Cover all bases for proactive network security: Defence

Don't assume trust within the network perimeter.

The Department of Defence has chimed in on the network security debate, stating organizations need to be more proactive if they expect to ward off attackers that readily exploit the high levels of trust usually reserved for employees and known systems.

Speaking at this year's AusCERT security conference, Paul Chamberlain from the Department of Defence said even if your organization doesn't have sensitive information "you still have people to pay and an attacker could end up on your payroll".

"Before you move to latest and greatest technology have all your bases covered," he said.

"Cyber criminals are generally motivated by profit or they could be issue-motivated groups that wish to penetrate your network for their own goals. There is the risk of a denial of service and theft of customer data, and there's also proprietary data your company will hold, for example, a press release you are about to release in a week or two."

What is the attacker going to do? Harvest as much information about the organization, and its people, for starters.

"They need to know all they can about your organization. It turns out it's easy to find out who works at your organization, there's Google, social networking Web sites, public company information, and what you post to your public Web site, like job ads."

In addition to gathering public information, attackers can still use technical measures, from DNS guessing, port scanning and service emulation, to cracking external services like Citrix gateways, VPNs, and Outlook Web Access.

"From there you take this information and look for entry points," Chamberlain said. "It doesn't need to be a zero-day exploit as it is more likely to be targeted at users. An attacker will rely on one user to receive a malicious word document for code execution to happen and the risk grows as the organization grows."

Chamberlain said even if there is only a 10 percent chance per user, a small organization may fail a user-targeted security incident over time, and, to make matters worse, an unsuccessful attempt may only look like spam, meaning users will most likely not be alerted to the danger.

"Once remote code has been executed all the person's e-mail and other information can be read," he said. "The attacker may move to another target once inside the organization by using Windows or Linux tools to move around so it's often built right in to the network."

As for dedicated security systems, these may also fail to stop penetration as the attack can use accepted protocols like HTTP, SSL, DNS and SMTP, so to a firewall it looks like regular traffic.

"An attack could use local admin privileges and the implicit trust your network will have inside your gateway," Chamberlain said.

Given attacks are likely to be multi-pronged, what do you do? Chamberlain said there is no one product or method so "it's all about managing your trust relationship".

"Do you need your intranet to be unauthenticated? It's about identifying your important data and how to protect it. It's about defence everywhere on your network. If a privilege isn't needed you shouldn't have it."

Chamberlain recommends organizations start with the security policy and develop a clear understanding of what users are meant to be doing because without a clear idea of who's allowed to do what "you won't be able to identify what has happened".

"For example, patch management is almost a solved problem, but you have to make sure it's turned on," he said. "Process whitelisting can cut down on code execution."

Other recommendations include knowing what to look for in log analysis.

"Look for abnormal patterns. How many e-mails does your network receive each week? If there is a spike there may be a compromise. When you know what your network traffic is you can identify anomalies."

Chamberlain said security should be everywhere in the organization's network as an attacker can get in one way or another.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rodney Gedda

Computerworld
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?