We introduce you to 10 of the biggest and most dangerous threats to a business's network security to make you aware of security problems facing networks today.
IT Security Editors on January 17, 2007
The Small Business Primer on Network Security Threats
Over the last ten years, our world has become interconnected in ways not previously imaginable. Today, for instance, people in Spain, the US, and Brazil can find out simultaneously that soccer-star David Beckham has switched teams. Small companies can now affordably be spread across the globe, and big companies can now have inter-office collaboration on a daily basis. But all of that interconnectedness relies in large part on our ability to protect the networks that create those connections.Unfortunately, and despite the best efforts of network security managers, the last five years have seen hackers and criminals become increasingly effective at compromising these networks, as they have quickly developed new and ever more malicious threats to network security.
These newly created threats have been so successful in large part because most employees of companies, despite being regular internet users themselves, have no idea how these new network security attacks work, and have only a vague conception that these new threats even exist. This article will introduce you to ten of the biggest and most dangerous threats to network security, in an effort to make everyone more aware of the security problems facing networks today.
1. Viruses and Worms
The term virus has long been used generically to describe any computer threat, but in actuality it refers specifically to malware that inserts malicious code into existing documents or programs, and then spreads itself by various means.
The reason people often call every computer threat a "virus", is because viruses are the original type of malware, actually predating the public Internet. Today, viruses are still by far the most common type of network security threat, and over 90% of viruses are spread through attachments on emails. Often the attacker will combine a virus with a "zombie" attack (discussed below) so that you will receive an email with an attachment from a friend that actually contains a virus.
Prevention
The good news about viruses, is that they require a user action to insert themselves onto your computer. So, training your office staff to never open an email attachment that they weren't expecting, no matter who the sender is, will go a very long way to keeping your network free of viruses. Unfortunately, educating your staff about what attachments to open will do little to stop worms from infecting your network. That is because although worms are also often initially delivered in email, they don't need a host file (i.e., no attachment is needed for an email to be infected) and they can propagate themselves. Worms, unlike viruses, spread on their own. So once a computer is infected, the worm can often make quick copies of itself and infect an entire network within a few hours. Because of this unique opportunity to multiply themselves quickly across a network, worms are responsible for a good number of companies’ widespread network failures.
Both viruses and worms often work to open up new holes in your network security in order to allow even more dangerous security threats to infect your network. Consequently, it should be an essential priority of every company and individual to use virus protection software to limit the incoming malware, and then to educate employees to make sure those worms and viruses that slip through never get opened.
2. Trojan Horses
A trojan horse is a malware attack that disguises itself as something innocent, such as a computer game, or a YouTube search results page. A recent example of a devastating trojan horse used an email with a link that supposedly connected the reader to a video of the Saddam Hussein hanging, but instead just infected them with malware. Once installed on a computer, the 'Saddam' trojan horse then downloaded and installed a keylogger onto the infected computer. This keylogger was used to record every keystroke by a computer’s user, thus stealing financial account information and passwords.
The 'Saddam' trojan horse is noteworthy only because it was so successful, but the actual methods that it used to infect computer networks are not unique. In fact, trojans are particularly dangerous because they all appear so innocuous on the surface. Often trojans imbed themselves on a particular website (usually adult, gaming, or gambling), hide in downloaded free software, or, as in the "Saddam" trojan horse, a person might be infected by clicking on a link sent to them in an email.
Prevention
Because hackers are so creative in coming up with new and different types of trojan horses, training employees on what to look for will not prevent trojan horses from infecting your network. Instead, you may want to consider blocking users from downloading freeware, blocking links imbedded in emails, and using a whitelist to create a list of approved websites that employees may visit. Because trojans are much easier to prevent than they are to cure, with an infected computer sometimes requiring a complete reformatting of the hard drive, taking these drastic preventative measures may be warranted for some companies.
3. Spam
Depending on the source cited, spam makes up 70 to 84% of daily emails sent throughout the world. All that spam results in billions of dollars in lost productivity and creates an ever increasing need for IT resources to filter out this irritating and potentially malicious menace.
Spam email takes a variety of forms, ranging from unsolicited emails promoting products like Viagra, to coordinated spam attacks designed to take up so much bandwidth on a network so as to cause it to crash. A more recent trend is image spam, which eats up even more bandwidth than its textual cousin, and often circumvents contextual spam filters which analyze the message text to look for indications that the email is spam. Another brand new technique that spammers are using is called "news service" spam, which uses legitimate headlines such as "Howard Stern Earns $83M Bonus" to trick recipients into opening spam emails that are filled with spammy drug advertisements. These and other new spam trends constantly threaten the productivity of email and the security of IT networks.
Prevention
When it comes to fighting spam, fortunately, a great deal of spam can be filtered out by a good email filter. And much of what slips through can be avoided by staying current on the latest techniques that spammers use. In addition, however, you should protect your network from email spam by requiring your employees to use separate accounts for their personal internet use, and demand that company accounts not be used to signup for any online service or freebie. In addition, when creating company email accounts make sure to use a naming system which is not easily guessable (e.g., JSmith@domain.com), as spammers are increasingly going through common name lists in order to harvest emails to spam.
4. Phishing
Anyone who has ever used PayPal or does their banking online has probably recieved dozens of emails with titles such as, "URGENT: Update Account Status". These emails are all attempts by a spammer to "phish" your account information. Phishing refers to spam e-mails designed to trick recipients into clicking on a link to an insecure website. Typically, phishing attempts are executed to steal account information for e-commerce sites such as e-Bay, payments processors such as PayPal, or regular financial institutions' websites. A phishing email supplies you with a link to click on, which will take you to a page where you can re-enter all your account details, including credit card number(s) and/or passwords. Of course, these sites aren't the actual bank's site, even though they look like it.
Your company's mobile phones may not be safe either, as SMS messaging is now frequently used as a new type of phishing called SMiShing. Once the SMiShing, is successful, other malware such as Trojans are sometimes released onto the mobile phone. These trojans then make silent high cost text messages which go onto the sender's bill [4].
Some criminals are also using VoIP or VoIM software to send vishing messages. These try to confuse people into calling the provided number - usually an automated VoIP Call-In number - and revealing credit card details, which are recorded in audio form.
Prevention
Phishing in all its varieties is a huge and growing problem for network security managers and business owners. As we all become more interconnected and access more and more personal information through networks, there become more and more opportunities for phishers to attack. To protect one's network, it is becoming increasingly vital that you educate your employees about the most common ways in which hackers try to phish your account information. Even though simplistic phishing attempts like the PayPal scam now seem obvious to regular internet users, a single phishing attack can compromise an entire network's security if the employee is tricked into giving his network account information. Even after educating your workforce, you should consider adding a header to your network browser that reminds users never to enter personal information solicited through an email, and you should certainly use a sophisticated email filter to limit the number of phishing attacks that your employees must navigate around.
5. Packet Sniffers
Packet sniffers capture data streams over a network, thus allowing for the capture of sensitive data like usernames, passwords, and credit card numbers. The result, unsurprisingly, is the loss of data, trade secrets, or online account balances. For network managers specifically, even bigger losses can come from lawsuits due to noncompliance of data protection regulations.
While Packet sniffers have been used in rather harmless ways, such as by law enforcement and by corporations for data protection compliance purposes (HIPAA, SOX/ Sarbox, Gramm-Leach-Bliley Act), the real concern for network owners is packet sniffers more malicious forms.
Packet sniffers work by monitoring and recording all the information that comes from and goes to your computer over a compromised network. So in order to be effective, the packet sniffer must first have access to the network you are using. The most common way to do this, is through using something called honeypots. Honeypots are simply unsecured Wi-Fi access points that hackers setup and trap people into using them. Typically, these honeypots are setup in public places such as airports, and the Wi-Fi network is titled something like "Free Public Wi-Fi". Unsuspecting individuals then sign onto the corrupted network and the packet sniffer then grabs their personal information when they enter things like their credit card info into a site.
Prevention
Education is simply the best policy to deal with the threat of packet sniffers. Once your employees know to never access the internet through an unsecured connection, and are made aware of the fact that packet sniffers exist, they are much less likely to fall victim to this hacking technique. Because a single victim of packet sniffing among any employee can compromise sensitive network data, it is important that everyone learn how to identify honeypots and how to secure their own home Wi-Fi networks. In addition, make sure that your employees use a variety of different sign on names and passwords to access various levels of network security. That way, if login information is compromised, the damage can at least be limited in scope.
6. Maliciously-Code Websites
Maliciously-coded websites can take many different forms, from installing trojan horses to redirecting you to an unrequested site. But one of the most threatening forms of maliciously-coded websites, those that are designed to steal passwords, are on the rise [4]. A very common form of these websites takes advantage of human's charitable instincts by setting up traps in what appear to be sites that allow you to make donations to victims of natural disasters such as Hurricane Katrina. Hackers set up a fake sign-in page, and then encourage unsuspecting victims to enter their credit card number and other personal information.
In addition to stealing personal information, maliciously-coded websites are also often designed for the following purposes:
- installation of keyloggers
- adware/ spyware/ reading cookies
- drive-by downloads
- XSS - cross--site scripting to utilize web browser flaws for other intentions.
Prevention
In order to protect your network, you should encourage your employees to purchase information only from security certified sites, and to use PayPal instead of a credit card whenever possible, since by doing so they will not have to reveal their credit card information to another site. In addition to limiting the number of times credit card information is typed into a website, paying by PayPal is also helpful because maliciously-coded sites are less likely to accept PayPal payments since the owners of that PayPal account are easier to trace to an address or bank account.
Further, you should instruct your employees to never sign up for new web2.0 applications without using a different username and password than they ordinarily use for sensitive data. Creating a regular browser patch and plugin update schedule will also ensure that your virus and email protections are up to date. Finally, you should systematically set the browser security settings of all your network computers to a higher than default setting. While this step will not eliminate the possibility that your employees will stumble upon maliciously-coded sites, it will reduce the incidence of that occurrence.
7. Password Attacks
A 'Password Attack' is a general term that describes a variety of techniques used to steal passwords to accounts.
- Brute-force. One of the most labor intensive and unsophisticated methods hackers use to steal passwords is to try to guess a password by repeatedly entering in new combinations of words and phrases compiled from a dictionary. This 'dictionary attack' can also be used to try to guess usernames as well, so developing difficult to guess usernames and passwords is increasingly vital to network security.
- Packet sniffers. As discussed above, Packet Sniffers glean data electronically from a compromised network.
- IP-spoofing. Similar to 'Honeypots', this attack involves the interception of data packets by a computer successfully pretending to be a trusted server/ resource.
- Trojans. Trojans are actually invasive, as discussed above, and of these methods, are the most likely to be successful, especially if they install keyloggers.
Prevention
Automated testing (e.g., dictionary scanning), human behavior (e.g., lack of diversity in usernames and passwords), and other security flaws make it easier for password attackers to succeed. Unfortunately, there is no one single method to prevent against password attacks, though combining network traffic analysis along with the old stalwarts of email scanning, virus protection, firewalls, and an educated workforce can all together form a strong defense for any network.
8. Hardware Loss and Residual Data Fragments
Over the past few months, a number of government laptops have been stolen and the story has made national news. The government is so concerned, not because of the cost of replacing a few laptops, but from the network vulnerabilities that the loss of this hardware threatens to cause. In fact, hardware loss is a large cause of the more than 10 million cases of identity theft suffered by Americans each year.
These types of problems are not what we commonly think of as network security threats, but stolen or sold laptops and computers pose one of the biggest threats for networks. Businesses often sell older computers without completely wiping the drives clean of data, including system passwords. Just as with stolen computers, this information can then be easily used to gain access to the network and compromise the security of the entire system.
Prevention
Thankfully, the threat of hardware loss and residual data fragments can be minimized by taking a few rather straightforward steps:
- Encrypt sensitive company data, especially the laptops and files of executives who are most likely to be targeted. When traveling through foreign airports the problem can be especially acute, as laptops of prominent individuals are sometimes taken aside under the guise of "security", and their hard drives are quickly mirrored and used to blackmail the company. Despite the obvious benefits of securing data, however, a recent survey found that 64% of companies were more concerned about data loss than the cost of replacing hardware, however, only 12% were actually using encyrption.
- Wipe/shred files on old hard drives before they leave your organization. This is as much an issue of data compliance regulations as it is of network security. No matter what your motivation, however, failing to clean discarded hardware can leave your entire network vulnerable.
- Develop a policy for keeping track of employees use of Smartphones and USB memory cards around sensitive data. Simply letting employees know that you have such a policy and are monitoring the use of these devices will go a long way to preventing their misuse and protecting the network.
- Use an RFID-based Asset Management system for computers, laptops, and other sensitive hardware to keep tabs on their whereabouts in your premises.
9. Shared Computers
In the IT community, it is often said that shared computers are like public bathrooms, they may appear clean, but are usually chock full of viruses. Thankfully, the danger of shared computers is one network threat that you can largely render harmless by limiting the activities that you and your employees perform.Prevention
If you or your employees use public computers, don't permit them to log into important online accounts, especially those containing financial details. You never know when a keylogger might be lying in wait, ready to steal your password and then your company’s money. Going beyond just avoiding accessing sensitive data through public computers, if you can avoid it, forbid your employees from logging into any network accounts at all on any public computers. While enforcement of this policy is difficult, simply educating your staff on the dangers of using public computers is often sufficient to eliminate most of these incidents.
10. Zombie Computers and Botnets
If you've ever wondered who is sitting around sending out all those spam emails, the answer may be you. A recent New York Times article estimates that as much as 80% of spam messages are sent out by the computers of ordinary individuals who have no idea their computers have been converted into 'Zombies'. A 'Zombie' computer is simply a computer infected with malware that causes it to act as a tool of a spammer by silently sending out thousands of emails from the owner's email address.Infected 'Zombie' computers, are organized by spammers into small groups called 'botnets'. These 'botnets' then send out spam that may include phishing attempts, viruses, and worms. Unfortunately for network managers and business owners, the 'Zombie' malware threat is expected to continue to grow both in number and variety over the next few years. Currently, 'Zombies' are used to send out the following types of malware:
- Spamming and phishing attacks. This classic form of 'Zombie' computers is still the most common.
- Click fraud in advertising networks. Using a hidden program, zombie computers emulate human clicking on ads at a website or weblog. While Google said in Dec 2006 that click fraud for their AdSense contextual ad network is less than 2%, some advertisers have much higher estimates. Whatever the actual figure, creating click fraud zombies is currently a multi-million dollar industry, so do not expect it to stop soon.
- DoS attacks. Your company may have malicious competitors, or spiteful former employees who will stoop to any level to bring your company down. In this instance, your enemy might launch a Denial-of-Service attack (Dos) which is an attack designed to make the hosted pages of a website or network become unavailable to customers or employees. For instance, a spiteful former employee may launch a Dos attack on your biggest selling day of the year. Consequently, your company will lose all the business it might have had that day as customers are unable to access your website.
- Pump and dump stock schemes. In this scheme, spammers buy up a large block of a penny stock (especially sub-$1 per share), then use their 'Zombies' to spam millions of people with emails about the stock in the hopes that a few fools will take the bait and buy a few thousand shares, thus raising the price. After the price spike, the spammer then sells off his holdings and makes a quick buck.
Prevention
Because ‘botnets’ typically work silently on ‘zombie’ computers and are often enabled by the secret installation of trojan horses, it is very difficult to tell whether a computer has been infected. Preventing ‘botnets’ from turning your network computers into 'zombies' requires that you educate your employees to keep all forms of security software up to date, and to run a virus scan regularly, preferably nightly. In addition to nightly scanning, train your employees to look for sudden unusual behavior of your computer(s), such as persistent slowdowns, crashing, as a sign that they may be infected. If, despite your best efforts, a network computer becomes infected, treatment can vary wildly, from a simple scanning for and deleting the botnet, to a reformatting of the computer's hard drive.
Conclusion
As the volume of financial and other data transactions increase over the Internet, the potential for harm from network threats also increases. As a consequence, complex security measures that were once required by only Fortune 500 companies such as regular security audits are increasingly a necessity even for the smallest of companies.
As we continue to become an ever more networked society, the financial benefits attainable by hacking a network increase. As a result, it should come as no surprise that the number of attacks and the creativity spent in trying to breach a network continue to increase. Consequently, those that are tasked with defending networks must continue to educate themselves and their workforce on the newest types of attacks and make the necessary preparations to prevent against them.
No comments:
Post a Comment