How to Prevent the Majority of Computer Attacks
Protecting one's networks from computer attacks is an ongoing and non-trivial task; however, some simple security measures will stop the majority of network penetration attempts. For example, a well-configured firewall and an installed base of virus checkers will stop most computer attacks.
Here, we present a list of 14 different security measures that, if implemented, will help secure a network.
Companies often release software patches in order to fix coding errors. Unfixed, these errors often allow an attacker to penetrate a computer system. Systems administrators should protect their most important systems by constantly applying the most recent patches. However, it is difficult to patch all hosts in a network because patches are released at a very fast pace. Focus on patching the most important hosts and then implement the other security solutions mentioned below. Patches usually must be obtained from software vendors.
- Virus Detection
Virus-checking programs are indispensable to any network security solution. Virus checkers monitor computers and look for malicious code. One problem with virus checkers is that one must install them on all computers for maximum effectiveness. It is time-consuming to install the software and requires updating monthly for maximum effectiveness. Users can be trained to perform these updates but they can not be relied upon. In addition to the normal virus checking on each computer, we recommend that organizations scan e-mail attachments at the e-mail server. This way, the majority of viruses are stopped before ever reaching the users.
Firewalls are the single most important security solution for protecting one's network. Firewalls police the network traffic that enters and leaves a network. The firewall may outright disallow some traffic or may perform some sort of verification on other traffic. A well-configured firewall will stop the majority of publicly available computer attacks.
- Password Crackers
Hackers often use little-known vulnerabilities in computers to steal encrypted password files. They then use password-cracking programs that can discover weak passwords within encrypted password files. Once a weak password is discovered, the attacker can enter the computer as a normal user and use a variety of tricks to gain complete control of your computer and your network. While used by intruders, such programs are invaluable to systems administrators. Systems administrators should run password-cracking programs on their encrypted password files regularly to discover weak passwords.
Attackers often break into networks by listening to network traffic at strategic locations and by parsing out clear text usernames and passwords. Thus, remote password-protected connections should be encrypted. This is especially true for remote connections over the Internet and connections to the most critical servers. A variety of commercial and free products are available to encrypt TCP/IP traffic. 6. Vulnerability Scanners Vulnerability scanners are programs that scan a network looking for computers that are vulnerable to attacks. The scanners have a large database of vulnerabilities that they use to probe computers in order to determine the vulnerable ones. Both commercial and free vulnerability scanners exist.
Hosts for Security Computers with newly installed operating systems are often vulnerable to attack. The reason is that an operating system's installation programs generally enable all available networking features. This allows an attacker to explore the many avenues of attack. All unneeded network services should be turned off.
- War Dialing
Users often bypass a site's network security schemes by allowing their computers to receive incoming telephone calls. The user enables a modem upon leaving work and then is able to dial in from home and use the corporate network. Attackers use war dialing programs to call a large number of telephone numbers looking for those computers allowed to receive telephone calls. Since users set up these computers themselves, they are often insecure and provide attackers a backdoor into the network. Systems administrators should regularly use war dialers to discover these back doors. Both commercial and free war dialers are readily available.
- Security Advisories
Security advisories are warnings issued by incident response teams and vendors about recently discovered computer vulnerabilities. Advisories usually cover only the most important threats and thus are low-volume and high-utility reading. They describe in general terms the threat and give very specific solutions on how to plug the vulnerability. Excellent security advisories are found from a variety of sources, but the most popular come from the Carnegie Mellon Emergency Response Team at CERT.ORG
- Intrusion Detection
Intrusion detection systems detect computer attacks. They can be used outside of a network's firewall to see what kinds of attacks are being launched at a network. They can be used behind a network's firewall to discover attacks that penetrate the firewall. They can be used within a network to monitor insider attacks. Intrusion detection tools come with many different capabilities and functionality. For a paper on the uses and types of intrusion detection systems.
- Network Discovery Tools and Port Scanners
Network discovery tools and port scanners map out networks and identify the services running on each host. Attackers use these tools to find vulnerable hosts and network services. Systems administrators use these tools to monitor what host and network services are connected to their network. Weak or improperly configured services and hosts can be found and patched.
- Incident Response Handling
Every network, no matter how secure, has some security events (even if just false alarms). Staff must know beforehand how to handle these events. Important points that must be resolved are: when should one call law enforcement, when should one call an emergency response team, when should network connections be severed, and what is the recovery plan if an important server is compromised? CERT provides general incident handling response capabilities for our nation 'CERT.' FedCIRC is the incident response handling service for the civilian federal government 'FedCIRC.'
- Security Policies
The strength of a network security scheme is only as strong as the weakest entry point. If different sites within an organization have different security policies, one site can be compromised by the insecurity of another. Organizations should write a security policy defining the level of protection that they expect to be uniformly implemented. The most important aspect of a policy is creating a uniform mandate on what traffic is allowed through the organization's firewalls. The policy should also define how and where security tools (e.g., intrusion detection or vulnerability scanners) should be used in the network. To obtain uniform security, the policy should define secure default configurations for different types of hosts.
- Denial-of-Service Testing
(for firewalls and Web servers) Denial-of-service (DOS) attacks are very common on the Internet. Malicious attackers shut down Web sites, reboot computers, or clog up networks with junk packets. DOS attacks can be very serious, especially when the attacker is clever enough to launch an ongoing, untraceable attack. Sites serious about security can launch these same attacks against themselves to determine how much damage can be done. We suggest that only very experienced systems administrators or vulnerability analysis consultants perform this type of analysis.
No Comments for this page.
||Rating of 5 ( Votes)