In earlier times of the internet the question of security was always answered with the recommendation to entirely separate the machine with an internet connection totally from other work processes. In this way any malware from the internet could not infect and corrupt the business data. A simple but effective proposal, that is no longer practical in today’s era of constant connection. However, the constant internet connection – including mobile devices – increases the vulnerability of networks even more and as a result sensitive data has to be more and more protected.
What are the dangers?
Cyber criminals like to use unprotected network protocols as a point of attack. These protocols are responsible for the exchange of data between computers and network services, one of the most popular is called TCP / IP. With insufficient protection a so-called man-in-the-middle attack could be the access. If an attacker gains access to a computer network, he can get positioned between two communication partners without being noticed. Now the intruder can monitor all communications or simply impersonate one of the communication partners and tap into sensitive information.
If the main target is primarily used to create then most of the time a DoS attack (Denial of Service) will be used. To proceed, the target server or other components in the data network are showered with a vast number of requests. The goal of the attack is so that the attacked computer is overloaded and the data transfer gets extremely slow or stopped completely.
If large service providers are the target of a DDoS attack (the first “D” stands for “distributed” = spread), such attacks are carried out by multiple compromised computers flooding the network with requests.
Attacks from the inside
However, the biggest threat very often does not come from outside but is created by employee, but not out of intent of the employee. Criminal attackers use a process called “social engineering” to receive access to sensitive information from inside an organization. In this case criminals pretend to be technical staff that will repair faulty hardware, and therefore are in need of the password of the employee. Even fake mails from the management are a popular way, designed to obtain the path to a secured network.
Protect your servers!
You might be surprised when you see how on the one hand security measures for individual computers and the network are very important in a company, but on the other hand, servers are simply housed in unsecured cabinets or basement. For a skilled attacker it is pretty easy to access interesting data. Not only the server, but also the rest of the hardware provided for the corporate network should also be well secured. Hubs and switches can be tapped easily when they are not stored behind closed doors. For the same reason network cables should be installed in walls or ceilings. Wireless networks also need to have the highest-strength WPA2 encryption and should not be easy to identify.
Always be up to date
One point that is often neglected: all software should be up to date for safety reasons. Operating system and antivirus software, browser and email programs – constant software updates could fix security vulnerabilities in advance and make the system less susceptible to infection.
Also the often unloved firewall is a main factor for security. It monitors the data transport and decides which and how much data gets into and out of the network. The most common problem here resides in the configuration, since often the strict rules are not complied to out of convenience and therefore network security is greatly restricted.
Can a network be safe at all?
The answer might be principally, yes. When all possible safety regulations are maintained and companies are aware of the possible risks they should theoretically have no problems. Since people do not act like machines a residual risk always remains. One must not forget that today’s cyber crime is often operated by highly professional attackers with large financial resources, but problems by downloaded malicious programs should not occur anymore in a well-maintained network. However, criminals have gotten more skilled in recent years in the fight against anti-virus and other internet guardians. While new infections in most cases are discovered very quickly it takes days or even weeks until the information is dealt by the responsible.
Therefore, the answer to the above question can really only be: the ability of a network to be one hundred percent secure is virtually impossible as long as it is in use. Especially in times of blackmail malware like Locky, TeslaCrypt and Co. there may only be one, repeated, piece of advice: backup your data regularly.
Author: Kathrin Brekle