T:(0208) 735 9000

F:(0871) 994 3183

 support@sircles.net     
 info@sircles.info
 
 sircles.net 
4th Floor, The Triangle
5-17 Hammersmith Grove
Hammersmith
London
W6 0LG

Computer Systems, Network and IT Solutions/Computer Support Specialists

 Home Up

Your System Audit
 
A system audit of your offices  - this is where to begin if you want to join the sircles.net computer support network.
I would like to arrange for an audit of my system:
Name
E-mail
     
Receive our sircular
 
 I would like to receive your weekly sircular magazine on computer support, computer security and  the internet:
Name
E-mail
     
 

1 Month Support Free
 
 We are offering your first month of Computer Support FREE with any of our remote computer support router deals (min contract 3 months) so you can discover the time and money saving advantages of our remote control solutions.
Send me further details on computer support services in which my first month of support is free
 Please contact me regarding IT support services:
Name
E-mail
     
 
 

 

The Steps to Becoming Safer in your Business - Adjusting yourselves to the New Wave of Hacker

1. Awareness

Information Technology works both ways. You need the technology to deal with the information, but you also need the information to deal with the technology. As a support company, it is part of our job to make sure you are making the right decisions regarding your information technology. Not just your spending, but your training, your policies, your predictions and the procedures you have in place already as regards dealing with your computer systems. As computers become more and more a part of our daily lives - you probably have at least three or four in your kitchen as we speak - the levels of computer interaction become ever more complicated. As a result your computer network becomes evermore complicated too, after all, that's what a network is, computers interacting. If you have a mobile phone you synchronise it with your computer - it may be a trio or whatever - then it is something that we have to be aware of in order to fit in if and when it may become a security issue. If you have a wireless connection at home then it is a way of software gaining access to your laptop.

It is a primitive idea that viruses and the like are built by people seeking notoriety or credibility amongst the hacker community. Most hackers these days are developing code designed to exploit a known weakness, and then selling that code on to organised crime. As user demand (and therefore the applications themselves) get more and more sophisticated, there are bound to be more vulnerabilities. After all, if the application is bigger, there are bound to be more parts of it that can be turned to misuse. These two factors acting together make for a new form of attack; one that is designed and motivated. It is designed by people trying to make a name for themselves as creators of clever and reliable code that does not lead any trace to the instigators so that the organised criminals will want to come back for more. And it is motivated by the desire of the criminals to turn a profit on the money spent obtaining the code. Quite a dangerous little cocktail.

Some of the statistics derived by Symantec in Q3-4 of 2005 (who have more information on this subject than everyone else put together no matter what the web whiners say) show some fairly alarming trends:

  • The average time between the announcement of a vulnerability and the appearance of a code designed to exploit it was 6.8 days (as measured by Symantec)

  • The average time for a patch to fix the vulnerability to appear was 49 days

  • Microsoft Internet Explorer had the highest number of new vulnerabilities at 24

  • Mozilla Firefox had the highest number of new vendor-confirmed vulnerabilities at 13

  • 80% of malicious code threatened confidential information, up from 74%

  • Modular malicious code accounted for 91% of the total discovered, up from 83% - these are worms that live in your computer silently displaying no sign of their existence that build themselves up into dangerous viruses as time goes by. They are particularly useful for theft as they can generate 'cells' of viruses that live on different computers in your network so that they can continue to operate even if individual culprits are discovered and disabled.

  • Spam made up 50% of all monitored email traffic

  • One in 119 emails was determined to be a phishing attempt, up from 1 in 125 - phishing is the action of trying to extract confidential information from you by pretending to be EBay or Barclays etc and taking you to a page that asks for your login details or some other confidential information and looks like the genuine website.

Even computers on a scale of the Sony PSP have mal-ware being distributed. 'Brick' turns your PSP into just that - a brick - and already there are Trojan horse viruses running around pretending to be fixes in order to catch people out. And this brings us to the most important area to be increasing your staffs awareness in. At least half of all successful attacks on companies in the UK are initiated from the inside, either deliberately or by trickery; this is where your staff are your security front line. In the near future you will begin to see mobile phones becoming a real target for viruses and spyware, especially as so many run Windows now. Undoubtedly Antivirus programs for these phones will follow too and we must all be prepared. Do you know who connects there mobile phones to your network? Soon it will become a priority.

2. Your Vulnerabilities

Where is your most sensitive data kept? How is it accessed? Do you enforce regular password changes for the users of this data or do you find that the forgetting of all the passwords by your staff seems to rob you of more revenue than you can cope with? Where is your email server? Does it scan for viruses in incoming emails?

Your network firewall always used to be where you connected to the outside world but now the outside world has such a high level of interaction with you computer system, that it is beginning to be tricky to tell them apart. Every accessory that is synchronised or copied to your network is a path to and from the outside world. Every laptop, PDA, mobile phone, USB ram drive, modem, VPN, camera and MP3 player brings information in and takes it back out again. If you have a wireless connection then you have another full-time connection that is sending data out to the world and receiving it back just for your system to identify users for authentication. As a result your perimeter has become dynamic and less predictable and so different measures must be in place.

Preventative is always a better option and so once your vulnerabilities have been identified it is time to draw up a plan to minimise their abilities to do you harm.

3. Your Policies

Clear policies should be defined pertaining to the use of any hardware or software that may be a danger to your computer system. To close as many avenues as possible is not necessarily the first or best option as this action will limit your capabilities. The most sensible course of action is to start by informing your staff of the most likely ways attackers will try to compromise your security. Here are a few examples but we will be following these up with subsequent reports.

  • Human behaviour is their biggest weapon. Emails that start with 'World Cup Tickets' or 'If you Don't Forward this Email you are Sick' and the like serve only to get you to open the email. Do not even think about opening anything that is not addressed exclusively to you. Emails with a large number of recipients will be playing a numbers game. Don't become a statistic. If the email claims that it is a petition, ask yourself how the originators will ever recover the list as there is no sign of who they are.

  • Emails with active content are always the most dangerous. Seriously consider preventing any emails with .exe, .xls, .doc., .scr or .cmd attachments being allowed in. If a staff member specifically needs an .exe file then get the sender to rename it or zip it up before sending. Also block all incoming internet hyperlinks to prevent phishing and other

  • Your perimeter defences do not guard you against viruses brought in by laptops or USB flash drives etc. Make sure that your staff understand that all computers are to be updated with the latest virus detection signature files and Windows updates. This will not only help protect the individual user, but help stop the spread of viruses to others.

  • CDs/Floppies/USB flash memory sticks and DVDs from anywhere must be checked for viruses before using any data. Internal attacks are at least as common as attacks from the internet and most modern attacks are a combination of both.

  • Keep an eye on the address bar in your browser to make sure that it says what you are expecting. Beware of domains like  BBC.net appearing instead of BBC.co.uk - do not even go near clicking any domain name that ends in a .cc suffix. Many ad-ware and spyware sites impersonate other sites or forward you to known sites and make notes of your behaviour as you go so watch for any sign of unknown domain names.

  • You staff username and passwords must be guarded carefully. Unbridled access is a serious problem with at least half of the attacks made against businesses being from the internal network and without the ability to audit individuals there is no deterrent. Unique passwords that are unknown

4. Your Perimeter

You must be equipped with a firewall and antivirus solution at every point of contact with the internet. Denial of Service (DoS) attacks are still common to servers and desktops alike and can cause outages in connection to your email, database and fileservers or the internet:

  • Emails should be scanned at the email gateway (the connection to the internet) so that all viruses and SPAM are blocked.

  • Phishing emails, - these pretend to be from EBay or a bank etc, and ask you to update your details by clicking on a shortcut in the email. This will take you to a mock up of the real website that the email claims to be from, and there you will divulge your details for the impostors to use to gain access to your funds etc.

  • Your servers should be locked away and safe from harm due to accident or theft. They should also be protected from unbridled access by being behind locked doors and inaccessible via un protected network connections.

  • Your network should be locked away behind a glass door or in a metal case so that no one can just plug in an unchecked computer and all the network ports that you are not using should be inactive - they should have no connectivity to the network switches or hubs etc -.

  • All unused network ports should be either disconnected at both ends or have a connection policy that forces them to authenticate before they can access any of your network resources.

  • Think about using smartcards or finger print authentication if your password policy is causing you problems as most people don't forget their fingers when coming to work. This is an idea that has been made to work on many scales so do not dismiss it on a cost basis without taking into account how much time you waste waiting for support to sort out resetting your passwords.

On top of all of this, take access to your building to be a means of stealing data from your computer network just as if they were going through your files. Make sure there are no network ports on the ground floor which are unnecessarily connected and could be granting access to anyone walking into your foyer.

5. The Future

Each emerging technology offers its own set of difficulties. The age of the PDA is just about to begin facing the difficulty of malware and SPAM as it transforms into a miniature PC in it's own right. The USB drive and the DVD are now internationally recognised as a primary 'back door' into larger networks and custom malware is written to take advantage of this. In each area you must continue to do enough to stop you being an easy target but not enough to be spending unnecessarily.  Walking this line is the target of all of your information systems providers and it will continue to be, the biggest influence on how far they shall succeed in this matter is how much you and your company assist them.

 
Send mail to webmaster@sircles.net with questions or comments about this web site.
Copyright © 2009 sircles.net limited, all rights reserved. Company Registration Number 05561848 VAT No. GB 875 9722 65
This website is designed to be viewed at 1200*800 screen resolution or above