Security 101: Know the basics of eternal vigilance

This feature first appeared in the Spring 2014 edition of Certification Magazine.

“Boss, I think that someone got into my system.” Those are words that no computer user ever wants to utter, and no manager ever wants to hear. Unfortunately, they are heard in offices around the world every day. Last year, the Center for Strategic and International Studies estimated that cybercrime costs American businesses $100 billion in lost revenue annually, which is roughly equivalent to losing the effective output of about 508,000 jobs. Nobody wants their computer to become a part of that statistic.

Protecting systems against hackers is not the daunting challenge that it may seem. The vast majority of system compromises occur because of failure to apply basic security measures. The tools and techniques taught in security certification programs are tried-and-true ways to fortify your systems against attack. The challenge facing IT and business professionals is successfully moving these ideas out of the certification textbook and applying them consistently across their organizations. In this article, we examine five specific ways that hackers can infiltrate your network and explain how you can protect yourself against these attacks. Think of these five tips as being an entry-level certification to safe computing for every user in your enterprise.

1. Maintain the patch level of your operating systems and applications. Patching is dull work. It seems like hardly a day goes by without either our operating systems or one of the applications that we run popping up a notice about the availability of a critical security update. Vendors spend huge amounts of time and money developing and issuing these patches — for good reason. Each one of them addresses a known, serious vulnerability that could impact the security of your system. Remember, security bulletins aren’t only sent to benevolent system administrators and computer users. They also find their way into the inboxes of hackers who view them as leads — the source of potential new exploits they can leverage to force their way into unprotected systems.

Fortunately, there are mechanisms available to help alleviate the drudgery of patching. If you have the benefit of operating within an organization with a robust IT program, then you likely have the advantage of a centralized system management tool. These tools can monitor the patch status of individual systems, and apply patches in an automated fashion when they become available. That said, you can automate patching even if you don’t have the benefit of this type of tool. Most operating systems and applications now feature auto-updating functionality that allows the silent download and installation of security updates without user intervention. It’s usually just a matter of checking a box to ensure updates happen on a routine basis. However you approach it, the prompt application of security patches is one surefire way to reduce the risk that hackers will successfully attack your systems.

2. Don’t run outdated and unsupported software. Patching systems can only be effective when software vendors release security updates promptly after a flaw is discovered. Vendors are limited by time and money constraints and can only afford to release patches for products and versions that they are actively maintaining. This makes it extremely important for computer users to only use supported software. The fact that a vendor is no longer supporting a product doesn’t mean that hackers won’t discover new ways to exploit the software; it only means that the vendor won’t release a security patch to fix those new vulnerabilities. Systems running outdated and vulnerable software then become defenseless against knowledgeable hackers.

Computer users should closely monitor the “end of support” announcements made by software vendors. These announcements are usually made a year or more in advance of the support end date and provide ample warning to users who need to upgrade their systems. For example, Microsoft discontinued support for the Windows XP operating system on April 8. They announced this end of support in 2009, providing users with five years to upgrade their operating systems to newer versions of Windows. Running outdated software on your systems presents hackers with an open invitation to compromise your security.

3. Install and maintain current antivirus software. We all know that it’s important to have antivirus software installed on our systems. There are literally millions of viruses, worms, Trojan horses and other nasty pieces of software floating around on the Internet seeking out new systems to infect. Antivirus software functions like a security guard with a “most wanted” list, monitoring computers for the presence of data known to be associated with malicious software. The catch is that new malware appears on the Internet every single day. Antivirus companies release new signature definitions on a daily basis, updating the watchlist with current information. If you’re running out-of-date antivirus software, your virtual security guard is still doing his job, but his watchlist doesn’t contain the most recent threats, leaving you vulnerable to an increasing number of attacks every day.

Fortunately, the solution for this one is simple. You should maintain your antivirus software regularly, ensuring that your software subscription is current and that you’re receiving daily signature updates. If you want to take it a step further, consider using a centralized antivirus management console that monitors the antivirus status of all of the systems in your organization. The console can alert you when a system is either not running antivirus software or is using an outdated signature definition file. Maintaining current antivirus software on your systems reduces the ability of hackers to gain a foothold on your device.

4. Keep logs and watch them routinely. Our systems generate massive amounts of information on a daily basis. They are able to track user login attempts, file activity, blocked network connections and many other indicators that something may be amiss from a security perspective. These clues may be immensely helpful when investigating a potential security incident and can provide the information needed to stop an attack in progress. However, security logs can’t be useful if they’re not collected and monitored. An unwatched log might contain signs of an attack, but those records are useless if nobody is reading them.

Watching logs on a consistent basis increases the likelihood that you will identify hacker activity early enough to take action. While reviewing every possible log entry can take a considerable amount of time, there are ways to reduce the time spent reviewing logs to a manageable level. The quick and cheap technique is to use the operating system’s built-in filtering mechanisms to only view particular logs of security interest. For example, you might glance at log entries corresponding to invalid login attempts. If you’re able to invest in security software, you can take things a step further and implement an automated log monitoring system that watches logs on your behalf, alerting you to suspicious activity. Keeping a close eye on your logs can provide you with a valuable early warning system for hacker activity.

5. Protect yourself against social engineering. Not all attacks are technical in nature. Hackers know that humans are often the weak link in the security chain and they regularly attempt to trick people into unwittingly compromising the security of their systems. They might send e-mails warning users that their e-mail account will be suspended if they don’t visit a website that silently installs malicious software on their systems. More cunning attackers might place phone calls to users posing as help desk employees and requesting the user’s password to resolve a problem. These techniques, known as social engineering, allow hackers to bypass technical security controls and gain access to systems.

The best way to protect yourself against social engineering is through education. Passwords are private information and there should never be a legitimate reason for support staff, especially someone contacting you over e-mail or telephone, to request your password. Smart companies educate their users about the prevalence of social engineering and ways that they can protect themselves against hackers exploiting human weakness.

Hackers pose a real and significant threat to the security of computer systems and the information they contain. Smart computer users understand the risks posed by hackers as well as the techniques that they use to gain access to systems. Armed with this understanding, you can take a few simple steps to increase the security of your system and reduce the likelihood that you will fall victim to a hacker’s attack. Windows Event Viewer provides a free way to quickly look at system logs.

Like what you see? Share it.Google+LinkedInFacebookRedditTwitterEmail
Mike Chapple

ABOUT THE AUTHOR

Mike Chapple is Senior Director for IT Service Delivery at the University of Notre Dame. Mike is CISSP certified and holds bachelor’s and doctoral degrees in computer science and engineering from Notre Dame, with a master’s degree in computer science from the University of Idaho and an MBA from Auburn University.

Posted in Tech Know|

Comment: