Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Thwarting
Hackers
BY MEL BECKMAN OCTOBER 2005
HEY CALL IT INTERNET BACKGROUND RADIATION, OR IBR. ITS THAT CONSTANT HISS OF traffic ever present on every Internet connection. Like the universes Cosmic Background Radiation, IBR lets us know that the Internet is not empty. Unlike its benign cosmic cousin, however, IBR is malevolent proof that evildoers prowl the Net seeking whom they may devour. You can see IBR with your own eyes by examining any firewall log, which will report a constant stream of probes and pokes at random IP addresses in your network. There is a hacker behind every one of these probes; none is innocent. Over time, IBR will ferret out known vulnerabilities in any network and exploit them. The average survival time of an unprotected Windows PC is measured in minutes; more secure devices might last weeks or months. But one thing is certain: If you dont find the vulnerabilities in your network, hackers will. Soon. But dont despair. The key to a hackers success is the subtle phrase known vulnerabilities. Hackers are bottom feeders; very few actually discover new security flaws on their own. Instead, they troll software bug reports and system patch announcements, then devise cunning robotic scanners or bots to seek out and exploit them. It is these bots that generate IBR, and it is them that you must repel. To that end, here are 10 straightforward steps that you can take to make your network less susceptible to attack, by dint of removing known vulnerabilities. I present these steps in order of ease with the simplest first because the more of these steps you accomplish, the more likely you are to be removed from the hackers list of low-hanging fruit. Some of the steps require
MBF>LMB<DBG@'
If youre not already taking a thorough look at security on your iSeries, you could be sitting on a disaster waiting to happen. At a minimum you need: exit-point security virus detection & cleaning network intrusion detection notication & alerts auditing & reporting event & user monitoring data loss & theft prevention SOX & other regulatory compliance
MHFHGBMHK%L><NK>1IKHM><M'
e^Zkgfhk^Zmppp'[rmpZk^'\hf(mb\dbg`(
Oblbmnlhgebg^_hkfhk^ bg_hkfZmbhg%_k^^pabm^ iZi^kl%\Zl^lmn]b^l% ik^l^gmZmbhgl1fhk^& @^mZeema^]^mZbelZg]_k^^ mkbZelh_;rmpZk^lhenmbhgl [roblbmbg`[rmpZk^'\hfhk \ZeenlZm1))'2,+'...0&
SECURITY RESOURCES
CERT
Securing Desktop Workstations www.cert.org/security-improvement/modules/m04.html The Spread of the Sapphire/Slammer Worm www.cs.berkeley.edu/~nweaver/sapphire/ Responding to Intrusions www.cert.org/security-improvement/modules/m06.html Patch Management and the Need for Metrics Kenneth J. MacLeod sans.org/rr/whitepapers/bestprac/1461.php
policies but bolster that with constant reminders. Here are the key points to emphasize with all users: Dont open e-mail attachments that you did not expect to receive, even from colleagues and friends. Dont click URLs in e-mails; carefully copy and paste them instead. Although inconvenient, this is the only way to avoid malicious links. Get approval before installing any freeware or shareware software. Do not install any unauthorized commercial software. Never connect computers from home to the enterprise LAN. Only secured systems, including company-secured notebook computers can be attached. Be aware of visitors attempting to use enterprise computers or network connections. Dont connect wireless equipment of any kind, including wireless keyboards and mice, to the network without prior approval. Some users will be unhappy with these restrictions, so you should also establish appropriate responses for violations. Nobody wants to play cop, but if you dont enforce these protections, nobody else will. One way to detect infringements is to periodically inventory the software installed on every computer. You can use any number of readily available desktop administration systems to do this centrally. A particularly insidious new threat that requires copious user education is Bluetooth networking. Bluetooth, also called personal area networking, is a short-range wireless technology designed to replace the cables used to attach cell phones, PDAs, keyboards, and mice to computers. It operates over a range of a few feet, but an interloper as far as 100 feet away can exploit Bluetooth. Although Bluetooth includes encryption, end users often misconfigure it, defeating that protection. Users need to be taught how to safely connect Bluetooth devices, and they need to know which devices are approved for use in your network. Your goal in constantly reminding users of security precautions is to create an atmosphere of security awareness. A great source of security awareness educational materials is the SANS Security Awareness Whitepapers Web site (see Security Resources, at left).
SANS
Security Awareness White Papers sans.org/rr/whitepapers/awareness/ Honey Pots and Honey Nets: Security Through Deception sans.org/rr/whitepapers/attacking/41.php M.B. nothing more than the investment of your time; others require the cooperation of your entire enterprise. You should take each step as soon as possible.
Given the vulnerability of Wi-Fi encryption, its not surprising that Wi-Fi has become the third most common path for network infiltration right behind clueless users and faulty applications.
8. Manage Patches
You likely already apply OS patches to servers and desktops, so you realize that patches are both a blessing and a curse. Patches are a blessing because they let you stop hackers in their tracks at the same time they learn about a new exploit, but patches are a curse because they often break things and make your life more difficult. Thats where patch management comes in. On the scale of ease of implementation, all the steps Ive discussed so far have been relatively simple to carry out. But this step, and those that follow, are a quantum leap in effort and expense. Patch management is expensive because its far from a science. To manage patches, you have to know what their impact is by studying vendor recommendations and reading about the experiences of those whove already applied the patches. Alas, vendor information is often couched in terms designed to limit vendor liability rather than help you assess the need for a particular patch. Commercial patch-management tools automate this process by connecting you to an expert database of patch information that documents side effects and interactions. These tools let you rank every patch to determine whether the benefits outweigh the risks. Some patch-management tools are OS specific, such as those aimed at Windows fixes. Others are more generic but necessarily less specific in their recommendations. Sometimes patch management is an add-on module to an IP or VA appliance. This isnt necessarily bad, because the appliance is in a position to collect the information needed for patch management. Patch managers provide an important twofold service: the collection of patches from vendors in a central repository for easy deployment, and the interception of automatic patches that vendors might try to apply without your permission. Windows Service Pack 2 is a good example of a patch that you want to control but that Microsoft currently insists on installing. Youll need to undertake an extensive study of your