Thursday, June 29, 2006

Stop Hackers Before They Attack

10 Simple Ways To Stop Hackers.

1. Perform discover-and-scan tests
The purpose of these tests is to highlight all entry points from the internet to the internal network. Make sure you know all entry points into your network rather than assume where these points are. A firewall is merely a door to the network; there may be many holes and entry points that an organisation is unaware of. These supposedly ‘unknown’ points are targets for hackers, as they normally have the weakest security controls in place.

2. Perform attack-and-penetration tests
The aim of these tests is to quickly highlight vulnerable points and aspects of the network: ones that are accessible from both an external and internal user’s perspective. By assessing the extent to which you are able to thwart attacks from external sources through the tests, you are able to patch and correct the holes that could allow intruders to hack into your network.

3. Launch user-awareness campaigns
Users should be made aware of the pitfalls of security and how to minimise these risks by applying good security practices in day-to-day operations. User awareness is that element of security that is often ignored and it can lead to the most vulnerability. All the security technologies in the world cannot protect against a user giving away company secrets or security information, such as passwords, of critical systems.

4. Configure firewalls appropriately and have them reviewed independently
An incorrectly configured firewall is an open door for any intruder. It is imperative to allow only the traffic that is critical to the business through the firewall. Even ports 443 (SSL) and 80 (http) sometimes present more risk than the business warrants. An open port is an open door. As a start, close all ports and then open only those that are more critical than the risk they present. Each firewall – and, indeed, each organisation – is different, requiring different firewall rule-set configurations. However, there are general guidelines that can be applied, namely: never open all ports to any source or destination and make sure the stealth rule is in the correct place in the rule set. A firewall is not merely a router; it has logging and monitoring capabilities that are often more important than the routing functions. Traffic to a valid destination through a valid port is often an attack that can be detected only through analysing the composition and nature of the traffic itself.

5. Implement strong password policies
Most organisations still make use of usernames and passwords as their primary, if not their only, authentication mechanism. Unfortunately, as surveys and analyses have revealed, passwords are a weak form of authentication. So-called “strong” passwords (not easily guessable) tend to be written down or forgotten, while passwords that can be remembered, and hence not written down, tend to be “weak” (easily guessable). This is the situation most organisations find themselves in.

6. Remove all comments in website source code.
Comments in code often contain usernames and sometimes passwords as well. By removing all comments, the thoughts on and details of the code itself are removed and safe from attackers. Even comments in code that are seemingly inaccessible to external users should be removed. There are many exploits and techniques available that enable an attacker to view the source code of nearly all web applications.

7. Remove all default.
Most default, test and example pages have some vulnerability associated with them. These test and example pages can lead to a complete compromise of the web server and, indeed, the entire network. Common exploits allow an attacker, through the use of test or example pages, to extract the password files in clear text from the server, thereby circumventing all security controls in place.

8. Disable all unnecessary services from all devices.
The only service that is not vulnerable to exploits is one that is disabled and removed from the system. Some services, however, present greater vulnerabilities and threats than others. The question you need to ask yourself is: “Do you need the service more than the risk and impact of it being exploited?"

9. Test an example pages.
Hackers are finding new vulnerabilities and developing exploits, viruses and Trojans daily. To keep up with these hackers, it is imperative that intrusion detection systems and anti-virus software are updated regularly, and preferably on a daily basis. As most analysts are always claiming, “detection systems are only as good as the last update.

10. Ensure physical access to the organisation and its systems is secure.
Why spend a fortune installing a state-of-the-art burglar alarm system if you leave your front door open, or your valuables on the street? By the same token, why spend a fortune on technical security when access to the organisation and its systems is not secured? First, if physical security in an organisation is lacking, intruders could simply gain whatever information they were after by simply walking into the office building and taking it. If the objective was to interrupt operations and cause havoc, an intruder could simply switch off the critical servers. If the aim was to gain access to the systems, the intruder’s task is made extremely easy by having physical access to the systems. Often administrators of critical systems remain “logged in” to systems throughout the day, which allows intruders to gain whatever access they desire. Whatever the objective of an intruder, his task is made that much easier through lax physical security measures. It is thus important, as with technical security, to test these physical security mechanisms regularly, as the smallest loophole can lead to a full compromise. Often, combining physical-access tests with social-engineering tests reveals the most useful information.

0 comments:

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites