Welcome back. In part one, we explained the importance of understanding the threats against your network and looked at three common hacking techniques that the bad guys might use against you. They included Attacking Defaults, SQL Injection, and Exploiting Unpatched Services. Now, let’s look at two more, and finish up with some good advice.
4. Network Scanning
There are several million systems on the Internet, so you may be asking yourself why any hacker would try to break into your network? Often, the answer is as simple as ‘because they can’. No matter how small your network is, or how limited your perceived scope may be, network scanners can probe millions of connected systems in hours, and do so in a completely automatic way that could be running while the attacker is at work, or out on the town, or even asleep.
Ping sweeps are used to see if a host is connected to the network, and can be combined with, or followed by port scanners. These tools will probe your connected hosts to see what type of operating system they use, what services they are running, and their output can then be fed into more sophisticated attacks against the specific versions your systems are running.
Defend your systems by using a firewall to block access to unapproved services, change your default banners, and as previously mentioned, keep up with your patches. Consider implementing Intrusion Detection Systems that can alert you when your network is being scanned, or the more advanced Intrusion Prevention Systems, that can automatically respond to such scans by slowing down responses or dynamically blocking the offending system.
5. Social Engineering
A chain is only as strong as its weakest link, and unfortunately, your network security chain’s weakest link is usually going to be its users. Social engineering attacks look to take advantage of people’s natural tendencies to trust others, to respect authority, to be helpful, and to do things that offer them advantage. Phishing emails induce users to click on links to websites and submit personal information by tricking users into thinking they are on a trusted site. Other emails or instant messages can appear to come from a contact or respected company and contain links to download software or view a website, which, when doing so, introduces malware including key loggers, remote access Trojans, and viruses. The more brazen social attacker may just call up a user while pretending to be the helpdesk, convincing them to give out their username and password; or they may call the helpdesk and pretend to be a senior lead of the company, requesting that their credentials be reset. These are all events that happen to networks across the globe daily.
Here, your defence in depth includes making sure you have security and acceptable use policies that are shared with and understood by your users; that you maintain strong anti-virus software on all desktops and servers; that you scan all inbound and outbound email for malware, phishing links, and sensitive information; and by ensuring that your IT staff does not do anything that encourages users to violate policy, like asking users for their password to fix a problem.
Remember that security is an ongoing process, not a goal. Every day, new challenges arise, new systems and software are added to your network, and new vulnerabilities are discovered in operating systems and applications. By following best practices, keeping up with developments in information security, and subscribing to the security alert notifications from your vendors, you are well on your way to maintaining a secure network. Always change default credentials on every system that connects to your network. Sanitize any input your applications allow. Keep up with patches for all operating systems and applications. Use firewalls and intrusion defense. Maintain good policies and educate your users on how they are responsible for network security too.
About the Author: Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like “The Transporter,” but for data, and without the car; and with a little more hair.