Thwarting Hacker Techniques 1561
milan last edited by
A good resource document that might be helpful to assess IT security controls…
harrywaldron last edited by
Thanks Milan for sharing About 2 years ago, I shared this commentary on how hackers are moving from brute-force attacks to a more serpetitious stealth mode of hiding and gleeming information. We’re indeed seeing this with the recent theft of private information from the Veterans Admin and notable corporate incidents
Hackers - moving from brute-force attacks
Below are a couple of quick lists related to controlling the two primary facets of security (e.g., the technology and the human behavorial controls).
PART ONE – Technological defense systems
- Keep your operating systems and all software patched (install patches expediently and use tools like WSUS, SMS, etc to roll these out in a productive fashion)
- Use a commercial grade multi-tier Firewall system
- Use a good commercial ‘best in the industry’ standard AV defense system with centralized alerting and logging (e.g., corporate versions of Trend, McAfee, etc)
- Anti-Spyware defense software
- Intrusion Detection software
- Network Vulnerability Assessment tools (STAT, RealSecure, KSA, Bindview, Nexus, MSBA, etc)
PART TWO – ‘Security is a Process’
While you can have the best technological defenses in the world, security must be emphasized to everyone as a ‘living and breathing’ process. For example, you can have the best locks in the world on the ‘hen house’ – but if the chickens ‘let the fox in’, those technological locks won’t do a bit of good
A quick list of ideas:
- Security Awareness program - Users need to know risks, best practices, etc … Security = SEC-U-R-IT-Y (i.e., ‘you are it’). An awareness program can be formal classes, a monthly newsletter, internal corporate email alerts when viruses are inside the company, best practices, etc.
- Policies, Procedures, and Standards - to help control human behavorial risks
- Develop a comprehensive security web site on your Intranet, so it’s easily accessible and referenceable with all policies and other information to help educate the user.
- Actively monitor the network (check IDS and Firewall alerts, Port Traffic spikes, etc)
- Proactively monitor emerging security risks and take precautions when new threats escalate publicly.
- Actively test your networks on a quarterly basis for exposures and conduct a more thorough annual penetration test
- In developing new systems or solutions, design security up-front rather than making it an ‘after thought’
- In granting security, employ minimalist security rights giving folks just what they need from an access perspective
- Avoid giving users root or local admin authority on their client workstations
- Use a continuous improvement theme when it comes to security controls.