Abstract
Stealing corporate data has never been easier. So says a penetration tester writing in this issue: and he should know – he's clocked up 10 years of hacking experience, from both inside and outside organizations. He shares his ‘top five’ network vulnerabilities, showing the most likely routes an attacker would take to compromise your network security. As expected, not everything in this article is about technical controls. The first port of call is the ‘Helpful Staff Member’ – in this case an office receptionist contacted on a ‘pay as you go’ mobile phone, who obligingly gives out the names and e-mail addresses of the IT project leaders for the areas of interest – mostly to do with payroll and payment systems. Then comes the spoof web page, in the same style as the corporate site, even using the same images and logos by embedding the real image paths in the code. And they're off. Breaking into corporate networks has never been easier. Over the past ten years, I have taken part in a large number of penetration tests, from both inside and outside organizations. Over this period several important themes have emerged, which, whilst apparently unrelated, contribute to the failure of organizations to protect their information assets adequately.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
