By Jeff Johnson and Benjamin Harrison, IV
This is the 19th article in the Tech Talk series.
What would happen if a computer hacker breached your network’s security? Could electronic terrorists steal or damage important company data? They certainly could wreak havoc on your staff for days on end. In a worst-case scenario, hackers could drive you out of business. It’s possible these days, and someone could be tapping into your system right this minute if your electronic security is lax.
Here’s overview of tactics hackers use to attack computer networks, and what you can do to prevent these attacks.
Threat: Trojan Horses. These destructive programs often are disguised to look like real programs. They’re actually “hidden bombs” that wait to detonate on command. Trojan horses are programmed to listen for and respond to prompts from a remote system. They can also expose your computer or network to outside attacks.
Threat Level: Very High. A Trojan horse is an active threat. Many actively broadcast their location for others to exploit. Any type of Trojan horse opens up your system and lets hackers access your computer and network.
Prevention. Use server-managed anti-virus software coupled with a good firewall.
Threat: Port Scanning. Often referred to as the equivalent of “jiggling doorknobs,” port scanning reveals open ports in your network to hackers. If they’re successful, hackers can break into any part of your computer system or install malicious code that disrupts your company’s work, destroys files, or does something even worse.
Threat Level: High. If your system is hacked by someone who wants to harm your company, you must take action. If you’re lucky, perhaps it’s only a spammer who wants to use your e-mail system.
Prevention. A multi-tier firewall solution minimizes possible attacks. The first line of defense is a perimeter firewall appliance that “stealths” all unnecessary ports and monitors traffic to ones that must be open. The second line of defense is a software firewall that monitors and controls how data sent to those ports can be used.
Threat: Spam Attack. A high volume of e-mail sent to your company.
Threat Level: High. A spam attack can cripple your company’s internal and external communications. If you use a Microsoft® Exchange server for your company’s e-mail, it can be overloaded and disabled. If your company uses an outside source, a spam attack can fill up your e-mail account and delay or stop legitimate e-mail.
Prevention. If you use a Microsoft® Exchange server, have your IT professional set proper limits on every mailbox to prevent an attack from disabling the server. This should be coupled with good anti-spam software that offers automatic spam attack detection and “zero hour” settings to immediately stop an attack in progress.
Threat: Program Exploits. These are techniques designed to take advantage of a flaw or vulnerability in a piece of software (such as an operating system, Web browser, or e-mail program). A popular exploit is buffer overflow, where a malicious application purposefully pours too much data into a buffer (a holding point for application data). This exposes system resources to attack.
Threat Level: High. Program exploits are the easiest way for low-level hackers to break into a system. Security flaws in software are often well publicized, and certain kinds of software are predictably installed in most businesses.
Prevention. Make sure your network and computers are set up to receive automatic software updates via the Internet. These updates are common for Microsoft® Windows-based operating systems and many Web browsers and e-mail programs. They “patch holes” in previous software versions.
Threat: Non-Technical Hacking. A hacker can easily gain access to a computer network by calling your office, posing as a representative of the company that provides your business with DSL service or perhaps someone from the IT department or corporate headquarters, and asking for a password into the system.
Threat Level: Medium. Inexperienced IT staff and computer consultants who focus on the technical side of network security tend to overlook this threat. Non-technical hacking can allow someone to access and perhaps permanently erase sensitive data.
Prevention. Implement a password rotation policy. Train staff about safeguarding sensitive information.
Threat: Data Harvesting. People can do this by breaking into offices to steal computer hard drives, or by scavenging discarded computer systems, hard drives, tapes, CDs, and other backup media.
Threat Level: Medium. Many companies routinely dispose of or donate their computers when they upgrade their hardware. It takes little technical skill to view the files on a hard drive. With a little more skill, passwords and other sensitive data can be extracted.
Prevention. Institute a policy of securely wiping all data from hard drives before they leave the building and storing all sensitive (or even better, all) data on one or more central servers.
Threat: Denial of Service (DoS) Attack. This type of attack is designed to shut down a portion of your computer network. It’s like someone making prank calls who repeatedly hangs up the phone and calls again. DoS attacks tie up resources and prevent legitimate business from taking place.
Threat Level: Medium. These types of attacks can be coordinated to take down very large corporations. Smaller attacks can shut down your e-mail or Web server for a period of time. In some cases, systems may suffer long-term damage.
Prevention. Use a perimeter firewall application that can detect DoS attacks and block traffic accordingly. It should also include manual “zero hour” protection that allows your network to ignore data coming from an attacker.
Threat: Dial-In Attack. A computer with a modem that connects to an outside telephone line can automatically answer incoming calls to that number. A hacker can “call” that computer and gain access to your network.
Threat Level: Medium. These attacks bypass your normal parameter security, allowing considerable access to your network. Luckily, fewer and fewer companies use modems connected to outside phone lines.
Prevention. Unplug modems from the outlet unless they specifically need to dial outside. Set the modem to ask for permission before answering. Have a good client-level firewall in place.
Threat: Virus. A virus is a program that attaches itself to a program, a document, or something else in your computer and replicates itself. Viruses can be simply annoying or malicious programs that delete the contents of your computer or upload confidential information to remote servers.
Threat Level: High. Anything that can potentially wipe out the contents of your computer is a serious issue that must be dealt with.
Prevention. Use server-managed anti-virus software coupled with a good firewall.
Threat: Worms. A type of virus, worms get into your e-mail system and broadcast e-mails containing replicas of themselves to everyone in your address book. Worms can also find an opening in a network to admit outside traffic.
Threat Level: High. Worms can be damaging and hard to get rid of once they infiltrate your system. At the very least, they’re annoying.
Prevention. Use server-managed anti-virus software coupled with a good firewall.
Threat: Phishing. A fast-growing form of fraud, phishing describes a technique used to trick people into giving out passwords, financial information, important company data, etc. Requests for this information seem to come from trusted sources (e.g., the phone company, your Internet service provider, a credit card company, etc.). Hackers sometimes set up phishing Web sites that include logos and other elements to dupe people into thinking a legitimate, established company needs their information.
Threat Level: Medium. This scheme can allow hackers to access your network, make “purchases” on your company’s behalf, etc.
Prevention. Education is the first step to avoid being phished. Teach all staff about the dangers of phishing and the techniques hackers may use. Implement a password rotation policy and a policy about safeguarding sensitive information.
Threat: Spyware. This threat consists of small software applications that usually are installed on your computer without your knowledge or permission. Spyware collects and reports passwords or other confidential data back to a remote server.
Threat Level: Medium. These programs can be damaging. They are often contained in free programs downloaded from the Internet.
Prevention. Use server-managed anti-adware software. Implement a strict policy about downloading and licensing software.
Threat: Adware. Adware secretly tracks and gathers personal information and ships it to a remote server for purposes of generating targeted advertisements. It also degrades computer performance.
Threat Level: Low. Although adware reduces productivity due to system slowdown, long-term system damage is minimal. Most information gathered by adware is not linked to a particular company or person, and cannot be used to do additional harm.
Prevention. Use server-managed anti-adware software.
The security of your office computer network is serious business and not something to be taken lightly. Hackers may soon learn, if they haven’t already, that the best way to hit the building industry is right where it hurts—in its computer systems. You have lots of valuable company information stored in your systems—but are those systems secured against attack? By taking action now and protecting your network, you may be saving your company for the future.
Jeff Johnson is co-owner of CMIT Solutions. Benjamin Harrison, IV, is a level 3 technician with CMIT Solutions. The Sacramento, Calif.-based company provides computer and technology consulting services for small- to mid-sized businesses. To request a complimentary, one-hour security threat analysis of your computer network, contact CMIT Solutions at 916-984-6243 or SacCentral@cmitsolutions.com.
http://www.nahb.org/biztools — The easiest way to get the solutions you need to face tough business management challenges.
This Building Business Brief can be sent to you via e-mail. For more information, contact Jill Tunick at 1-800-368-5242, ext. 8461, or by e-mail: jtunick@nahb.com. This material may be reprinted in NAHB newsletters and member education materials.