|
|
|
Five Ways Your Best Employees Can Compromise Your Network ... And Not Even Know It
By: Dirk Morris, Co-Founder and CTO, Untangle
2008-06-25
Article Rating:  / 22
There are 3 user comments on this Enterprise Applications story.
Five Ways Your Best Employees Can Compromise Your Network ... And Not Even Know It (
Page 1 of 2 ) Without the right management policies and training, any company, large or small, can find itself in a security mess. Dirk Morris, CTO of Untangle, tells you what can happen and how to avoid the problems that would otherwise result.
.jpg) "I'm a small business. No one is going to bother trying to hack my network."
Wrong.
In fact, 56 percent of small businesses surveyed by the Small Business Technology Institute had at least one security incident in the previous 12 months. More and more, instead of going after the big boys, cyber-criminals are attacking small businesses that have systems that are often more vulnerable than those of larger enterprises and that often do not have the time and money to invest in a comprehensive security solution.
Additionally, hackers continue to change their techniques and adapt to recent improvements in network security, so small businesses face an ever-evolving set of external threats: spam, pharming, phishing, viruses, adware, key loggers, root kits the list goes on and on. But companies also face unintentional threats from the inside, as employees often engage in high risk network security behavior without even knowing it.
Here are the top five ways that employees unknowingly add fuel to the (in)security fire:
Responding to phishing and spam e-mails
Phishing scams and e-mail fraud can be more sophisticated than they seem and are ubiquitous security issues that at best annoy and at worst present a real threat to secure data. Phishers and spammers use tricky URLs (for example, www.vvellsfargo.com, where two v's make the w, or www.disneywor1d.com, where the "L" is represented by the number one) that appear at first blush to be legitimate but actually direct users to malicious sights designed to steal personal information or install malicious code.
This kind of scam works more often than you might think. In 2007, a spoofed Better Business Bureau e-mail was sent to a variety of businesses with an attachment supposedly containing a complaint against that business in an RTF (Rich Text File).
When users downloaded and opened the attachment, they unknowingly ran an executable that installed a keylogger program (with a .pdf extension so the file looked innocent). This keylogger then uploaded stolen data to servers in Malaysia.
The take-home point is that employees need to be careful about what e-mails they open and what links they click on. If something looks suspicious, it probably is, so steer clear.
Checking personal Web mail at work
If a company has its own e-mail server, it will usually be set up with some form of anti-virus protection that scans all inbound e-mails to the server for viruses. Often, this only checks SMTP traffic, which is used by the mail server, leaving other protocols, such as HTTP, wide open.
Thus, when employees check their personal e-mail account via a Web browser using HTTP, this network traffic will bypass the virus-scanning setup for the company's e-mail server. A similar situation can occur for an FTP download. You must consider and scan all inbound traffic on your network for malware regardless of protocol.
|
|
�������x}ks8q�8c�-IJ�oRJ"!cԒm�˩'o�ЃG&7-�`n4���Qȅ3"mלٔN\Sãw�w$vv~]�2q5*_sdz&9%G�jT7�R}f]S� ����vGl&J~x'AT�1�v�R5�1F㠪Y�=+[�}D}�q^~d
wk�.htL�IB#T
�9i�?۴�$�)qHÑh]
!IQ�M�ږyD6�Շ�H��*�7�܉x8ѽ/DeOX�IQYx5"p8$j��;^7W�ӣw2��u(X(QuB,M˟�l�ڮ�U� ؓ�ۭ@�x!D�y!rs�#�g߶�03d#7t#205bR#��-m�;"�EO�m.;@Ppm׃)KTfIJ��ݳt{#Գ@u|ף&Z�.&�$g���_FB?$fJ��8QK��Rz=Ķ|h�{'�) �]�u~C/}=
:Ѝۑ�<8�(jI�HU
&�1�C p==\'��{tX!.yӝfؖqwh �푦J�ھ��*R<8rދWcm9��2w7[ڼ{UMSvu~#��lݹ��Rh[Jv^v�Cn\w�|j^\���@$HcA@'Fj;�}�&
D%\.�&I&�_��c���׳P��5](E~o[���Mюd$YS)2�!�,� �ǽlni^Wn')wf٘Y�ji�ed�X�]3��,Uiuti4Z'.gw�:�P��ڟ�+XT'_ZU`z�6O{uHz>54�01\�]it �?6:'WM2�୫��dp"ˍ^ �<-�-�%wܻ��/Rx3o�f5
tA�[&%9[7ɄS�H�z�PN@�Y*�F`Kc7������I3뮚;�n�ZK=0�[5RFƺ�\� Д��a��לذ�1�"%�
hJqOM
XR�U��>hI"A[fT}O��%ތ��EPӚM�q�OCGs�>H2AG66^�zK
tcl���>#�aR�
8
V8;�uCuәa �{>�0���kBi5��j$�>6(Z\�tM0I3 к`y��na2&�#j��:���?�a#0.Zm{��$8ʼ��}�¢��1O�p-�{&`sDowe����93(�S@8dN˵�K��(G))(I.B$(ZȻ�B�!A�lv���[$p Xx�l+��+~'⎄R1i�Jl�Ri �wRTD;7 K�{T�Kh!+�K@fsfh(ir0u Q="`&�Qea*0pRx5Q7m\JlPP<�$`�z=GV�Jh��5�YQՙSMq3r`!-gי�'�fo�3p#Eq")2��2,Xh�Gl:J"/9d�)Ln�4Wl}}Т̇q�m`![{�ˀ)4�ٌi8��A�0>A̞P��,jLC9\O,_zt\҃1 4f�כ�&�d5�0�J%gYA�3�'|(@]4>+WuPÃ"`"+42[�=!
= Lw(f�w^IY䞅TৼYX��X`w�,R?v'�6I
�Xh��8GCW4ꁶ'~24i�kCTME/:A'~ޮ�R[k�Y�H
�2�Ws�˾x�um8Hi+-`9H]`8��2f��ˣ(�U6LF%?�Io<�j}A�5s;\Pe�pdҶ<:4E�iAyX,.[6`�aP�eQ@3ErFlp
|ꝸS �kQDSOX�hBJmH�w:v�
cѭ,��h8)4u_L�-F�*�|��(
��+���ҵ瓩;�ʢ{\]Sv˺ԻXa6OM �V�U}�>cC�L�mRM}Bu߲i? �R�DwRH8�KJAUcϓ�as@M$ kn�V2�&Gmܡk}6euE��s�ƱԧSt%ҶY�4���hO©5z1|��*j�0&B$V�0l^p|hF`+\sW�[�"�L��J}�wY'Jz8sݑM% b�x.(J9��LZ�06Aae呯^�t8�#P�& ,wt�\d���B60�h�}�!T0�|*W+��S//��' 7(ڀ"P/?�ˇ%b�tXQ ]j+?mP�Y�f0`%l*{��*�5P6>*�09g~+kJ�$�X�S
1>L*k}��\U~Ae߯YQ�XY :چH�����i3
9��
|
q?Nqߎ3�H�k+sD
�ü
�z30Jјlwl\Qm(}�g�uG vp?nnx�PE�m/POﺪiD[2Ld��T~�#\y��lؤκVoZ>�Se6a'ß>�)s?y�Wja�==cݸM?,�YEn9&}+琩ks�C/���ܒ;� f �D�|��8 F�%`�?8�Y3GGu�"�M."_\@qcc��n#2v"9s=!��`n�~˯I�7a9H�n�:R.���i� �1ct�Se}{c2�OwOUU^S<:h�3$_Q@hOXM\�Xex.N3 akc>�o
4y�GEXqkX�#=O
+(j�f�DU5}�5ӑ�?>�n�k-Gf/f�IC{EY(..>JMP�*jII�z,`weQbki`WPF4`�W�&{c
m.E<��[ �1ķ�ʨTI�SW".wD<�7Ϩ�;b�}Nb���4PG���}f q��4;b_f�-$N�Vum4uP�"5Hq+�$˴}I+�$uYt�>80xnH N��WQqT*N<(jjjox4 x4Hđ
;wk}}�Jr@*�5�]�*_v�>"m4!`��XPK{(,�~79ـo�~T
���dP�-<� �j \h?��"MMxhc
�R�sɖB�x�K��LC�V��3,�q�vë�
eV15/��-�1{ݽ]AWv�%�O(0�h_�pCﻶ$\�auv��1gax��-⤔�Iԕº�ƶO;=n]|>A&̫{;~xmZC:LG:;E��a%<��8Ej]68$#��gם
ծ5pCmtj2�e'A)��`,v1]�0}�r&Eh.Ϥk�my��8�-o�d�hq�vu),}ҹ\C|GuٔXz+փ G� EG!hUHf:<��2�ڌ7�M
,#z~�aL�^CZJ@I}\7לY0z)B3pO⪱�=Cɢl�Gݨ�~տvּRB'TIդ/(eqjhd�꒐~�~ i&'ءH
ԛ�^/7'8
$O�krisq/P>ۺm|d<ޢ�J[L>XkI-�jo%ͫ���Cp0S�`0#!9ϫ�b~�=zpPugX�GZ'm��:C7<�Nb�/9BG,&@�
?�Y�.�/}ĿW}3lyRѵl�s2M �c.`�Y �=w>�=�`M\g�7�h�oG(V5w-h*�
rXsc��l3,�LjDž̳bt'`�HC.;=R5Is�09nJs ,��=G7o�m�\�>e>x>HАY#=p>~⌜0n3|okUe��Oݿ�NvQ]i"v�7-*A5wC�<�L>?Fdc:� M"�I^U֩UdU)I]YD㣑�~`q8-<���&nlǵ�wD�Z
AY�ؖrnbL��d<�J��;�n�moFp7�N
Ϧf_ O��%�FJ--cmی��!a_�PZZ1i�`j}Z;$$\}5 ߈;6bE�#Ɠt�-cz�pf:i��p*9;ߘ�����P�?=3q� x�
�jqi+"@wыK\-1-�[]�M:d|:�X�?eȺ���t�x0H)k�ʁ+VʻQTc9gFEHZ>aɲN���AVOjc0�O�ucʾVLuoѕH�T{�V1oT'7lW1A>qL��;t �"�o�Ӥ�1&QOs7�W;d0�?`6��tk�_jRe_-$i�1m:#zHz3Ee�x&4�Hۭ 0Hh'K."�~�&ĤT�Zp�}h'`!ΖY-11LDx XF#YȒ��p�S�+`P.Ur�,z�3L',�$&`d'�>~/n!2�iY�A
3&sW[-&Ghc6]�*nGJg3X4k/R!&R�œ(*�(;rBS"��*/OL�V㆕,Vb�MRJ,lvA��ϩ�D)�g@0ߦNA1q{}�˵��G-"rϣB҉;0/uoPQ:OTPJaNZ�<Ϣ81 $�_>�(�!r4�^娷HKf�2�5`�����Uc˶:JJdSW/�^':3pCW ��M`-50ť2Sk;��R/k�\\�VC�� �^m(m;�5gd3Bc�T1l_�JH
??Y6;.�YA�Y�_`e#-Ye �5ݱ�]"`k/�%c,k/xS'9œ*N[NNNNojA-�TuVٺ��^mx`�0&nJ|<,Ư'GEB1�~lY2� ,
{4#090I�s/��(A��Q�^P �=6罿!idW ̦!1آwTb1�K[O,vH6�|�C& D�$ILQĎ�nA%{
}jOwCv{1wg*B/&�7Wd�$'��=��**n �w_7?7�[��[I*�RtCI"Nl64�= 6.~e_Ybk��!��( ~WH(a=JY�9FV:wyE+_�9_!W�w
e#L�%|KBP<@�%ET/i4d?d` O8|3k��oG=����b6k}u��'@\�|NLat{P.�p]ϗTX])ZN�p�R�pFpn"����#j�=�ĆYJ��WԻ}��h1�;a
PB|���=E#I?G��Eޟf\�QϠZEH:ywwwwwx�f\)jo#�n&C?
�Q||dȭdjs/�`}�Gu.TP�~I"3E#�A)I�Y$oU^Z�ϤN ^ߩN�'y�̗N�Ig33Y*z7�{�p6a
V}Gq7�l�ťG#zZK+U�pߌodTeZj�\�:zM}{X��n�oBG�^Wӌ>R,��:���H����~
[۰�ם*qmw4O|Z,+"B�wH���LpoH�_
N0?Mx?+�@�\mg�_KtOV1ЖP˷�|7?o`\)=h%d�@'�!9r.��_3 φזeLq�zSw�rٷD�R| -ƿ�rV?_Ϝ7*L z;5Y1B(�5=67oyjj,kk35"{A�-�[�o�f96௶aula}"0^�%d/{t
�Ȫhokoc�wt%%۬R�2ײ=1=Fal:��`lïn�J�� �TR��ia+I�錃qlrG/��NM��'L4skx�(�0�N7{.�rpB��'tM{9xTsZ��j'|_{�/E6���9�8:�3̫eVd=I�1I���1Y}�Gj���O/P5.Pǥ1PC�nx.7*_~6e{�f��cٿg'zi{
es�^z7>kE_A-/.�U;{�U{
�_�@gjF`U�t���oq'J_y0nX��PAgXt�<#"�& KS�4^�`a�m�۟`c\7�nR-+H&�Nx7H��}xzOMX[6;z+֑bc
b�ݸCzM~9S�Tz#ˇ�
�reOJo�E8gw_
�6b1+O@B�)>xwtx��*/�mqiɂ$^d�Yee�
`�[ Z�p /N��ȇg!y�T�,H]1+""@Ո��fF�/\gTk2�)CuA.7fM��]ҹ;l�2�`<{ήa&Q<�,�^�BW�E:{�9a�'vQ]Q
f6mO&J��1<ɀ���2�`;Λ]-+jEQp#tǵ{0u�3yL�b�)^!aZ;H*���B�<䱤�P�ܫ<'�<(&J�3R�VG��[�{S0}(�-Ō��ʾZQJФWi_)9#$1VR"RQ(O�0�ͲGb�8�} ӄ^YTH+Cʈo�+i92d�^g�dQ`x:>�1ƺs�1W_]]|&kR'&~<\S~%%
c[kp���:ǝeuN-�fbt��.4m^kL�LgIUAN/&Sf�r?`NͅfU/Y.2sx�𒈾(azh,.6ug$ZG(%lFyz�UzuM�&6'nBzqvljŵ6�V#g5^luIŚ�:|jYkNn�^ZS�jIe r�P�~m^4OzsBx_ԭ_�;^d��_KF5_ԁS��(d#�@F3�OO>�9�2?��[y+Zr�gZ�+��\C73N/���a3Ƨ
og
Y�>�?��lg'eF/?As(?(�(oCy;�2c|/A~.3�2c:'��N~d+�2�..�_/z�_SV9SF>�>e�oʁo2�ڿh�&s$eCP^ϐ�.N�p3Kq�ʠ/ޯ2l?V\[[,Oн�ۺ{�
JݳNW4C�\]O%b}ksM}Ӊ05_ s<Σ6Fs�]v��[wn�H5�f�aOd_4n2Lޜb><\.E0_��GznQ�n�2��xwq0�ۓ{���\�pۭ⦠Ѯ%�pK��2�U�75iF|[~�|�ydVګk+cjkp'k͠?~�%k�}!0`vw�7֧�B΄[WQsᡪ)<�a���뎃+�.
5t=_�2�#6O
5U"yw|\�\[-c˃~= YІ\mːU��h005�3]^=Ẇ~ʕkZ"0~."6���_�@�
VOẒ���4FȆ�(����c}0咸;e�:2�Ş�_ =6Zo.T�M&$VSPuXGm:��Zd�L7�'2<0DBՋpO`u93*��}Ơ�)�e_SXN�A��}FV^=MDπn���uMfβPص�?c�XjS챽�$-Qlb�~L�0i*�IMg���{@ă?X!�.u�B+πg-sD~\bx5C7'c��S%��?y6BN��"Ki[~Qؗ��@1a璧�[f*/d�ХIGh
�_�'|omW|B�,[�k3\68v,���0~��9`,�[�"@2drtɿl\2'R*4%NSP��xSE�zV�?ĵ \� vH�V&lM:γ@\W �gT#0қ!~F<#�9ۭ��/�p,�Zf�tO��p�aZ܀}oPsM)P�L{O�i_|��r@c]��~�(��ȵ)�]�:qW¥"UX
HN���X,8.� s"_�Mr�樥<@EqDgPxGml<^|:ym뎮�E�S;v�6
l��~HDZI�5�"`�:<\)V�b�pC�{f�:ePJeX�tl+afր5V`��=2H�S^S(|9N]e{\F#,yu�cB\
(a�t�˟%H[߫lہP#6l-*l�XGڦ~*ຨ](O�s^-c3qݜ﹨me�C�H�T(&X3'α
ya1 ��ɫ|+��/�`2�\g0^5N7pN&}k\ȏ,,�$[녗Z']Y!ia4,Lb5�"[]QI
�XRNm��Y�1'(���R9K&t�&0 '�Ɣ
ϰ"�- s�+9)��,��w:g)�|L1�,X�+0yD1`#hxl
<���nRhŗa�;X+�NJl�9�O�N*D#la,�^?p�f��J܂(�.�WO�нTnx��BT��1o*D4;Nb�b��_yRO���W��=�aExq�|}h&4
u'o�eO:[��ŝgꎾ�V�;yv�<;趾4�[VU 5QF�fE�7ypMIs}p֍[^z\?pvxِ6Ҝ%!t�E��B";�wUo4ZgɊ�w�
~m Wha<�[Wy�&F�{kjUU+kD;ydM� )FҢpL\2L�~a�v9n�~;�1{kܬM�*d.%r�R�@V+EiQ}"'
e{4{�89�n%96y�q.� ���K���
|
Enterprise Applications 
