.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.