- 1
- 2
- 3
- 4
- < previous
Keystroke Loggers
Spies that get inside buildings can do other damage, such as implementing keystroke loggers. Some of these devices e-mail the keystrokes of anyone using the computer to a predefined e-mail address, while others store keystrokes in flash memory. Many are nearly impossible to detect, such as those that attach directly to the keyboard connector. Wood knows one case where spies pretending to be office cleaners nearly stole 300 million pounds from a UK bank using this technique.
How to stop them: Physical inspection of the computer is the only way to detect a keystroke logger, Wood says. Because of the impracticality of doing that, one company that Wood knows of now glues all its keyboards into the system unit.
Phishing
As defined by Wikipedia, phishing is a form of social engineering in which spies use a collection of techniques to manipulate people into releasing information (such as passwords) or performing actions that compromise confidential data, such as clicking on a link that enables someone else to remotely control a machine. In fact, the SANS Institute identifies phishing as one of the biggest Internet security risks.
For example, a spy might call the help desk from a pay-as-you-go mobile phone, claim to be working at home and request that a new username and password be sent as a text message to his phone. And some spies employ what the SANS Institute calls "spear phishing," in which they send individual employees highly targeted e-mail messages that include specific information designed to make the messages look genuine. For instance, a request for usernames and passwords might appear to be from the head of human resources.
How to stop them: Wood suggests training staffers to be cautious and giving them tips on how to detect social engineering. For instance, he says, they should withhold information when callers act rushed, drop names, use intimidation, ask odd questions or request forbidden information. There should also be clear policies as to how to report an incident and to whom.
The SANS Institute says it's important to continually raise employee awareness of these techniques, perhaps through drills that involve mock phishing attempts. Companies should also avoid exposing too much information on public Web sites, including logos and employee e-mail addresses.
Another counter-measure is to disable the USB ports through the system's password-protected BIOS or use centralized tools that restrict the use of ports and external devices, according to the SANS Institute report, making it more difficult for wannabe spies to easily export the data.
- 1
- 2
- 3
- 4
- < previous
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Everything you need to know about email and web security (but were afraid to ask)
How to improve employee productivity in small and medium businesses
Achieving the impossible: Unlimited application scalability
Data grids and service-oriented architecture
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Taking On Demand CRM Integration to the Next Level
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Making the Business Case for IT Consolidation
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
How to Beef Up Your Sales Pipeline
Our economy may be heading towards a recession. Sales rates are dropping. Promotional campaigns are proving less effective than you would like. So how do you continue to grow your business and bring home the sales in such an environment? Download this white paper now to find the answers.
Buying Guides
Latest Products
