Instant Messaging is both boon and bane in the corporate world, where security professionals alternately lock users out or throw up their hands helplessly -- finding the middle ground begins with solid user education.
Unveiling the Top Chartered Accountants in India and Their Staggering Net Worth
At Your Expense
1. At Your Expense What a little entertainment has meant to the cost of doing business
2. In the 70's, Bobby stole cars for fun. He was pretty good at it, too; he almost never got caught, and his friends all had a good laugh at how much they were able to get away with.
3. In the 80's, his younger brother Joey didn't steal cars; but had a bit of success collecting bicycle parts. When he saved up enough money, he bought a computer.
4. By playing around and discussing what he'd tried with other curious thrill-seekers, he quickly learned to get all kinds of systems to do things they weren't designed to do - like let him make unlimited long-distance phone calls. It was 'quite a rush'; and no one really ever got hurt.
5. After a while, companies started to figure out that people were misusing their systems, and started engineering ways to control access to their valuable data and technology.
6. No longer able to connect directly into phone and data systems, people like Joey developed a new technique called 'Social Engineering'… …a fancy way of saying that if you can convince a user -- any user that does have access to a system -- that you are supposed to be there, they will simply let you have access. "Hello, I'm doing a line test; can you forward me to extension 90? Thanks!"
7. With every employee a potential doorway for hackers, companies began to remove privileges from staff members who might accidentally share their 'keys'… and eventually locked entire staffs down 'just in case'.
8. OK, now the servers are secure from the outside world. The users can't accidentally let the bad guys in by being too polite to strangers. The email server analyzes messages for known viruses, and each file server is scanned every night for infections. These days, the best way to get to a company's data is to attack from the computers already inside the building.
9. But to get someone's PC to do your dirty work, you're going to need its 'IP Address'; the number that identifies it on the network. How are you going to get a user to tell you that? You can't just call them up and ask; right? There must be an easier way…
10. If a hacker gets your user name from a public directory, he could have your IP address within seconds of the first time you log on with Yahoo! , MSN, or AIM instant messaging clients.