Since Microsoft decided to stop supporting Windows XP SP2 version last July by not providing any further patch fixes to new vulnerabilities that come into existence and said that it will still support XP SP3 until 2014, I thought it would be time to have a little discussion on a few things involving protecting your environment.
As we all know that for many centuries, there have been criminals all over the world on the streets with different motives for different forms of crime. They have all had different motivations, whether it's as serious as hurting others or finding ways of stealing personal information for money. As the internet and enterprise networks have evolved over time, some of these criminals have expanded their horizons to include online theft and cyber warfare.
Some questions that I have received in the past would include the following: "Why would anyone want to do such a thing to people online?" For the same reasons that these same individuals have been doing this before the invention of the internet. They don't care if their victim happens to be the nicest person in the community. They don't have passion for people's livelihoods and they thrive on vulnerability and chaos.
Take for instance, there are the shoplifters whom in online land can often be referred to as the kiddie scripters. In the land of street crime, they maybe referred to as juvenile gangs where they may setup a dare to do something that is damaging and dangerous to the rest of us. Things like throwing a brick through someone's car window without stealing any valuables inside would be a prime example just to cause some damage for someone else. Kiddie scripters in the land of the internet often tamper with vulnerabilities in software code or internet vulnerabilities but don't necessarily go after any imperative data.
Then we get to the more high profile criminals that like to go after other people's personal information such as social security numbers, first and last names, phone numbers, mailing address, etc. They can do this by sifting through garbage out on the streets, through mailboxes, and anywhere that they can find this information online. Like someone I had heard was giving a presentation on this a number of years ago, if they want something badly enough, they will find ways to get to it.
One prime example back in the days of college, there was a time when someone who I was acquainted with but tended to keep my guard up for the most part decided to commit a crime. What was the first thing he thought of? The living quarters on campus had some co ed dormitories and he had already gained the trust of my roommate's friends. So in their own opinions, he would never do anything unspeakable. He was a student himself at another location who was studying law enforcement at the same time that I was. Here is what he had done, although what he had done did not go as smoothly because there was a security perimeter in place when he had performed his less than acceptable actions. He used social engineering to get himself into the entry point because many of those students had seen him before and quite frequently because they had assumed that he was a student of the campus and lived in that dorm himself. So he gained access into the building and used a brute force attack to get into our apartment. Some may ask, how did I know he was coming? In his case, he left a trail of evidence on our answering machine but he was not counting on someone being there as a prime witness to what he was trying to do. Security perimeters were already set in motion so that by the time he got into the room, security was already right behind him. The point here to be made though is that some security measures were ignored which allowed him to get into the hall which in this case would be like a router on the network. There were no access control lists on this device so to speak to prevent him from getting in. Many security measures should have taken place to first off educate these students about watching who they let in, etc. That was of course the next step taken after I filed a police report on him to ensure that he would not make that attempt ever again with anyone else at any place or time.
One thing to use discretion with is social networks including Linked IN, Facebook, MySpace, Twitter. They are great avenues for promoting events, however, posting too much information on your profiles can give these malicious people plenty of opportunities for social engineering. For example, I heard from this one friend of mine that while they were away on vacation, someone had taken off with their mailbox. Here she discovers that her son had posted all over his facebook page that they were out of state on vacation for 2 weeks. Now depending on how well they know their settings, some information gets posted on there that not only their friends can see, other individuals can see as well.
Another thing when considering hiring someone to protect your networks, be sure to keep up with current events that are going on with other companies. I had heard that there was one company that had an insider that hacked into their network and he was fired for tampering with their data and made it to the media. Some other company hired him on 6 months later. Now they might have found it impressive that he could understand a great deal about vulnerabilities but there is a 99% chance that this same person will try the same thing with their network. This is like handing the keys of your home to a person that you just discovered from the media that they had already broken into someone else's home. That 6 month period doesn't seem long enough for this person to make a dramatic change in their behavior.
I read somewhere that 75% of attacks start through the web browser which does make sense to me because it is one of a few other applications that relies on an open port to run and gain access to information off of the internet. There are several others but this is one of the main ones because web browsers rely on different pieces of software codes and plug ins to allow it to work dynamically.
Some others have mentioned to mainly focus on application security because of coding vulnerabilities with certain programming languages and not focus so much on the operating system. Now I don't agree with that entirely. Depending on the environment, many other factors need to be taken into consideration. For example, if you are using the internet and you happen to be in a networked environment, it's imperative to use security guidelines to not only protect your data, but everything else which you wouldn't want to pay high costs for when things get damaged because one decided to forgo imperative security measures. Even if there is no significant data information on one system that these hackers would be after, they can still use these unpatched systems to bring into their methods of attack.
Just like the increase in criminal gangs has become even more high risk, so are blended threats in the online world. What I mean by blended threats is where these online cyber criminals take advantage of different virus types and blend the threat together to cause an even greater headache on systems. What the street gangs and the cyber gangs have in common is the following:
1. They case the joint where they plan on causing damage, attacking, or committing some type of monetary crime. If they want to go in without being detected, they plan things out possibly one to 2 months ahead prior to committing the crime.
2. What do both of these groups look for? Areas that lack the greatest amount of security. With online hackers, they can take advantage of free online monitoring tools for monitoring things like network traffic. They are great tools for the Network Administrators but they are a double edged sword because when they get into the wrong hands, there is no telling what will happen unless someone is willing to go in and monitor these situations.
For example, there was an unusual murder mystery that occurred in my hometown many years ago where a woman who had been a nurse up at the hospital went missing one day while the children were left behind on a curb at a shopping mall. She and her husband had just bought a nice large van with minimum visibility to be able to see inside of it and almost sound proof so that it would not draw too much attention to anyone on the outside if things were somewhat noisy from within the van. What this gang was looking for was a way to hide themselves while committing the crime in broad daylight. They studied everything for over a month at this one particular shopping center to see what it lacked. The main thing was that it lacked in a great amount of security. One could not see one security guard patroling the area for miles around. In summary, this was an inside attack meaning: they knew who their victim was, they gained her trust and she was made vulnerable because she was letting her guard down. Therefore, she was attacked.
In the case of the online hacker, they are looking for the same thing. A lack of best security practices on both the internet and the network. Security starts at the borders first. Those would include firewalls, routers, servers, switches, etc. Just like the security of the US from foreign invasion needs to start by being controlled at this Nation's Borders, so does protecting your network. Like an illegal immigrant can enter into our country when security at the borders is lacking, that's how a threat can break into a network system if one has weak configuration settings such as weak passwords, systems that are not updated with the latest patches, and the firewall is not configured properly to secure any ports in use.
One other thing to keep in mind is even though this might be costly to consider implementing strong security measures, it can be even more costly and time consuming when an intruder makes that unlawful entry.
No comments:
Post a Comment