An intelligent method to block e-mail bombs
Applied Intelligence
Tools protecting stakeholders against hackers and crackers: an insight review
International Journal of Electronic Security and Digital Forensics
| Hi-index | 0.00 |
Stealing corporate data has never been easier. So says a penetration tester writing in this issue: and he should know - he's clocked up 10 years of hacking experience, from both inside and outside organizations. He shares his 'top five' network vulnerabilities, showing the most likely routes an attacker would take to compromise your network security. As expected, not everything in this article is about technical controls. The first port of call is the 'Helpful Staff Member' - in this case an office receptionist contacted on a 'pay as you go' mobile phone, who obligingly gives out the names and e-mail addresses of the IT project leaders for the areas of interest - mostly to do with payroll and payment systems. Then comes the spoof web page, in the same style as the corporate site, even using the same images and logos by embedding the real image paths in the code. And they're off. Breaking into corporate networks has never been easier. Over the past ten years, I have taken part in a large number of penetration tests, from both inside and outside organizations. Over this period several important themes have emerged, which, whilst apparently unrelated, contribute to the failure of organizations to protect their information assets adequately.