More often than not, security is a matter of knowing what to expect rather than preparing for the unexpected. Too few of those tasked with the responsibility to respond to threats take into consideration the habits of those likeliest to launch an attack. Vandals and intruders are rarely interested in a prolonged fight to break into some random network. They are more likely to move on to a simpler target, provided your systems are up to the task. Here are some of the more common problems a security expert might face, and ways to prepare so they don’t damage your network.
Adding a single digit number and a single punctuation mark to a password increases its complexity exponentially for an intruder, while making it not that much harder for the user. A solid password policy is the first step towards hardening a network. Credentials don’t have to be ridiculously complex. They just need to be far enough outside the letters-only namespace to make an intruder wait. The longer they wait, the more likely they are to give up.
The alternative is a 30-minute dictionary crack and intruders roaming around on your network. One effective way to respond to the obvious signs of a sustained attack is to employ IP health monitoring and run a continuous activity graph across all your network CPUs. If there is a spike, you’ll know where to look.
Some of the most effective and destructive intrusions into large-scale computer networks were accomplished not through technology, but through old-fashioned con games. These are variants of the time-tested “I forgot my key, can you let me in” scam, which can lead to a total stranger being given the keys to the safe.
Social engineering is a fancy term for this kind of malicious information gathering. Companies that prepare their employees to recognize the tactics of the most common types of social engineering schemes will have much better chances of resisting them. All the expensive security technology in the world is useless if your employees don’t know they’re handing the keys to an intruder.
Straight to the Database
SQL injection remains the favored way for even the least experienced intruder to gain access to a remote machine through a web interface. The way this works is the intruder puts fake information into a web form and adds an SQL command that defeats an unpatched or vulnerable server. In moments they can gain remote access to the machine, install a rootkit and quietly start using the machine to investigate the rest of your network and start looking for data to steal.
The way to avoid this particular problem is to make sure your software is up to date and educate your server administrators on what clues they will find if a system has been compromised. It is also highly advisable to develop software so publicly entered data is scrubbed before it is sent to the database.
This one is relatively easy to handle. Phishing is simply the practice of sending authentic looking e-mail to employees asking for their network credentials or physical plant access information. This often works against even experienced people. The easiest way to combat phishing is to rotate a series of code words in any e-mail that requests security information from an employee. If the e-mail doesn’t have today’s code word, it should be reported to IT.
One vector for virus and trojan infections that isn’t as common as it used to be is the good old sneaker-net. Non-company machines should never be connected to a company network, even wirelessly. Some of the more formidable viruses can upload themselves from machine to machine and end up compromising your entire company.
Plain Text Broadcasts
If your wireless network isn’t encrypted at this point with the strongest available technology, your employees might be broadcasting their passwords and yours all over the place without your knowledge. Wireless technology is all based on radios, and if you can send data, others can receive it. Make sure all your employees use the most secure connection options and make sure your hardware and software is regularly patched.
Security is a problem that is getting more complex every day. You’ll never have a perfectly secure system, but chances are if you follow good practices, your encounters with intruders and threats will be minimal.