How to Plan for a Possible Network Attack

Robert J. Shimonski   Today’s Top Stories   or  Other Windows Stories  

Advances in SSL and Certificate Management HP StorageWorks EVA4400 & Microsoft Data Protection and Disaster Recovery with iSCSI and VMware 7 Requirements of Data Loss Prevention Ponemon Study: How much does a data breach "cost"? E-LOAN maintains reputation as a privacy leader with Symantec Data Loss Prevention solutions Virtual Reality Virtual Reality SaaS Solutions for Remote Systems Management Sign up to receive Disaster Recovery Resource Alerts

March 21, 2005 (WindowSecurity.com) -- Editor's Note: This article was first posted on Jan. 10, 2005
When you are an administrator in a company with a perimeter connection to the Internet, you have to consider that you could very well be under attack at any moment. You shouldn't worry about it, lose sleep over it, and consider it by protecting against it proactively. Consider a top 10 list for ensuring that you don't fall under attack 'for sure'. What would that mean?

Protect

1. Windows Updates (patches): Make sure your systems are patched up. Test first, but make sure it gets done. It's important to patch up these systems frequently, the 'security' hot fixes come out very often and are many times so important that if not installed, will leave your system (or 100s of systems) open to the latest and greatest piece of malware out there.
   
2. Antivirus Protection: Speaking of malware – you should take a look at your antivirus solution and if you haven't done anything about it, then you should start now and get your systems updated, make sure that you have analyzed protection from every angle, not just from your own personal PC, but to all your servers and clients in a corporation.
   
3. Assess theft potential. Keep a close eye out for your PDA's, your laptops, portable hard disks, data backups on CD, anything – make sure you assess your own safety as well.
   
4. SOHO Users: Roaming clients pose very big risks. Roaming clients may not be back to a location to get Antivirus updates or Windows updates. This is not good because at the rate they come out these days, and the 'importance' of installing them… it's important to consider. SOHOs are a threat to an organization if not considered… they can spread worms through the corporate network if you do not put strong security controls in place.
   
5. End users gobbling up your bandwidth. Have no controls on your network to stop shoppers? Well, you'll wish you had it this year! As folks send more and more cards and emails, they send a ton of junk to each other via email too… all the jokes, the image files, the games, etc. Make sure you keep an eye on your bandwidth so you can keep some around for some legitimate business.
   
6. Data Backups (verifiable): make sure you check your backups, have they been getting done? Are they 'verifiable' meaning you tested one and know that the data backup is good – you verified it was good – by doing a sample restore and testing the sample? If you have no verification, then you don't have a known good backup. Sometimes there is damage to the backup drive hardware, sometimes tapes get screwed up. I have seen tapes for 3 months with no data on it because of a system glitch. Test your backups; you'll be glad you did.
   
7. Perimeter Protection: as you progress more and more to the Internet in our organization, and run your company's data over it, consider that public Internet connections pose a threat. Any junior high school kid with a free network scanner like nmap and all the time in the world will rattle your doorknob once this year for sure. Do it yourself before they do. Check out what's open; maybe think about closing it up really quick before someone thinks about exploiting you.
   
8. Data Confidentiality: This is about intercepted data not only in transit, but also on your laptop. If a laptop gets stolen, then it can be used to penetrate the network if you left a spreadsheet full of public IPs and some credentials on it. Someone can use that laptop to now access the network. Consider using EFS to encrypt files on your local system, consider using PGP to encrypt your email, think about VPN technologies to encrypt your data.
   
9. Disaster Recovery Plan: consider drafting one if you don't have one yet. This is the number one reason why network attacks succeed, because if you had prepared to be attacked, the attack wouldn't have been so bad, or 'as' bad had you not prepared.
   
10. Hot Site: if your operations warrant it, I would suggest having a spare office to go to if your company relies heavily on it. Even if it's a secondary meeting place, the events of 9/11 show us that it's impossible to consider every disaster that may take place. Consider making a plan to meet up to do business elsewhere.

Prepare

1. Incident Response Plan: think about your team. If you have an incident such as a DoS attack, what would you do? Who enacts the plan? Who has what specific responsibility?
   
2. Disaster Recovery Plan: Consider revisiting your disaster recovery plan soon if you haven't. RAID disks have a Mean Time Between Failure (MTBF), so they are likely to go if they haven't gone in a very long time – consider when the last time a disaster struck and what you needed to fix things, did you have all the tools you needed? Consider what you didn't.

More Considerations

1. Install freeware security software to do tests and or to augment anything that you may need. Tools like nmap, tcpdump, GFI's LANguard, and literally dozens of other tools you can use to do a vulnerability scan on your perimeter to get an idea where you are at with security at this point. What are your open ports?
   
2. Commonly heard, not commonly followed is the advice that all systems used be stripped of unneeded services and protocols. Unix, Novell, Microsoft Windows, it doesn't matter who – just disable unnecessary or optional services that may open up new problems for you, if you don't need a service or a protocol, immediately get rid of it.

Summary
In this article we covered the basics of preparing for a network attack and disaster. It's a quick assessment; this article's whole purpose is to get you to think about your own network, when was the last time it was tested? Some companies do not have the same process, remember IT is everywhere; computers are in every company around the world. Everyone can use a hand when it comes to assessing security. Let's take a look at where we are at now and think of ways to do better as security analysts. Just because a network isn't, or hasn't, doesn't mean it won't be under attack in the future. Don't get complacent! We covered some things to think about when considering your own network under attack. Stay tuned for more articles!

Robert J. Shimonski (Truesecure TICSA, Cisco CCDP, CCNP, Cisco Firewall Specialist, Nortel NNCSS, Microsoft MCSE, MCP+I, Novell Master CNE, CIP, CIBS, IWA CWP, Prosoft MCIW, SANS GSEC, GCIH, CompTIA HTI+, Security+, Server+, Network+, Inet+, A+, e-Biz+, Symantec SPS and NAI Sniffer SCP) is a Lead Network and Security Engineer for a leading manufacturing company as well as a part time technical trainer. Robert's specialties include network infrastructure design with the Cisco and Nortel product line, network security design and management with CiscoSecure software and PIX firewalls, Systems Engineering with all major operating system platforms and troubleshooting with Sniffer-based technologies. Robert is author of many security related articles and books, including the "Sniffer Network Optimization and Troubleshooting Handbook" from Syngress Media Inc (ISBN: 1931836574). You can contact Robert at rshimonski@rsnetworks.net




Proactive Security


Stories in this report:


• Proactive Security
  
• Security on the Offensive
  
• Baked-In Security
  
• Intrusion-Prevention Systems: Erecting barriers
  
• Supersmart Security
  
• Secure the People
  
• Security Quiz
  
• Security Data Points
  
• Making Security Everyone's Business
  
• 15 Tips for Responsible Computing
  
• How to Plan for a Possible Network Attack
  
• Book Excerpt: Exploiting Software
  
• Q&A: Quality Software Means More Secure Software
  
• No Agreement on Oath Authentication
  
• Freebie Security Scanners
  

Reprinted with permission from

For more security news visit WindowSecurity.com
Story copyright 2006 WindowSecurity.com. All rights reserved.





Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"So far, cloud computing has been a solely Unix, and more frequently Linux, affair. There are some good reasons for..." Read more... "Microsoft is suing so-called "scareware" publishers who bombard people with phony warning messages as a way to get them to..." Read more... Read more Windows posts or See all Blogs



Feds considering changes to H-1B application process in wake of report Exploit code loose for six-month-old Windows bug With market meltdown, which tech firms become predator or prey? More top stories...

The Grill: Privacy is a thing of the past, says private investigator Report: World Bank servers breached repeatedly Apple asks judge to make iPhone lawsuit moot

Health hazards for IT workers -- how that desk job wears your body down Too much junk food, too little exercise and a 24/7 tether to technology? Your body ain't happy, friend. Let us count the pains. NASA robot sends back evidence it's snowing on Mars Instruments on the surface of Mars have detected falling snow that is likely evaporating before it reaches the planet. Wall Street's collapse may be computer science's gain One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs. Installing Linux apps: A few good tips Getting new software installed on Linux doesn't have to be hard, but it can differ depending on what you're installing. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone Windows Protection Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper  Virtual Reality Download this Computerworld briefing, a $49.95 value free, compliments of Riverbed Technologies. (Source: Computerworld) Is your organization facing the struggles of ineffective capacity utilization, growing data volumes, labor intensive storage management, and a need for better disaster recovery? The data center is real, but storage is turning virtual at many organizations that need to manage these exploding storage needs. Learn how your organization can benefit from storage virtualization in this new Computerworld Report, available free for a limited time, compliments of Riverbed. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Business Transaction Management: Facilitating the Management of Virtual Environments Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Prudential Financial protects its brand with Symantec Data Loss Prevention solutions View more whitepapers

• Feds considering changes to H-1B application process in wake of report
• The Grill: Privacy is a thing of the past, says private investigator
• Exploit code loose for six-month-old Windows bug
• More top stories 

Go Green with Webroot® Perimeter Security SaaS! Webroot Perimeter Security SaaS is a powerful alternative to obsolete on-premise hardware based security solutions. SaaS allows businesses to obtain flexible protection through an expert security provider, solving the problems caused by software, hardware and appliance solutions. Benefits include easier manageability, better protection and guaranteed performance –all at a lower cost. Register for your free copy of the "Why Security SaaS Makes Sense" whitepaper and Go Green with Webroot! Download this white paper now!