(This article comes from a newsletter we sent to potential clients over the last year or so, the information was current when the newsletter was published, but may be slightly dated if you are reading this for the first time today.)
Upping The Ante
Two Security Technologies You Need TODAY
By Mitchell R. Sowards
If you have read some of my previous whitepapers, you will know that ENTRUST is very proud of the way we go above and beyond our competitors in ensuring that servers and workstations under our care are SECURE, RELIABLE, and OPTIMIZED. And yet, we have lately observed that despite the many traditional tools we have deployed and the extra care and attention we deliver, it is becoming harder and harder to defend our customers from unceasing attacks by hackers, malware, and zombie-slave botnets. So now it is time to “up the ante” in the arms race with the bad guys! Here are two technologies you need to be deploying TODAY before it’s too late.
Massive New Threats
ENTRUST has witnessed the rise of some massive new threats which are threatening our customers and costing them thousands of dollars. Here are the two most important:
1. Huge and continuous attacks. We are witnessing firewall and penetration attacks occurring hundreds or thousands of times per day for any given customer. An automated system can attempt 30000 passwords per second. At that rate a weak Administrator password will be discovered in short order.
2. Drive-by Malware. The most common attack vector in the past used to be email. But today, the most common source of malware infection is simply visiting a (often legitimate) website which has been compromised by malware. The user need only allow their mouse simply to cross over the affected portion of the screen and WHAM! the attack is launched, easily traverses your firewall, and attempts to penetrate the user’s computer defenses (antivirus software).
In the face of these new threats, the old standby protections of good firewalls, good password policies, and antivirus software are proving unequal to the task of defending your systems. New, recently affordable technologies such as TWO FACTOR AUTHENTICATION and CONTENT (WEB) FILTERING are the weapons you can use to protect yourself.
“Two Factor Authentication”
One of the great things about the advent of the internet is “remote computing”.
Branch office personnel can leverage central office resources.
Salesmen and other travelling field staff such as construction supervisors can connect back to the office from just about anywhere.
Employees can work from home.
In the IT industry itself, it’s an enormous benefit for companies to receive remote support from technicians without having to wait for them to get in their vehicles and drive to a problem location.
On the other hand, making remote computing available to legitimate and authorized users can leave you open to unauthorized access. For example, you don’t want any of the below accessing your systems remotely!
1. Criminals, including hackers and their automated zombie-slaves.
2. Former employees!
3. Former IT providers!
4. Even current employees who don’t have a legitimate need.
The typical tools for protecting yourself from unauthorized remote access include strong passwords, firewall policies, and virtual private networks. But if a single password is compromised, then all of the above unauthorized users can gain access by using a pilfered (or guessed) username and password combination. The solution is to allow remote access ONLY via Two Factor Authentication (TFA).
TFA means using two independent authentication methods to increase the assurance that a person has been authorized to access a secure system. One authentication method is something the user knows such the user id/password combination. Adding any 2nd method , such as an ID card or a physical token which is something the user must have, almost eliminates the chance of unauthorized access by all of the above 4 types of unauthorized users. You can also use biometric data like fingerprints as a 2nd authentication method.
ENTRUST recommends the use of inexpensive “tokens”. A common token type is the CryptoCard as shown below:
You purchase the tokens, install some software on your network, and issue tokens to legitimate remote users. A token is uniquely associated with an individual by a PIN code created at the time the token is initialized. Then, at the time users attempt access they will need to provide both a valid user id/password AND a unique code (which changes every few seconds) displayed on the token screen along with their unique PIN known only to the token bearer. Look how this simple technique defeats almost all unauthorized users:
1. Hackers will never, ever be able to gain access simply through brute force password attempts. They don’t have a time limited token code and will never have the matching PIN. (Only if a token is somehow stolen along with the corresponding PIN code will you ever have a risk. And as soon as you know about it, you can disable the token!)
2. Former employees – their tokens are retrieved or disabled upon termination.
3. Former IT vendors – their tokens are retrieved or disabled upon termination of their services.
4. Employees not authorized for remote access – are never issued tokens in the first place.
So you can see how the two factor authentication process can completely protect your network from penetration by unauthorized remote users/attackers. But what about the other problem of increasing attacks practically invited into your network by legitimate internal users? That’s where Content Filtering applies.
Content (Web) Filtering
Some days we find it very discouraging that despite having fully up-to-date and functioning antivirus and antispyware software installed and despite thoroughly scrubbing PCs on a regular basis (even nightly), we observe the incidence of infected machines is increasing. It often takes two or more “cleaning” tools to remove an infection. And sometimes nothing short of a full wipe and reload of the computer will do the job. On the whole, cleanup is an expensive process. Further, here are some discouraging statistics:
According to the website TopTenReviews.com:
1. 20% of men and 15% of women admit to accessing pornographic material at work.
2. 1 in 3 visitors to adult sites are women.
3. 42% of Internet users view pornography.
4. The average employee spends 4 hours a day online at work, 26% of which is non-business related surfing, or roughly 4 hours per month.
5. The pornography industry accounts for greater total revenue than the 6 top technology companies combined (Microsoft, Google, Amazon, EBay, Yahoo, and Apple).
6. 25% of daily search engine requests are pornography-related.
7. 35% of all monthly downloads are pornography-related.
So, what’s an organization to do?
At least one possible answer is to clamp down more tightly upon the websites you allow users to visit. Because while legitimate sites can indeed get hijacked by malware, it’s far more likely that users are visiting sites with no legitimate business purpose such as sports, music, shopping, gambling, or pornography and getting infected through those sites. And so, even if you have a policy against improper internet usage, the time has come to put in place technology that allows you to enforce the policy.
The way you clamp down is through “content filtering”. Essentially you purchase a device or pay for a service through which all outbound internet traffic is routed for examination. Users are completely blocked from visiting unauthorized websites. The device or service will come with a built-in list of blocked sites. The block list is perpetually maintained and updated by the vendor in return for an annual subscription fee for purchased filtering devices or as part of the monthly fee for filtering services. Of course, you can add your own blocked sites and you can unblock sites you wish to permit. So, for example, even if you believe Facebook or ESPN to be perfectly safe sites, you may wish to prevent your employees from wasting business time and business internet bandwidth on those websites. In addition, content filtering products can provide detailed reporting of how much time users spend even at permitted sites. This type of reporting helps you decide which sites need to be blocked and perhaps which employees just need some cautioning instead.
You can see that the ultimate solution to preventing “drive by” malware attacks is to use Content Filtering to completely prevent your users from even being “in the wrong place” at all. An added bonus is recovering the internet bandwidth and worker productivity which is currently being wasted on non-business surfing. So, in summary:
Your systems are being attacked hundreds or thousands of times daily and you are at great risk from unauthorized access by former employees or former IT vendors.
YOU SHOULD INVEST IN TWO-FACTOR AUTHENTICATION to absolutely protect your systems from unauthorized remote access.
Your users are probably wasting inordinate amounts of time in non-business internet surfing and even if at presumably “innocuous” sites they are inadvertently allowing malware to penetrate your network and attack and infect your systems. The repair costs and lost productivity costs are probably adding up to thousands or tens of thousands of dollars.
YOU SHOULD CONSIDER IMPLEMENTING CONTENT (WEB) FILTERING TO PROTECT YOURSELF AND MINIMIZE THESE LOSSES.
ONE MORE THING: (TFA and Content Filtering are not new technologies. But they are newly affordable. So NOW IS THE TIME, to wield these weapons against the bad guys.)
Learn more at: www.ntrusts.com
Contact us at: [email protected]
Call us at: 866-863-4738