Thwarting Hacker Techniques 1561

  • A good resource document that might be helpful to assess IT security controls…

  • Thanks Milan for sharing 🙂 About 2 years ago, I shared this commentary on how hackers are moving from brute-force attacks to a more serpetitious stealth mode of hiding and gleeming information. We’re indeed seeing this with the recent theft of private information from the Veterans Admin and notable corporate incidents 😞
    Hackers - moving from brute-force attacks
    Below are a couple of quick lists related to controlling the two primary facets of security (e.g., the technology and the human behavorial controls).
    PART ONE – Technological defense systems

    1. Keep your operating systems and all software patched (install patches expediently and use tools like WSUS, SMS, etc to roll these out in a productive fashion)
    2. Use a commercial grade multi-tier Firewall system
    3. Use a good commercial ‘best in the industry’ standard AV defense system with centralized alerting and logging (e.g., corporate versions of Trend, McAfee, etc)
    4. Anti-Spyware defense software
    5. Intrusion Detection software
    6. Network Vulnerability Assessment tools (STAT, RealSecure, KSA, Bindview, Nexus, MSBA, etc)
      PART TWO – ‘Security is a Process’
      While you can have the best technological defenses in the world, security must be emphasized to everyone as a ‘living and breathing’ process. For example, you can have the best locks in the world on the ‘hen house’ – but if the chickens ‘let the fox in’, those technological locks won’t do a bit of good 😉
      A quick list of ideas:
    7. Security Awareness program - Users need to know risks, best practices, etc … Security = SEC-U-R-IT-Y (i.e., ‘you are it’). An awareness program can be formal classes, a monthly newsletter, internal corporate email alerts when viruses are inside the company, best practices, etc.
    8. Policies, Procedures, and Standards - to help control human behavorial risks
    9. Develop a comprehensive security web site on your Intranet, so it’s easily accessible and referenceable with all policies and other information to help educate the user.
    10. Actively monitor the network (check IDS and Firewall alerts, Port Traffic spikes, etc)
    11. Proactively monitor emerging security risks and take precautions when new threats escalate publicly.
    12. Actively test your networks on a quarterly basis for exposures and conduct a more thorough annual penetration test
    13. In developing new systems or solutions, design security up-front rather than making it an ‘after thought’
    14. In granting security, employ minimalist security rights giving folks just what they need from an access perspective
    15. Avoid giving users root or local admin authority on their client workstations
    16. Use a continuous improvement theme when it comes to security controls.

Log in to reply