The past year has witnessed a number of highly publicised attacks, changing our notion on the lethal aspects of malware. Despite awareness about the dangers of viruses/worms, we have witnessed just how effective malware and orchestrated attacks can be.
For example, Operation Aurora attacks that started with Google and then targeted companies such as Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman, and Dow Chemicals. Shortly thereafter, came along Stuxnet, which was designed to spread until it found its target, and then instructed to tamper with that target by altering the instruction sets sent to a physical device. Stuxnet spreads geographically and decides on what actions to take depending on what environment it encounters.
Over time, the effectiveness and complexity of malware has increased and while most viruses and worms relied on one or two vulnerabilities to propagate, blended threats changed the face of the game when malware started to use different attack vectors to spread. Malware has proved that even the most secure networks can be successfully targeted. Example, Stuxnet proved that just physically or virtually segmenting a network from the Internet doesn't make it safe. Attackers can target specialised manufacturing, transportation or other non-Internet connected networks and this can be done by clicking on the wrong link, or insert an infected device. Ironically, these “disconnected” or segmented networks often have the weakest of defences. The question now is that if it is possible for attackers to reach network segments disconnected from the Web, how challenging could it be for them to target standard Web servers, end points, and traditional corporate networks? Not very.
To help bolster the security of your infrastructure, here are six areas, we believe, are ideal places to focus on:
1. Awareness: People, being the first line, need to be aware. Very little can be done to protect critical systems and data if users are regularly downloading software, surfing Web pages or opening links and attachments they should not be.
2. Capturing data that details security events on your network, aggregating and putting that data to actionable use: Most enterprises have enormous data scattered throughout their firewall, application, router, and other log sources that are useful for monitoring activities within their networks.
3. Leverage the security data collected: Verizon Business' 2010 Data Breach Investigations Report found that while 86 per cent of data breach victims had evidence of the breach in their audit logs, 61 per cent of those victims were notified by a third party rather than discovering it themselves.
4. Threat model: It's a practice few organisations currently engage in to determine where critical data resides and travels. When a Web server is hacked, it becomes easy to access backend databases. It is important to identify the types of attackers interested in infiltrating systems, what data they seek, and how to limit access to this data to only specific users.
5. Security policies: Enforcing security policies such as disabling orphaned ID accounts, running vulnerability assessment scans, maintaining adequate application and security logs, password changes, among many others is critical. Using automation to enforce security and regulatory compliance policies is a good practice.
6. Lastly, act: Even though security threats have become more menacing, the defences have also become more powerful. It is vital to take necessary steps to protect your infrastructure and data, which if we fall short of doing, will cost us dearly.
(The author is Managing Director for India Development Centre and Vice-President for Global Engineering Strategy, Novell)
