There are absolute essentials such as Firewall, Anti-Spyware, Anti-Virus that a PC or server requires against Internet threats such as Hacking, Viruses and so on. From my observation, most corporate PCs or servers had installed Anti-Virus and firewall only. That's it. What other areas that are equally essential ?
I will not cover the essential of firewalls. These are a must or else anybody can sail through the network. It is like a house with the front door wide open with a sign, rob me !
Assumed Firewall, Anti-Virus installed..... What about folders and files ? Are you sure those sensitive files are not able to be accessed by all of your office staff but only trusted Sr. Managers or yourself. Say a technical savy personnel happen to have some knowledge of hacking, high possibility that your most valuable data in your server may be compromised.
Further, the vendor that installed the server and application, does he/she has the admin password ? What services are installed in the server ? Intruders may exploit the services vulnerabilities to gain access into the server.
It is difficult to to know where or who is the Intruder. Are they the intruders from the Internet only ? These are attackers that need to break into your firewall and IPS (Intrusion Prevention System) before getting their hands on the servers. There are those that can break into even the most advance security systems. Fortunately, the numbers are not many. However if they are your personnel, temporary staff, vendors, contracts, dispatch personnel. This will be easier as it is an insider job. Someone that have knowledge of your application, server or network. You will never know.
Windows Hacking Checkout this video on how a basic penetration is done using Windows. http://www.youtube.com/watch?v=sSHIVCkqrlw There are many more ways of doing this for those with Linux/Unix machines
สมัครสมาชิก:
ส่งความคิดเห็น (Atom)
ไม่มีความคิดเห็น:
แสดงความคิดเห็น