The network administrator can do their part with SA Firewalls, IDS systems, encryption, and access controls. Once the attacker's email message is in the company's email system, that's it. The attacker will transmit the attack using one of several methods: from email, IM, or web page. The network administrator must be able to sniff all traffic on their network, view email headers, and identify the protocol used by the attack. He must also be able to monitor for suspicious activity on their systems and determine the protocol of the attack. The network administrator is the first line of defense.
The user is the second critical line of defense, and often the weakest link in a company's security. Users can fall for spam email and social engineering attacks by not understanding what constitutes a legitimate email and what doesn't. Users can also download infected files and run infected remote administration software before notifying their employers or the IT department. Users can also modify their desktop or laptop to prevent detection of intrusions on the machine, making it harder to retrieve stolen data and to detect the infiltration of a virus or worm infection. We'll discuss preventing these problems in the section on opsec.
After that, organizations use better computer hygiene and better access control. There are still attack vectors for this category, so additional layers have to be added. For example, an employee may install a legitimate program that misbehaves (spyware) and misbehaves when installed. Or, if the employee opens a web page designed to deliver malware the malware will then use that link to reach the wider internet.
Not all companies and organizations are of equal size and complexity. Some of the bigger companies either have the resources to respond to an attack or have a responsible IT department. Others may have personnel that is just not enough to at least stop the attack before anything bad happens. d2c66b5586