:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

Virus & security » Security Information » 1999 » The major security risk: Users

The major security risk: Users

Add to My Norman Bookmarks

Security Information Week 9, 1999

The IT department in an organization often uses vast resources to be updated on security risks associated with hardware and software weaknesses. However the persons responsible for security often forget to stress the highest security risk by far: uneducated users.

Why would a cracker use a lot of resources to break into a network and install a malicious program when he/she could easily persuade a naïve user to install the program. Too many users do not check programs for viruses and trojans if they appear to originate from a reliable source.

Spoofing a reliable e-mail originator for example, is quite an easy task for any competent IT person. Most users will not notice that the e-mail is spoofed.

Consider another scenario. A person comes to an organization and presents herself as a representative from the company which supplied the new PCs some time ago. She explains that a major bug in the preinstalled software has been discovered, and tells that her company now am going to correct the problem on all the PCs in question. Chances are quite good that unless there is a policy in the organization for such a situation, she is able to access PCs, the network and probably get some users' passwords as well.

Socializing is probably the easiest and most effortless way to get unautorized access to an organization's computers, networks and information.

Thus it is important to educate the users to be aware of the risks involved. Some basic rules are:

Passwords are personal. They should not be written down or told anyone.
Set up minimum password requirements with respect to
- length
- the use of special characters as well as letters and numbers
- password changes at intervals.
A computer should always be secured when it is left unattended. Use reliable software to avoid unautorized access to information on the computers.
All new programs should be checked by an updated virus control program before installation.
Documents attached to e-mails should be checked by an updated virus control program.
Detailed rules for what a user should do if he/she detects viruses should be implemented.
Routines for access to the premises from persons not belonging to the organization should be implemented.

Per Olav Førland

CURRENT VIRUS THREATS

Medium risk
15	Aug	08	AntiVirus 2008
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Latest virus definition file published

>>	2008-10-10

Security Information

>>	Clickjacking - a new danger or an innovational new name?
>>	The Internet Crime Complaint Center's report for 2007

Security News and Advisories

>>	Four critical updates for Microsoft systems in September 2008
>>	Six critical updates for Microsoft systems in August 2008

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam, and encryption, the company plays an important role in the data industry.