Network breaches, vulnerabilities no longer required

Some people presume that network attacks are the result of hackers accessing un-patched systems. However, most of the recent hacks and attacks that I have looked at can be attributed to one or more of the following.

1. Weak passwords
2. Introduction of malware onto the network
3. Holes in network perimeter
4. Social engineering attacks.

I do recommend that you keep all of your systems up-to-date with the latest patches and updates. If you have controlled systems on your network that cannot be updated, move them to a separate VLAN which does not have Internet access.

Weak Passwords

People using the default password on devices or using weak passwords to log onto networks and applications continues to be a major security issue. When forced to create a complex password with numbers and characters, most choose to use a familiar word and swap out the letters for numbers. Using the number 3 for an E is a common one. As personal computers become more powerful, so does their ability to run password cracking applications at high speed.

Recently the Twitter account belonging to a high profile Irish journalist was hacked. The journalist admitted after the event that her password was one of her children's names. My own recommendations for password management is to use a secure password safe, have different passwords for different systems and use images to set new passphrases. For example I might choose to use TheElephantStoodOnTheRed&BlueBall

Introduction of malware onto the network

Malware can be introduced into a network in many different ways. The most common source of malware is users accessing compromised websites or opening email attachments. Older types of malware will immediately try and spread once it gets installed. However, a lot of the new stuff will remain dormant until it receives updates from an external source to seek out other hosts, send data or launch a denial of service attack. Users need to be educated on the risks of visiting suspicious sites and opening attachments from an unknown source. In parallel to this you should look at installing systems which can detect worms on your network by focusing on network scans.

Holes in the network perimeter

The network perimeter on a network was once easy to define. You had a Internet connection and a firewall and you blocked access to everything except websites and email. However, as networks and applications have evolved, the network perimeter has become more open. An example of this is the amount of applications that use TCP port 80 to communicate with the Internet. Applications that use the standard web ports include music streaming, desktop sharing and Bittorrent applications. Even the latest TV schedule can affect you network.

I recommend that you monitor all traffic going in and out of your Internet connection. You can do this by locating your network core and then monitor all traffic going to and from your firewalls. Watch out for things like excessive downloading or traffic going to and from clients in the middle of the night which can be a sign of long term Internet connections. If you use a proxy server with filtering, make sure that you also have monitoring in place so that you know that the Internet filter is working

Social engineering attacks.

Social engineering attacks can take on many forms, from phone calls informing you that you have a virus, links within social network sites claiming to show you who is viewing your profile to emails from banks requesting that you change your passwords. They can be very clever and are all out to make a quick buck for those responsible. A lot of these attacks can be hard to block using traditional methods like firewalls and antivirus software. Instead, you should educate your users on what to watch out for, and do this on a regular basis. If the offer in the email is too good to be true, then don't click on it!

Darragh

Darragh Delaney is head of technical services at NetFort Technologies.  As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service.