Cover all bases for proactive network security: Defence

Don't assume trust within the network perimeter.

The Department of Defence has chimed in on the network security debate, stating organizations need to be more proactive if they expect to ward off attackers that readily exploit the high levels of trust usually reserved for employees and known systems.

Speaking at this year's AusCERT security conference, Paul Chamberlain from the Department of Defence said even if your organization doesn't have sensitive information "you still have people to pay and an attacker could end up on your payroll".

"Before you move to latest and greatest technology have all your bases covered," he said.

"Cyber criminals are generally motivated by profit or they could be issue-motivated groups that wish to penetrate your network for their own goals. There is the risk of a denial of service and theft of customer data, and there's also proprietary data your company will hold, for example, a press release you are about to release in a week or two."

What is the attacker going to do? Harvest as much information about the organization, and its people, for starters.

"They need to know all they can about your organization. It turns out it's easy to find out who works at your organization, there's Google, social networking Web sites, public company information, and what you post to your public Web site, like job ads."

In addition to gathering public information, attackers can still use technical measures, from DNS guessing, port scanning and service emulation, to cracking external services like Citrix gateways, VPNs, and Outlook Web Access.

"From there you take this information and look for entry points," Chamberlain said. "It doesn't need to be a zero-day exploit as it is more likely to be targeted at users. An attacker will rely on one user to receive a malicious word document for code execution to happen and the risk grows as the organization grows."

Chamberlain said even if there is only a 10 percent chance per user, a small organization may fail a user-targeted security incident over time, and, to make matters worse, an unsuccessful attempt may only look like spam, meaning users will most likely not be alerted to the danger.

"Once remote code has been executed all the person's e-mail and other information can be read," he said. "The attacker may move to another target once inside the organization by using Windows or Linux tools to move around so it's often built right in to the network."

As for dedicated security systems, these may also fail to stop penetration as the attack can use accepted protocols like HTTP, SSL, DNS and SMTP, so to a firewall it looks like regular traffic.

"An attack could use local admin privileges and the implicit trust your network will have inside your gateway," Chamberlain said.

Given attacks are likely to be multi-pronged, what do you do? Chamberlain said there is no one product or method so "it's all about managing your trust relationship".

"Do you need your intranet to be unauthenticated? It's about identifying your important data and how to protect it. It's about defence everywhere on your network. If a privilege isn't needed you shouldn't have it."

Chamberlain recommends organizations start with the security policy and develop a clear understanding of what users are meant to be doing because without a clear idea of who's allowed to do what "you won't be able to identify what has happened".

"For example, patch management is almost a solved problem, but you have to make sure it's turned on," he said. "Process whitelisting can cut down on code execution."

Other recommendations include knowing what to look for in log analysis.

"Look for abnormal patterns. How many e-mails does your network receive each week? If there is a spike there may be a compromise. When you know what your network traffic is you can identify anomalies."

Chamberlain said security should be everywhere in the organization's network as an attacker can get in one way or another.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rodney Gedda

Computerworld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?