Submit Your Site For Free!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

SysAdminNews
SecurityProNews
ITmanagement










Extra Security Precautions In The Workplace Urged

By Doug Caverly
Staff Writer
Article Date: 2011-03-24

System administrators who are good at keeping the trains running on time but don't assign many guards to protect them (figuratively speaking) might want to reconsider that approach. One expert who works as both a network administrator (at two different companies) and a writer recently outlined why security measures are important.

Trevor Potts pointed out in an article for the Register that the average employee might not exactly be on high alert while on the clock. Instead, a person who's texting friends and building a log cabin out of pens is liable to "X" anything that pops up on a computer screen while he or she is using it.

In the meantime, Potts suggested, "Someone using a suite of applications bought online has begun to attack the network. The Wi-Fi - using WEP - is for all intents and purposes unsecured; the WEP secret to the network is easily cracked. A well-known vulnerability is exploited to breach and then root the Wi-Fi router. Our attacker has just given himself the ability to perform man-in-the-middle attacks."

Then, "The password for the cloud service is scraped from the HTTP session, and some very minor code injection allows a complete download of the browser history. The code injection also allows the exploitation of the un-patched, leading to the local system being rooted. Rampant password re-use allows access to the company's complete stack of cloud services. Email, banking, accounting, CRM/ERP/BIS - including a great deal of customer personally identifiable information - have just been compromised in a matter of minutes."

Potts thinks pervasive encryption represents the answer to this scenario. That'll perhaps slow down some processes and incur some extra hardware costs, but any impatient finger-tapping on the part of users and customers can just be met with the assurance that their data's safer.
About the Author:
Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.

Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact

SysAdminNews is an iEntry, Inc. ® publication © All Rights Reserved Privacy Policy and Legal