Библиографическое описание:

Антонов П. Д., Остроух А. В. User Is A Great Obstacle For Security Systems // Молодой ученый. — 2011. — №4. Т.3. — С. 62-63.

Keywords: security systems, computer security, dangerous threats.
The «Bad Guys» are people who want to steal information from or wreak havoc on computers systems. At the beginning of computers, the computer hacker usually was a lone teenager, who had poor social skills. He would break into systems, often for nothing more than bragging right or because of his curiosity. As ecommerce evolved, so has the profile of the hacker.
Today there are numerous collections, credit-card numbers, passwords and other secret information that can be stolen. That’s why there is a community of organized groups of hackers, who operate as business. In 2008 a special report appeared under the title “Cybercrime groups starting to operate like Mafia”. It contains the following statement:
"Cybercrime companies that work much like real-world companies are starting to appear and are steadily growing, thanks to the profits they turn. Forget individual hackers or groups of hackers with common goals. Hierarchical cybercrime organizations where each cybercriminal has his or her own role and reward system is what you and your company should be worried about"[1].
Because companies, banks and individuals are now constantly attacked by skillful and organized hackers, it is a matter of vital importance to provide as much IT security as possible.
As companies began investing more money into perimeter defenses, attackers started devising new ways for unauthorized access: the “Bad Guys” saw at once that the average user is a weak link in the security chain.
Today's computers present a "user-friendly" face to the world. Most users believe that they know everything about their computer, because they are skilled enough to create presentations and work with their MS Office. Of course, such users know more than the average, they have moved beyond application basics. But they remain unaware of what goes on "behind the scenes" and how their computer operates. They know nothing about Windows Register, ports, proxy-servers and different services in their operational system. Frankly speaking these things remain unclear even to many IT professionals. Average users believe that Windows authentication process protects data on their computer. Though in fact, it is quite easy to take your hard disk out of your computer, put it into another computer or place it in a USB drive enclosure and then get a total access to your data on it. Average users often neglect the basic security measures.
What is worse, they would install software indiscriminately and visit questionable Web sites despite the fact that these actions violate company policies. Today «Bad Guys» often send malware as an attachment to email, in which they ask to open the attachment. It is dangerous to open email attachments from unknown senders. The best way is simply to neglect them. Though in spite of this warning users and employees of big companies consistently violate this rule, wreaking havoc on his or her networks. Viruses such as “I Love You” spread so rapidly because of this [2]. Recently, such phishing scams have been very effective in convincing individuals to provide their personal online banking and credit-card information. Why would an attacker struggle to break through a company’s defenses when end users are more than willing to provide the keys to bank accounts? Addressing the threat caused by untrained and unwary end users is a significant part of any security program.
Attacking mobile systems is another way for gaining unauthorized access to data. For example, you are on a business meeting, or in a cafй with your colleagues and you need a quick access to your corporate data or your personal files. For this purpose you can use a variety of devices such as desktops, laptops, home computers, smartphones, pocket computers and netbooks. IT departments must now provide the ability to sync data with such devices or users will do this by themselves and neglect the security rules.
One more way to get information is through data storage web sites such as Rapidshare and Ifolder that provide ability to store data in the Internet and share them [3,4]. These online storage sites can be accessed from both home and office or any other place where there is an Internet connection. Of course, it is possible to block access to such sites. But you cannot block them all.
Free mail service is another danger for your computer security. Thousands of users worldwide consider free email service called Gmail (provided by Google Company) as a great tool, that gives you a robust service for absolutely free. But only few of them understand that Gmail provides more than 7 GB of space on their hard disk that can be used to store email and… files! There is a plug-in for the Firefox browser. It is called Gspace. It provides an FTP-like interface within Firefox. It gives users the ability to transfer files from computers to the Internet and the Gmail accounts. This makes securing a company network much more difficult, because this gives you an ability to easily transfer data outside the control of the IT-department.

Because of the above reasons security experts should treat their users as dangerous threats for computer security systems.

  1. Report: Cybercrime groups starting to operate like the Mafia’, published July 16, 2008, http://arstechnica.com/news.ars/post/20080716-report-cybercrime-groups-starting-to-operate-like-the-mafia.html (October 27, 2008).

  2. http://en.wikipedia.org/wiki/ILOVEYOU

  3. http://www.rapidshare.ru/

  4. http://www.ifolder.ru/


Социальные комментарии Cackle