ProtectingYourBusiness

Protecting Your Business

How You can Deal with Network Security Threats Effectively

Of the many problems you may face in trying to secure your business from network security threats, the two that stand out are firstly, that people tend to be reactive in terms of the financial outlay required to protect themselves especially when the cost to do so is significant and ongoing. They typically wait until they have been hit.

Secondly, in terms on security vulnerabilities, when there are many points of entry, into a business, and many people have the potential to control or have an impact on this, this means that the problem cannot be undertaken and resolved by only one party or one department.

The fact is that your business faces security threats from both within and outside. Some of these threats may be known while others are not. The human factor, being what it is, companies may be understandably fearful that some of their own employees may not only have the capability to do damage to the business – some may even do so, whether inadvertently or on purpose.

The role of the network security professional is therefore, a precarious one but with foresight and careful planning, it may prove to be a truly invaluable one.

Ideas you consider to be common knowledge such as using complex passwords and changing them regularly, not giving credentials to anyone who asks, and actually taking the time to read message boxes that come up instead of just clicking “OK” are some of the simplest and most important security concepts but are often ignored or unknown to your users.

To that end, we reached out to Larry Coldiron, an IT instructor at ecpi University Roanoke to get some tips and advice for network security professionals. Based in Virginia, USA, Larry teaches all aspects of the IT curriculum including Cisco Routing, Microsoft Client and Server, Security Plus and wireless courses. Larry also has a Youtube channel where you can find a number of insightful videos on network security.

“I think that most of us recognise and fear the threat from without, although the threat from within, is far more significant,” Larry commented. “With cloud storage options such as Dropbox and large flash drives, the ability to exfiltrate1 information is tremendous. We also have the threat of exposing information through inattention to detail or ignorance. There are users on every network who just click. We had a campus director, a highly trusted position, reply to the “this is IT and I need your credentials” email with her credentials. This, of course, exposed lots of information.”

Preventing data leaks to unauthorised people

1. Education and awareness are critical

The first thing you need to understand, as a network security professional, is that these problems will probably never go away. As such, training is absolutely critical for everyone, including those at the top.

2. Blocking applications and ports

Blocking applications and ports to cloud storage can be part of your attack strategy. Denying users the authority to use the USB ports for their flash drives is also an option. But that still leaves several avenues including email. It is important that the network be monitored for both outgoing and incoming threats.

3. Getting others to help

Administrators are unable to watch everything, so the help of the workforce is a necessity with the admonition of “if you see something unusual, report it”. People, in conjunction with devices and software, can help in the battle.

Technical and procedural reviews

There are also certain technical and procedural reviews that you can put in place.

1. Monitor both incoming and outgoing traffic.

Router manufacturers make it easier today to monitor the traffic. An intrusion prevention system such as SNORT can also help. Proxy servers are helpful devices to keep users off of sites they shouldn’t visit. Further, open DNS is a great tool.

2. Ensure that users are knowledgeable in policies and procedures that help prevent data loss or network compromise.

You should also establish procedures that only allow users to access the resources they need to do their job. Permission audits and AD (Active Directory) audits can help in this area.

The impact of embracing the cloud

Saas (Software as a Service) and IaaS (Infrastructure as a Service) are no longer within the confines of the mid to large enterprises. As more small businesses embrace the cloud, however, there are certain cyber security educational tools and resources they can use to help them learn more about what they are getting into.

So where should a small business go to for this?

Larry argues that the best introductory tool for cyber security education for a small business is training from the business’s IT department.

Funding security is often a difficult task until something bad happens.

Ideas you consider to be common knowledge such as using complex passwords and changing them regularly, not giving credentials to anyone who asks, and actually taking the time to read message boxes that come up instead of just clicking “OK” are some of the simplest and most important security concepts but are often ignored or unknown to your users.

“People outside of IT tend to think of “The Cloud” as some kind of revolutionary, magical place but when it comes down to it, the cloud is just another set of servers. However and, more importantly, from a security aspect, we don’t know where these servers are, how secure they are, or who has access to them. These basic security measures are just as important, if not more important, when moving services and data to the cloud as they are for in-house systems,” Larry explained.

A DDoS response plan

In an SC Magazine article, Top 10 issues in IT Security for 2014, Doug Drinkwater referred to a study from Corero that revealed that most organisations lack an appropriate DDoS (Distributed Denial of Service) response plan.

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.2

It’s also relatively easy to do, with $150 giving you the ability to buy, on the black market, a week-long DDoS attack.3

That said, there are certain critical elements you can incorporate as part of a good DDoS response plan.

Firewalls can be helpful for SYN4 attacks, if configured to complete the connection with the server, and then dropping connections that are not completed within a specified period of time. Secondary communication channels can also be purchased, but all of the solutions require resources that your company may not be prepared to dedicate to security.

Funding security is often a difficult task until something bad happens. The controllers of the purse don’t see anything bad happening, so are unwilling to spend money to prevent what appears to be not happening.

Secure the device vs secure the data

There is an increasing deluge of smartphones and tablets in businesses and while these may help with productivity, BYOD (bring your own devices) represents an ever growing security risk.

Tablets and smartphones, are computers, just like the desktop and laptop. Therefore, training and configuration are necessary elements in the use of these devices. Anti-virus software, where available, as well as encryption can also help. You should also limit or prevent apps that are not sanctioned by the business. Additionally, consider auditing the devices either physically or through some scanning mechanism.

Since most organisations today support BYOD, the question to ask yourself is whether corporate policies should focus more on securing the devices or securing the data that travels on the corporate network and between the devices.

Larry believes that securing the data is more relevant. The reason for this is simple – although you can make policies of software and configurations required for the BYOD devices to connect to the network, it is difficult to make users actually install and keep preventative software on their devices.

Sign up to our newsletter for free

 

 

 

 

As Larry shares, “Threats change constantly and are typically aimed at the devices. Protecting the data protects the interest of the company and allows the user to have their device at work. One might also want to consider a separate subnet for BYOD devices that is not directly connected to the protected network. A reverse proxy could then be used to access the protected network when required.”

A word of caution though – use automation technologies as much as you can. They are available, after all, to assist you in protecting your network. However, you should not trust automation so completely that you believe it will find all your threats with no effort.

These are but a few of the ideas you need to keep in mind to secure your network and the data that resides within it. A good robust plan is needed as much as regular comprehensive assessment of the kind of security threats in business today.

Larry Coldiron

 

 

 

 

 

 

 

 

Larry Coldiron is an IT instructor at ecpi University Roanoke, VA where he teaches all aspects of the IT curriculum including Cisco Routing, Microsoft Client and Server, Security Plus and wireless courses. His certifications include CEH, CCNAs, Security + and has been MCSE/MCSA certified since 1997. Connect with Larry on Linkedin and visit his YouTube channel

 

1 to escape furtively from an area under enemy control – from Dictionary.com

2 http://www.digitalattackmap.com/understanding-ddos/

3 TrendMicro Research Paper published in 2012, Russian Underground 101

4 A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

If you’re interested to know more – check these articles out too





There are no comments

Add yours

x
freshmail.com powered your email marketing