Network Security is Critical for Data Security

"Data is your most valuable asset." I'm sure you've heard this saying. You may even call it a cliche. You know what they say, it's a cliche.


It's important that you and your team take great care to protect mission-critical data. The data you keep about customers and sales and the employees who work for you. You log it and back it up. Then you replicate it. Backups are made off-site and there are redundant systems.


You must ensure that users are authenticated with the correct rights and privileges. You create views to allow users to view only the relevant data. You have done all that you can so you can rest at night.


You may be missing the obvious. Consider this another cliché: "You are only so secure as your networks." Obvious? Perhaps. Perhaps.


Verizon issues each year the Data Breach Investigations Report. Based on data supplied by the US Secret Service and security agents in Australia, England, and the Netherlands this report was created. They have identified 855 global incidents that compromised 174,000,000 records for 2011. Over 2000 incidents with over 1 Billion records have been identified in the eight-year history of the report cisco Panama.





Keep in mind, that these are only incidents that these agencies have detected. The actual number is certain to be exponentially more.


What the DBIR reveals about the incidents uncovered is crucial. 98% were external agents. 81% of breaches involved hacking techniques and 69% used malware. However, only 5% were caused by privilege abuse.


While I do not deny the danger from within, there are serious consequences for employees if they engage in illegal activities. Worse, only about 8% of incidents can be detected internally. You may not be able to identify if you have been compromised until you speak with a third party. This raises suspicion that there are many other breaches that happen and that they are never detected.


Let's take a moment to consider the following. According to the DBIR, 96% of breaches weren't difficult and 97% can be avoided through simple or intermediary controls. 97% of the victims who fell foul of the Payment Card Industry Data Security Standard were not in compliance. PCI DSS is designed to protect cardholder data from debit, credit, pre-paid, ATM, epurse, and Point of Sale(POS) cards.


Alarmingly only 29% of PCI DSS-covered companies have set up a firewall to protect their data. I can understand your concern. You must be talking about small businesses. In large part, yes. However, the report found that only 71% of large organizations had firewalls. The impact of a cyberattack on large companies can be devastating, so it is quite shocking that 29% lack firewalls.


While large organizations may be more compliant with having antivirus protection, 86% of them are better than the 23% for all other organizations. To put it another way, 14% (larger) and 77% (77%) of all PCI DSS protected organizations don't implement virus scanning.


Protect yourself and others. Based on these figures, it seems like there are many potential Typhoid Marys.


Let's examine some of the hacking threats most commonly encountered that you need to be protected from:


SQL Exploit is an attack on a website's database. An SQL Statement that results in undesired outcomes is attached to a field input.


A typical login script creates variable values that are equal to the input for a user name and password and then adds them together to form a select statement. The statement is executed in order to determine if the combination of these values exists.


Consider that the userid value is "ui" and your password value is "pw'drop table user".


This would make the statement:


Select * from users where password="pw" and userid="ui” are used


The system would execute 2 statements. The first was the select lookup followed by the statement dropping the user list. Ouch!


Guessable Passwords: Although large organizations have standard procedures which require the change of default user passwords, this is still a top breach for small companies.


MySQL Server, for example, has root as the default user with no password.


It is possible to be vulnerable if your password is not changed after installation.


Even if it is not mandatory, use a strong password with combinations of letters/numbers, case and special characters. A lot of people will use a guessable password, such as the current monthly or even the "password" itself.


Keylogger There is a wide range of malware programs that can capture keystrokes and other information from a user's computer or at a site. They can not only capture passwords and user ids but also any other data being entered.


Brute Force or Dictionary Attacks?Brute Force works against encrypted data. This technique allows you to exhaust all possible options until you find one. A Dictionary Attack is similar but works from a list. A list of common passwords like "password", which can be used for months, years or even decades, is one example.


Backdoors: An backdoor allows you to bypass the standard authentication process. Hackers capitalize on the fact computer programmers and developers create backdoors while they develop, but fail to remove them from production. Malware is able to identify and create backdoors that can then be used later.


Even if you use antivirus and firewall protection, you might still be vulnerable. Antivirus protections tend to only target exploits and viruses that have been added to a "blacklist of known viruses."


That's not all that bad. However, there are roughly 50,000 new system exploits and viruses released each day. You are always playing catch up, even though they eventually update the blacklist.


I prefer protection using a "whitelist concept" and sandbox. The technique involves comparing program files with a list that contains valid files. Only files on the list are allowed to run within your system. The scanner may run a program in a sandbox if they have suspicions.


Secured Socket Level (SSL), as well as SSL Certificates, are critical if your web site handles sensitive information. SSL provides secure and encrypted connections between your browser and your web site. SSL Certificates authenticate a web site's authenticity for the user.


SSL Certificates come in a range of prices that are affordable.


An Extended Validation (EV SSL Certificate) provides the highest level authentication.

If you have multiple domains, a Wildcard SSL could save you money. One wildcard SSL can cover a website and all of its subdomains. You can purchase a wildcard SSL that covers both sports.judgeco.com AND judgeco.com.

Unified Communications SSL Certificates (UC) can be used for multiple domains and hostnames. A single UC SSL cert can be used on a primary domain, as well as up to 99 other names. They are popular for use in Microsoft Exchange and Microsoft Live servers.

 

Comments

Post a Comment

Popular posts from this blog

Security and Network Infrastructure: Is It Really Worth the Investment?

Image
There have never been more requests confronting the present organizations than any other time, particularly with regards to arrange activities. Having the option to stay with up with your's cell phones, supporting a safe organization climate, and spanning network in contemporary office settings is difficult, not to mention keep up with as long as possible. However, is it actually that critical to put resources into network foundation, when it appears to be that innovation outperforms the organization framework set up?   Albeit each organization has its own exceptional difficulties, it is essential to recall that network foundation and security are significant in keeping activities and applications moving without a hitch. A strong foundation will give fast reaction time, magnificent organization strength, consistent equipment and programming coordination, network accessibility, solid distant network, and will likewise oblige a smoothed out and dynamic framework. In a perfect wor
Read more

Broadband Internet For High Speed and Fast Internet Connection

Image
 Consumers today want fast Internet access for a wide range of activities. These activities can be personal, such as downloading files, listening online to music, and sending and receiving email. The most important factor for users looking for an Internet solution is speed. It must be broadband Internet service when talking about high-speed Internet connection. What is a broadband connection? Broadband refers to an Internet connection that can download files at a rate greater than 256 kilobytes per minute while simultaneously transferring data. Because it has a high speed of data transmission, it is sometimes called "high-speed" and "premium Internet". A broadband plan allows users to have faster and better quality access to the internet than dial-up. In terms of speed, data transmission rates and cost, broadband is significantly faster than dial-up. Many companies offer broadband service, from large national corporations to smaller local companies. Broadband Intern
Read more