Alone are Not Enough
Your company has its firewall in place.
It’s beautiful … a dedicated P4 server running Microsoft’s
Internet Security and Acceleration Server (ISA) software.
All updates and patches have been applied.
You’ve placed your web and FTP site onto a server by itself.
All servers have internal IP addresses.
There ain’t no way a hacker is going to break through your
janitorial crew comes into your office every night about 8:30pm.
How hard would it be for someone wanting your data to catch the
door as the unsuspecting maintenance person entered and say hello as if
he worked there?
That person then looks for the post-it notes that people use to
write down their passwords and stick to their computers so they don’t
Or, he or she simply takes one of your backup tapes!
take advantage of the kindness and trust basic to most humans to
gain access to an otherwise secure computer system – a strategy called
In larger organizations they may obtain passwords by calling the
help desk and pretending they are an unsophisticated user.
Sometimes they call and say they are with a computer service
provider and need to install software.
moral of the story is simple.
You must have physical security.
And, you must have policies and procedures in place that each
member of the organization understands when it comes to passwords and
logging out to secure your network.
A firewall is only one part of a complete network security
There are many other means from which harm can occur that need to