Cover all bases for proactive network security: Defence

Don't assume trust within the network perimeter.

The Department of Defence has chimed in on the network security debate, stating organizations need to be more proactive if they expect to ward off attackers that readily exploit the high levels of trust usually reserved for employees and known systems.

Speaking at this year's AusCERT security conference, Paul Chamberlain from the Department of Defence said even if your organization doesn't have sensitive information "you still have people to pay and an attacker could end up on your payroll".

"Before you move to latest and greatest technology have all your bases covered," he said.

"Cyber criminals are generally motivated by profit or they could be issue-motivated groups that wish to penetrate your network for their own goals. There is the risk of a denial of service and theft of customer data, and there's also proprietary data your company will hold, for example, a press release you are about to release in a week or two."

What is the attacker going to do? Harvest as much information about the organization, and its people, for starters.

"They need to know all they can about your organization. It turns out it's easy to find out who works at your organization, there's Google, social networking Web sites, public company information, and what you post to your public Web site, like job ads."

In addition to gathering public information, attackers can still use technical measures, from DNS guessing, port scanning and service emulation, to cracking external services like Citrix gateways, VPNs, and Outlook Web Access.

"From there you take this information and look for entry points," Chamberlain said. "It doesn't need to be a zero-day exploit as it is more likely to be targeted at users. An attacker will rely on one user to receive a malicious word document for code execution to happen and the risk grows as the organization grows."

Chamberlain said even if there is only a 10 percent chance per user, a small organization may fail a user-targeted security incident over time, and, to make matters worse, an unsuccessful attempt may only look like spam, meaning users will most likely not be alerted to the danger.

"Once remote code has been executed all the person's e-mail and other information can be read," he said. "The attacker may move to another target once inside the organization by using Windows or Linux tools to move around so it's often built right in to the network."

As for dedicated security systems, these may also fail to stop penetration as the attack can use accepted protocols like HTTP, SSL, DNS and SMTP, so to a firewall it looks like regular traffic.

"An attack could use local admin privileges and the implicit trust your network will have inside your gateway," Chamberlain said.

Given attacks are likely to be multi-pronged, what do you do? Chamberlain said there is no one product or method so "it's all about managing your trust relationship".

"Do you need your intranet to be unauthenticated? It's about identifying your important data and how to protect it. It's about defence everywhere on your network. If a privilege isn't needed you shouldn't have it."

Chamberlain recommends organizations start with the security policy and develop a clear understanding of what users are meant to be doing because without a clear idea of who's allowed to do what "you won't be able to identify what has happened".

"For example, patch management is almost a solved problem, but you have to make sure it's turned on," he said. "Process whitelisting can cut down on code execution."

Other recommendations include knowing what to look for in log analysis.

"Look for abnormal patterns. How many e-mails does your network receive each week? If there is a spike there may be a compromise. When you know what your network traffic is you can identify anomalies."

Chamberlain said security should be everywhere in the organization's network as an attacker can get in one way or another.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rodney Gedda

Computerworld
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?