Recently the IT news media has been abuzz with stories about the loosely-organized hacker group named LulzSec, their declaration of “war” against government and banking companies and their delegation of attacks to more secret groups. While the security industry is still analyzing the implications of these attacks, Alliance Technologies deemed it wise to send a few security suggestions to our clients in the financial sector. But first, we’d like to clarify the threat. The threat is not from LulzSec specifically.
The threat stems from the fact that this activity is being tolerated and, in some cases, actively encouraged by groups of high-profile hackers and some segments of the media. As a result, more and more people are affiliating with these groups to launch their own attacks. This means that attacks against financial institutions, and the resulting thefts and information disclosures, are on the rise. At this time it is believed that attackers are focusing on very large banks (high profile targets) and very small banks (poorly-defended targets), but it is also expected that attention will shift towards medium-sized banks over the next few weeks as the scope of the attacks widen.
While it is impossible to achieve 100% security, the following suggestions may be of use to you and your business. There is nothing new in these suggestions, but the success of these groups demonstrates that a large number of organizations are still not following basic security recommendations, so perhaps it’s time for a reminder. There is much more to securing your environment than just these four areas, but if you act on these four quickly, you’ll have bought yourself some time to implement more complex technologies and processes needed to secure your business.
1) Use Different Passwords Everywhere
A large number of recent attacks have taken advantage of the fact that many people share passwords between sites. This must not continue. Every shared password you use is akin to leaving your vault door open and your doors unlocked overnight. Each site and system must have a unique password. Ideally, this password is highly complex, is at least 12 characters long, and contains multiple symbol types. Keeping multiple complex passwords means that it might be necessary to consider a password management tool. The management tools listed below are worth consideration:
2) Delete Everything You Do Not Need
These hacking groups are specifically targeting email archives. They are looking for any information that can be used to cast you in a negative light. Their interest is in headlines, not fairness, so do not give them any additional ammunition. To minimize the chances of a negative outcome, we strongly encourage each of your employees to take a “clean up day” to remove old data. If you must keep old data, burn it to a few DVDs and store them off-line in a safe or safe deposit box. Off-line data is much more difficult to breach. It’s even harder to breach if it’s off-line AND encrypted. More important than simple data cleanup, if you find you have lots of data that must be kept, it is time to strategically implement a data management program. These systems can be complex, but are integral to preventing your data from growing out of control again. A data management system is the key to keeping old data organized and safe.
3) Protect Your Websites
Many attacks today are targeting websites using a hacking technique called SQL injection, which functions by passing commands to a server through forms on a website. Though defense against these attacks isn’t difficult, few businesses bother to protect themselves by ensuring their websites are properly sanitizing their input fields. The best way to protect against them involves reviewing your source code to ensure that this is done.
However, since this relies on a lengthy audit process, it is not a practical short-term solution for many businesses. If that’s the case for you, a web application firewall (WAF) is a quick and viable option to buy time. Alliance has been evaluating WAF products and can provide guidance should you desire.
4) Protect Your Endpoints
Another common vector is to attack endpoint systems using a Microsoft, Adobe, or Java exploit. You must regularly patch all your systems. There is no cost involved for patching unless you wish to automate the process or use an outside consultant to perform the work. Spending a single week making sure that all systems on your network are patched will do more to protect your organization from attack than almost anything else you can do.
Once your systems are patched, run a full anti-malware system on them. This should include anti-virus, suspicious behavior detection (HIPS), local firewall, application control, and basic web protection. The low-end anti-virus only solutions are no longer sufficient to protect your systems.
Next, you should remove administration rights from every account you can. If a user with admin rights gets hit with a zero day exploit, it can turn off the anti-malware system and wreak havoc on your network.
Lastly, once your systems are patched and secured, set up a regular patching schedule to keep your systems up to date. This process can be automated with software or added to a regular maintenance list for your technical staff.
This article is presented by Iowa-based, Alliance Technologies. Alliance provides a complete line of technology products and services to fulfill the needs of individuals and corporations of all sizes.