Network Risk Assessment: Penetration Testing and Social Engineering

Electronic information systems, now de rigueur for recordkeeping, hold company and customer data, a majority of which may be confidential. If ineffective network security controls are in place, however, an intruder can enter from the outside and steal the data to exploit. The result may be identity theft, leaked private company information (think of the WikiLeaks fiasco), lawsuits, or dissatisfied customers. In order to meet industry standards, keep company information confidential, and maintain a satisfied customer base, implement an effective network security plan involving regular risk assessments.

Although an electronic information system’s data is often thought of as solely technical, a network risk assessment considers all ways in which this information could be stolen, including through physical or social means. As a result, a network engineer performing a risk assessment uses a combination of penetration testing and social engineering techniques.

Penetration testing involves using ethical hacking techniques to break into a network and identify vulnerabilities, or weak points in which an outside party can enter. A four-phase process is used: planning, discovery, attacking, and reporting. The first two phases involve gathering all basic information for the network, including port and service identifications, host names, IP addresses, employee names and contact information, operating system information, and application and service information. To access the interior, the engineer may be granted employee-level access to the system. With all information gathered, the engineer does a vulnerability analysis, comparing the network data with a vulnerability database.

All vulnerabilities identified become targets for ethical hacking in the attack stage. When performing the test, the engineer determines if an attack was successful, the level of complexity needed to break in, and the measures necessary to reduce future attacks. Because vulnerabilities often come in groups, the engineer may go back and forth between the discovery and attack phases before producing a full report.

Data about employees and the system serves as reference for the social engineering part of network risk assessment. Often a phishing scheme, social engineering involves tricking network users to reveal passwords or usernames. Because employees should never blindly give away such information, the engineer poses as an outsider by attempting to obtain such information through online or telephone conversations, instant messages, or emails.

Email phishing schemes are some of the more common approaches for attackers to obtain network information. Typically, an email appearing to be authentic, such as from the company, a bank, or internet service provider, is sent out and requests username or password information. The email then takes the user to an unsecure website to obtain the information, which, aside from a username and password, may be account, credit card, or social security numbers. With this information, the intruder breaks into the network to steal data to possibly exploit.

Certain individuals, such as executives, may be more important than others on a network, and in social engineering, a network engineer may target such employees.

Troubleshooting Network Information Cards (NIC)

Be sure that you have eliminated possible faulty wiring before you determine the problem as being the network card. Be sure all wiring is connect and tight.

The network cards of the past were much harder to troubleshoot. For one thing they had jumpers that needed to be set according to the type of configuration you needed for a particular computer. You also needed to know the IRQ number so that it would not interfere with any other hardware. The older cards also didn’t have much speed and they were 8-bit. Now they are 16 and 32 bit mostly with new technology on the way. Now you configure them with software and you don’t have to know the IRQ.

What you need to know today

You will need a plug and play network card. You will also need a PCI slot on the mother board on the average. They also make network cards for PCI express. You need to know what driver you need. A driver is a small program that is needed to communicate between the Network card and the Motherboard and processor. The card will not work without it. The operating system picks the best setting for the card.

Do I still have to configure the card manually?

Maybe! If your network requires a specific network address or setting you may need to manually configure it. You normally will not need to worry about IRQ setting on modern computers.

Are there more than one type of network card?

Although there are more types, the main one used on most networks today is the 10baseT using port RJ-45. The other cards are Thinnet with port BNC and Thicknet with port AUI.

Proper installation

When installing a network card or any other hardware be sure you are grounded. Preferably ware a ground strap. Carefully put the card into the slot by rocking it if necessary. Do not force it. Be sure to secure it with a screw. If it is doesn’t require tools, just fasten it as required.

Exceptions

laptops are the biggest exception to many of the above rules. The network card, sound card and video are on an integrated motherboard. This means you must have the drivers for the motherboard if you want them to work. The drivers are normally on the company web site that made the computer. Since Windows XP most drivers will install automatically and are a part of the operating system. However, don’t bet on it. It is also possible an installation disk came with the computer or that it has a restore sector.

How do I know if I need to replace the network card?

You will know when it keeps cutting out or will not connect at all. If you have the proper driver and it does not work it is probably bad. Be sure you have the right driver for the right operating system. If you have Vista and you drive is for XP it will not work. Some exceptions do exist. You will also know if you are having trouble getting the network to work. maybe a networked programs keeps getting errors or you can not stay connected to the Internet. When in doubt replace the card. If you still are having trouble it could be the cable or a problem with the operating system. Viruses or spyware could exist also.

Popular Affiliate Networks – Information That Newbies Need to Know About Affiliate Networks

Whether you’re a businessman or a business woman, the most convenient way to add customers and to raise your profit is by using an affiliate network. Some of the popular networks are the following:

Click2Sell is a free online affiliate network that provides the companies the opportunity to earn big. The marketers can instantly accept payments, run an affiliate program, begin selling products or offer services and add products to the market place. Click2Sell also gives the marketers the power to know how their customers were able to find out about their products, such as what keywords they used to find the products that the marketers are promoting. By advertising the best products, the affiliates will be earning money easily.

The most popular affiliate program in the world today is Google AdSense. Who doesn’t know about this program? This is the most used and most efficient program today. You see it in Google, Friendster, Facebook, MySpace, anywhere in the internet. It is in fact very hard to remove on your Friendster account no matter how hard you try to remove it. Google AdSense is very easy to use by anyone who wants to earn money by just posting appropriate ads to their website. As the owner of the website, you have the power to choose what type or what kind of products will be advertised on your page.

AffiliateWindow dot com is the most popular affiliate network in the United Kingdom. This is because they have many programs that offer appealing commissions. You can also choose to provide contextual promotions, however these depends on the keywords you provide instead of the one taken from the context of every web page.