Remember back in Chapter 1, "Introduction to Network Protection," you learned about the differences between system and security administration? That really they are in such conflict that it's best to break these functions into separate roles held by separate humans ? We bring this back to mind because this chapter is about people : about their vulnerabilities, how they're attacked , and how you can help them defend themselves . Helping people understand their own security vulnerabilities and how to, well, "patch" them is the most effective way we know of to help educate people about computer security vulnerabilities and the need to remain vigilant in protecting corporate and personal information.
Typical system administrators have very little understanding of how to do such a thingindeed, they even lack awareness that it's necessary; what awareness they do have is usually related to laws and regulations requiring only passing knowledge. This lack of awareness often leads to total system compromise as an attacker bypasses all the carefully built technical security controls and goes directly to the most vulnerable part of any network: the people.