The A to Z of security

You

You are the weakest link in the security chain - for the simple reason that it's easier to trick a human than a machine. A system is only as secure as its users are security savvy - and when it comes to computers something as rudimentary as a poor choice of password can create a flimsy door into a corporate network that even the most amateur of hackers can kick down.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

But it's not just hackers breaking and entering - online fraudsters rely on duping end users to perpetrate their scams. Phishing is a technique that relies exclusively on tricking humans. Phishers send emails spoofed to appear as if they come from reputable outlets - such as banks or ecommerce companies - and the unwary reader is then hoodwinked into handing over confidential info such as bank account details and passwords. This allows the fraudster to skip past security systems without the hassle of having to crack them. (For more on phishing, read our Cheat Sheet.)

Another online con relying on the credulity of human nature is the so-called Nigerian 419 scam. Typically these scams originate as spam email that tells a long and convoluted story about a vast amount of money stuck in some far off African state, a share of which could find its way into your bank account if only you follow their instructions... (which usually involve requests for personal details and some kind of 'transaction fee').

Once someone takes the bait and replies to the original email the scam develops as the scammers attempt to cream off as much cash as they can by requesting advance fees. One 419er was so effective it took down a bank in Brazil. Armed with your bank account details and a photocopy of your passport and driving licence it also doesn't require a huge leap to commit identity theft.

To find out what happened when silicon.com replied to a 419 scam email click here.

Other common security slips made by users include opening infected email attachments and clicking on malicious links in spam email. This PR stunt, carried out by IT skills specialist The Training Camp at the start of this year, effectively illustrated the problem of staff not having a 'safety first' attitude when using the corporate network.

Human gullibility is not the only problem however - the end user is even more of a security risk if they are acting with malicious intent. A silicon.com analysis earlier this year warned businesses to consider threats 'from within' - such as employees with a grudge or those seeking to defraud the business.

The term for the criminal intent to 'hack the human' part of the security chain is social engineering. The techniques used vary widely but the premise is to apparently offer something desirable to a large number of users (such as pictures of naked celebrities) in order to trick them into clicking.