Network Security guide for the home or small business network – Part 13 – Your own worst enemy



Once upon a time I did an article about the biggest computer security vulnerability ever. I’ve also passed along the old “the most dangerous part of a car is the nut behind the wheel” joke. If you haven’t got it yet, the computer user can be the “weakest link”. Let’s face it, you’ve got antivirus, a firewall, all the current windows updates, antispyware and a website pops up. The website looks like Windows security center and says you have a virus and need to get official antivirus software.


You download what they recommend “spyaxe” and before you know it, it’s scanning away. Problem is spyaxe is on the list of “wolves in sheeps clothing” or antivirus/antispyware programs that use questionable tactics. (False positives, disabling competitors for instance.) This new program registers as a virus with most scanners. You have been had and you were the vulnerability.

This is an area I’ve referred to as “computer smarts”. It takes practice… Be skeptical.

The most common (and effective) type of network attack is one of social engineering. I remember seeing a news show once where a police organization had hired a private security company to try and break into their network. They forged an email from one of the administrators exhorting them to click on a link in the enclosed message for important information. The link installed a backdoor they were in quickly. That was a classic social engineering attack.

Think about con-artists. The name con-man comes from “confidence man” or someone who gains your confidence to get what they want. Someone calls up and says. “I’m here in the IT department at _YOUR ISP_, we’re auditing our records and want to make sure we have your username and password on file in one place. The people in accounts have really messed things up for us, could you help us out?” Would you bite?

A person walks in… “I’m here from the ISP (fill in whatever name works in your area… I was sent to check your internet connection. I need to get at the dsl modem and one pc.” “Who called you – things seem fine”, “They don’t tell us on the work order, but they just said I needed to check it that someone was complaining about slow internet access.” Do you bite? Do you show them to the dsl modem and a pc they can use?

If you went for it, you might have just been the weakest link in your network security. Of course in some situations the above wouldn’t work. A business with 10+ employees the second one might. Maybe these aren’t the best examples though. They do get the point across I hope.

   Send article as PDF   

Similar Posts