Cover all bases for proactive network security: Defence

Don't assume trust within the network perimeter.

The Department of Defence has chimed in on the network security debate, stating organizations need to be more proactive if they expect to ward off attackers that readily exploit the high levels of trust usually reserved for employees and known systems.

Speaking at this year's AusCERT security conference, Paul Chamberlain from the Department of Defence said even if your organization doesn't have sensitive information "you still have people to pay and an attacker could end up on your payroll".

"Before you move to latest and greatest technology have all your bases covered," he said.

"Cyber criminals are generally motivated by profit or they could be issue-motivated groups that wish to penetrate your network for their own goals. There is the risk of a denial of service and theft of customer data, and there's also proprietary data your company will hold, for example, a press release you are about to release in a week or two."

What is the attacker going to do? Harvest as much information about the organization, and its people, for starters.

"They need to know all they can about your organization. It turns out it's easy to find out who works at your organization, there's Google, social networking Web sites, public company information, and what you post to your public Web site, like job ads."

In addition to gathering public information, attackers can still use technical measures, from DNS guessing, port scanning and service emulation, to cracking external services like Citrix gateways, VPNs, and Outlook Web Access.

"From there you take this information and look for entry points," Chamberlain said. "It doesn't need to be a zero-day exploit as it is more likely to be targeted at users. An attacker will rely on one user to receive a malicious word document for code execution to happen and the risk grows as the organization grows."

Chamberlain said even if there is only a 10 percent chance per user, a small organization may fail a user-targeted security incident over time, and, to make matters worse, an unsuccessful attempt may only look like spam, meaning users will most likely not be alerted to the danger.

"Once remote code has been executed all the person's e-mail and other information can be read," he said. "The attacker may move to another target once inside the organization by using Windows or Linux tools to move around so it's often built right in to the network."

As for dedicated security systems, these may also fail to stop penetration as the attack can use accepted protocols like HTTP, SSL, DNS and SMTP, so to a firewall it looks like regular traffic.

"An attack could use local admin privileges and the implicit trust your network will have inside your gateway," Chamberlain said.

Given attacks are likely to be multi-pronged, what do you do? Chamberlain said there is no one product or method so "it's all about managing your trust relationship".

"Do you need your intranet to be unauthenticated? It's about identifying your important data and how to protect it. It's about defence everywhere on your network. If a privilege isn't needed you shouldn't have it."

Chamberlain recommends organizations start with the security policy and develop a clear understanding of what users are meant to be doing because without a clear idea of who's allowed to do what "you won't be able to identify what has happened".

"For example, patch management is almost a solved problem, but you have to make sure it's turned on," he said. "Process whitelisting can cut down on code execution."

Other recommendations include knowing what to look for in log analysis.

"Look for abnormal patterns. How many e-mails does your network receive each week? If there is a spike there may be a compromise. When you know what your network traffic is you can identify anomalies."

Chamberlain said security should be everywhere in the organization's network as an attacker can get in one way or another.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rodney Gedda

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?