Firewalls Alone are Not Enough

    Your company has its firewall in place.  It’s beautiful … a dedicated P4 server running Microsoft’s Internet Security and Acceleration Server (ISA) software.  All updates and patches have been applied.  You’ve placed your web and FTP site onto a server by itself.  All servers have internal IP addresses.  There ain’t no way a hacker is going to break through your barrier, right?  Maybe not.

     Consider this.  The janitorial crew comes into your office every night about 8:30pm.  How hard would it be for someone wanting your data to catch the door as the unsuspecting maintenance person entered and say hello as if he worked there?  That person then looks for the post-it notes that people use to write down their passwords and stick to their computers so they don’t forget.  Or, he or she simply takes one of your backup tapes!  Unscrupulous hackers  take advantage of the kindness and trust basic to most humans to gain access to an otherwise secure computer system – a strategy called “social engineering”.  In larger organizations they may obtain passwords by calling the help desk and pretending they are an unsophisticated user.  Sometimes they call and say they are with a computer service provider and need to install software.

     The moral of the story is simple.  You must have physical security.  And, you must have policies and procedures in place that each member of the organization understands when it comes to passwords and logging out to secure your network.  A firewall is only one part of a complete network security system.  There are many other means from which harm can occur that need to be safeguarded.    

                                                                     

                                                                           Copyright 2013 Beachwood Systems Consulting, Inc.    *    216-823-1800