Internet security vulnerabilities Featured

11:52am EDT December 20, 2004
* Phishing scams. A perpetrator sends legitimate looking e-mails appearing to come from some of the Web's biggest sites to phish for personal and financial information. These e-mails look surprisingly official, and unwary users can inadvertently assist in quick and effective identity theft.

Solution: Education. Your network users can be your biggest vulnerability or your greatest support team. Making them aware of these scams may alert them the next time they get e-mail from their bank asking them to confirm their username and password.

* Malware. Short for malicious software, it is any program or file harmful to a computer user. Malware includes viruses, worms, Trojan horses and spyware.

* Spyware. Any technology that aids in gathering information about a person or organization without their knowledge. Spyware is put in a computer to secretly gather information about the user and relay it to interested parties.

Solution: The best protection is a host-based virus program with up-to-date virus signatures. You may need to buy a subscription for updates and perform a full scan of your machine. There are also free products you can use for periodic scans.

* Resource highjacking. Unauthorized users and malicious hackers sometimes use company resources for personal gain or exploits. This often occurs via unmonitored access points on your network. Allowing users to bring unauthorized computers onto a network by allowing unmonitored VPN access from home can make users feel they are not violating policies because their actions are from their own computer.

Solution: Establish online policies for network connections and enforce them by monitoring activity. A good network monitoring service will also help protect your investment in technology and bandwidth from hackers and security-related events.