Jim Rapoza


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

See more from this blogger

Don't Get Snagged By Spear Phishers

Posted by Jim Rapoza
July 12, 2011

In many of the cases where security gets compromised at a company, the culprit is often poor user education and ineffective security measures. Frequently, the security breach could have been avoided if a worker had known enough not to open an obvious phishing or malware-loaded email, or if the company had enacted even basic filters and network policies to prevent the bad stuff from ever getting in.

But for one growing security concern, basic security systems and good user awareness may not be enough. In some of the recent cases of spear phishing, even trained security personnel were tricked into surrendering personal data or infecting systems with malware.

So what is spear phishing? Well, in this case, the name that tech pundits have given it actually helps a lot in describing the problem.

Standard phishing is a lot like sitting in a boat with a line drifting in the water. The bad guy isn't exerting too much effort; he's just sending out a broadly structured fake bank or service email in the hopes that a few people will be dumb enough to take a bite, get reeled in and surrender personal data or install malware.

But real-world spear fishing takes a lot more effort: The person needs to know how to swim, maybe even scuba or at least snorkel. They have to be skilled with the spear gun, and they have to target specific fish to catch. Similarly, spear phishing bad guys need to take the time to investigate the company and the individuals they are targeting in order to craft a message that will be seen as legitimate. The spear phishing message could be created to look like real company web applications, to come from real people in the company, and even use the same jargon and logos as company communications.

In this case, the spear phishing involves a lot more work but also has much greater reward. And the bad guys are certainly taking advantage of spear phishing. In a recent Cisco security report, it was shown that while the amount of broadly based phishing attacks were dropping, there was an increased incidence of targeted attacks.


Page:  1 | 2  | Next Page »


Related Reading

News

Commentary

Most Popular

More Insights

White Papers

More >>

Webcasts

More >>

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

WAN Security Reports

Research and Reports

August 2013
Network Computing: August 2013

Video


WATCH: Bob Metcalfe Plans Ethernet's 40th

WATCH: CES 2013: It's A Wrap!

WATCH: Intel touts tablets, smartphones at CES 2013


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Upcoming Events

Featured Whitepapers

 
 
What's this?
More >>


Featured Reports

 
 
What's this?
More >>


BlogRoll

TechWeb Careers