Once your computers, switches, firewalls and routers are all patched now what?
All your devices on the Internet have been tested and configured correctly. And thus they are about as secure as can be. Now what?
Assuming the desktop and servers are patched and antivirus software is installed is there anything else to make you more secure?
For Servers there is “tripwire” which is a program that notifies you whenever there is a change on the filesystem. (this is obviously not for the desktop). Make sure your backups are working. This means actually testing a restore and recover on a separate system.
Assuming all of that has been done. (Backup, Anti-Virus, and file changing software alerts)
Now there is still the IPS systems as well as more advanced logging systems. These systems are another layer of defense. The problem with additional systems is that the network resources(i.e. people watching) must be available for you to add new security systems. If you buy a new system but no one checks it then it is not very useful.
So the next steps and in fact all steps are budget driven.
The hackers figure out what you have and change tactics accordingly. It depends on your budget, i.e. what are you defending?
A budget for an extra security person has to be justified with protection of high value targets(credit card numbers, health information, other databases, or business secrets).
If your work perimeter is in good shape, the hacker will try to attack at home. Attack on the road. Social engineering the users which sometimes give up good information in public areas(Facebook, LinkedIn, other social media) which allows the hacker to attack better.
What is the most effective method of attack by hackers? Phishing and targeted emails to make you click on stuff(Spear phishing). Once you click on something even though you are patched and looking good, there is still a chance this could be a Zero-day attack for which there is no defense.
The human element of clicking on stuff or going to ‘bad’ websites is something that really has no 100% effective defense. We can attempt to mitigate this by patching and installing AV products. But some attacks are wily and will make it easy for criminals to attack your machines.
Image from Korea Joongang Daily
Korea had an especially bad spate of spear phishing in July.
The difference of “spear” phishing versus standard phishing is that it is targeted to you. The hacker has done some homework from your public information(LinkedIn, Google and others). And is using that info to make you click on the attachment or link.
Unfortunately they work. So we must learn and teach these methods, but let’s face it not everything will work. So the backup and restore is an important part of security defense.
Contact US to discuss