UNCLASSIFIED
11
(U) CYBERSECURITY SPECIAL FOCUS FOR INDUSTRY:
(U) How to Prevent a WikiLeaks-Style Breach (PC Magazine, 02 DEC 2010)
(U) The current WikiLeaks furor has dredged up a storm of debate but there's one troubling revelation that is crystal clear: if the government is vulnerable to network security and data breaches, your business is too. A few safeguards in place could have staved off the leakage of classified information from
networks, many of which are available to small businesses: activity monitoring, limiting which data is searchable, keeping tabs on user permissions, and deploying a robust data leak prevention solution.
(U) According to an article from the National Journal these leaked "cables" and incident reports are transmitted as PDF files by government workers to a secured network but then are stored as searchable
PST files. That's right, the same PST files you create when you backup your folders in Outlook. Apparently, all anyone with access had to do was download the PST files and extract them. Voila!
Exposed data.
(U) The most immediate question anyone responsible for network security would ask in this case would be, "Who was responsible for tracking network activity to monitor who was downloading what and
when?" As per the National Journal post, since government analysts routinely download and upload these files, activity logs were pretty much ignored and no one noticed any suspicious pattern of activity. In
other words, whoever was in charge of network security got too comfortable and let their guard down. Since this recent leak, a Pentagon official noted that procedures had changed and that now these analysts
seeking to upload or download data must do so in a supervised setting. That's a good start, but the fact that it took such a security breach to implement a measure for critical data is unfortunate.
(U) When it comes to protecting your business' network and data, it pays to be paranoid — especiallywhen it comes to that critical data that could make or break your business: customer information, patient
information, and the like. Activity logging, locking down access to USB drives, and careful monitoring of networking admins, or any person given keys to the network, may seem draconian but these are all
essential components of a good security plan
(U) While no network is 100 percent impenetrable; there are several ways small businesses can shore up networking security and preventing their own "wikileaks:"
• (U) Take a Multi-Faceted, Layered Approach: Network security is not just about having an antivirus program running on every desktop. It's all-inclusive. This means any node on your network, wireless and wired, must be protected. It also means you have compliance rules that govern anything that is allowed to connect to your network. You must also have protective
measures for data both at rest and in transit. This means protecting not just data on servers and user machines, but data that goes in and out of your network, with security methods like encryption. Finally, you've got to keep control of mobile devices on your network as well as which USB devices may or may not have access.
• (U) Create, Adhere to and Maintain a Security Policy: No matter the size of your company, best practice dictates that the first step is creating and documenting a security plan. This is required by regulations like HIPPA, but it's actually a good idea for any business with a network. Educate and familiarize employees with the plan. Keep it updated as you add and deploy new technology on the network, or when new technologies like the iPad emerge. Most importantly, adhere to it.
• (U) Protect the Perimeter: Third-party application or appliance firewalls (separate from the default firewalls found in OSes and routers), Unified Threat Management devices, and Intrusion
Detection/Protection systems (IDS/IPS) are all parts of a layered, comprehensive security solution. Purchase the best devices you can, as these technologies can help protect against DDoS attacks, snooping and other external threats. Zyxel offers UTM appliance for the SMB, as does eSoft. Juniper and Dell have partnered to deliver the J-SRX Services Gateway Series. Cisco and Juniper also offer many firewall and IPS/IDS solutions. Many SMB security devices are designed
to be easily deployed without the need for dedicated IT support.
• (U) Secure Endpoints: It's vitally important to cover your network endpoints. What's an endpoint? Any single thing that can attach to your network, whether it's a server or a USB drive. Pay particular attention to those small portable devices like USB and external hard drives. They can be carriers of threats, sneaking them into and out of your business' network. For years, network
security admins considered networks as closed, unified entities, and designed their defensive strategies accordingly. With the proliferation of portable devices, you've got to consider your network as an expandable, mobile one. That's why endpoint security is crucial. Patching endpoints, performing vulnerability assessments, remediation, and enforcing corporate compliance are all part of effective endpoint security.
• (U) Implement Data Leak Prevention: DLP is software or devices that can aid in preventing data theft from within an organization. It does so by allowing network administrators to lock out unauthorized users from USB and FireWire devices, prevent users from connecting PDAs or any other plug-and-lay devices, and allow defining and controlling data retrieval policies. One
example of a DLP solution is DeviceLock.
• (U) Adhere to Corporate Compliance: Corporate compliance isn't the same as a security policy. A policy is your network's laws, whereas compliance refers to their enforcement. For example, enforcing compliance means preventing any PC or laptop from accessing the network if it doesn't have the security patch specified in your policy. Products such as Trend Micro Worry Free;
Symantec Protection Suite for Small Business and McAfee Total Protection for Endpoint are all focused on securing the endpoint
• (U) Don't Forget User Security: Security problems can originate from what's in between the keyboard and chair: end-users. Restricting what users can and cannot access (maybe using a Web filter to prevent Facebook access during work hours, for example) can stop nasty bugs from entering your network. Don't run a free-for-all network; force users to authenticate into the network, whether it's a wired Windows Domain using Active Directory, a SQL Server or a wireless router. For organizations with highly sensitive data, there are third-party solutions like
RSA SecurID which provides two-factor authentication for users to access network resources. Implementing authentication lets you keep tabs on who is accessing what, when they can access it, and helps in keeping hackers out. No matter how effective you are in securing up a network, you still have to contend with end-users, who often inadvertently make the biggest security
breaches. Educate users about security and policies.
• (U) Smartphones and Mobile Devices Need Security, Too: Threats are still largely endemic to the Windows ecosystem. That doesn't mean other devices, such as Apple products and smartphones, should be left unsecured, however. Treat them as you would treat any other endpoint and ensure they comply with your security rules. For example, only allow them to connect to your network if your endpoint solution detects that they have antivirus installed. A recent study showed that, yes,
you do need security on smartphones and assessed four different mobile phone security solutions. You may think the potential for being hacked via your cellphone is remote, but at the very least you'll want some software on your handsets that lets you lock them down should they be stolen.
• (U) Don't Set It and Forget It: There are a number of routine network housekeeping tasks that should be part of your security strategy. Keeping all of your software updated is one. This not only includes Windows Updates and patches for servers and clients, but applications, firmware upgrades on routers and switches, and pertinent updates for smartphones on the network. Many of
these updates contain security fixes and patches. Keep a handle on updates and patches with a solution like GFI LANguard, which offers patch management. Also, as users come into and leaveyour network, be sure to remove or disable (depending on your corporate policy) their access to
the network and its resources.
• (U) Watch the Watchers: Anyone responsible for maintaining network health and security, from the CIO on down, should be part of a checks-and-balances system where no one person has lone knowledge over passwords or network activity. There are several third-party security vendors, such as Guardium who make devices that will log all activity happening on a database, including alerts for changes made by administrators. Log files should be enabled for major transactions and
network activity and regularly inspected.
(U) Analyst Comment: As this article notes, effective security against cyber threats, which are expected to increase in the future, is a combination of technical and operational measures. In addition to firewalls and networking monitoring systems, end user training is required so that users are aware of cyber threats
and take action to reduce risking behaviors, like opening email attachments, which can result in cyber intrusions.
No comments:
Post a Comment