Protecting the network from inside the firewall
2011 SC Social Media Awards: Finalists named
5 common vulnerabilities that can compromise your network
Today's security appliances do a great job patrolling the network perimeter, but what do you do when the threat is coming from inside the building? Below are the most common ways a network can be compromised from inside the gateway and what to do to protect your company.
1) USB Devices
USB drives are the most common way to infect a network from inside a firewall. They're cheap, hold a lot of data and can be used between multiple computer types. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port. Beyond simple thumb drives, any USB device that's capable of storing data is a potential threat. This includes external hard drives, digital cameras, MP3 players, printers, scanners and even digital picture frames. In 2008, Best Buy reported they found a virus in the Insignia picture frames they were selling at Christmas that came directly from the manufacturer.
What to do: Change the computer's default autorun policies. You can find information on how to do that within Windows environments here. Implement and enforce asset control and policies around what devices can enter the environment and when. And then follow that up with frequent policy reminders. In 2008, the Department of Defense developed policies and banned USB and other removable media from entering/exiting their environments.
2) Laptop and netbooks
Laptops are discreet, portable, include full operating systems and come with a handy Ethernet port for tapping directly into a network. What's more, the said notebook may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect. This notebook could belong to an internal employee or guest who's visiting and working from an open cube or office. It is also important to think about the laptops themselves. All companies have some forms of sensitive information that absolutely cannot leave the walls of the building. It becomes very dangerous when that information is stored on an insecured portable computer, as they are very easy to walk off with.
What to do: Implement an encrypted file system for sensitive data. There are a number of off-the-shelf and open source solutions out there that do this. Control over endpoints that enter and exit the internal system is also important. Sensitive information, such as VPN, DV and Wi-Fi access, should not be stored persistently on devices such as laptops or netbooks.
3) Wireless access points (APs)
Wireless APs provide immediate connectivity to any user within proximity of the network. Wireless attacks by Wardrivers (people in vehicles searching for unsecured Wi-Fi networks) are common. TJX, owners of Marshalls and TJMaxx, was attacked using this method, and intruders escaped with store customer transactions – including credit card, debit card, check and merchandise return transactions. This intrusion has ended up costing TJX more than $500 million dollars. Wireless APs are naturally insecure, regardless if encryption is used or not. Protocols such as wireless encryption protocol (WEP) contain known vulnerabilities that are easily compromised with attack frameworks, such as Aircrack. More robust protocols, such as wireless protected access (WPA) and WPA2, are still prone to dictionary attacks if strong keys are not used.
What to do: WPA2 Enterprise using RADIUS is recommended along with an AP that is capable of performing authentication and enforcing security measures. Strong, mixed passwords should be used and changed on a fairly frequent basis. Generally, wireless APs are connected for convenience, so it is usually not necessary to have them connected to a working environment.
4) Smart phones and other digital devices
Today, phones are full-functioning computers, complete with Wi-Fi connectivity, multi-threaded operating systems and high storage capacity. And they are starting to be given the green light in business environments. These new devices have the potential to pose the same threats we've seen with notebooks and thumb drives. What's more, these devices have the potential to elude traditional DLP solutions.
What to do: The same rules for USB devices apply here. Implement and enforce asset control and policies around what devices can enter the environment and when.
Email is frequently used within businesses to send and receive data; however, it is often misused. Messages with confidential information can be forwarded to any external target. In addition, the emails themselves can carry nasty viruses. One targeted email could phish for access credentials from an employee. These stolen credentials would then be leveraged in a second-stage attack.
What to do: With email security, source identification is key. Identify the sender using technology such as PGP, or a simple array of questions before sending sensitive information. Access control to broad alias-based email addresses should be enforced. And policy and reminders should be sent out to employees.
Derek Manky is project manager, cybersecurity & threat research at Fortinet's FortiGuard center. As lead author of Fortinet's monthly Threat Landscape Report, Manky blogs and regularly writes on breaking security developments. He designed the company's responsible disclosure policies, which have been reliably used for years to report and disclose critical, zero-day vulnerabilities.