Open IT Forum: Are you on hacking offense or defense?

Business Intelligence
Lotus Domino
Microsoft Exchange
Microsoft Windows
Open IT Forum
SQL Server
Windows Server
Sony isn''t the only company getting hit hard by hackers. Sega just joined the bunch, and Lockheed Martin's breach is still fresh. How does your company set up a strong offense against hacks and breaches? Or, if your company's security has been compromised in the past, how did you respond and set up a sufficient defense? I'd love to hear how you recommend these companies react to these very public data breaches, and how you'd advise other companies to avoid being sitting ducks. Share your advice or experience, and we'll share 100 Knowledge Points!

Answer Wiki

Thanks. We'll let you know when a new response is added.

internal and external testing for security holes
proactive approach for fixing security problems
all the updates and patches need to be downloaded, installed and configured on time (right away after update patch get published)
Security hardware upgraded annually or at least once in 2-3 years

Discuss This Question: 8  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ErroneousGiant
    encryption, encryption, encryption. After that pretty much the usual.
    3,120 pointsBadges:
  • ErroneousGiant
    these very large breaches occur because of a poor risk management stratergy from upper management (usually) just because something has a very low probability of happening doesn't mean it won't be catastrophic when it does eventually happen. The key to security is realising that a hacker/attacker isn't looking for anything you've done right, they just need the one thing you've done wrong. Even if it's a small thing it can be enough to socially engineer more errors or access. 1 tiny low risk hole in security isn't the end of the world but 3 or 4 are because cumlatively they become a large stack-o-fail.
    3,120 pointsBadges:
  • Chippy088
    Most times the weakest link is the user. Because they think you have the system well protected, they don't care where they browse, or what they download. They are, in the main, non technical, and think it's covered, or have not been made aware of the dangers. The attitude being, I haven't had a problem at home, so what harm can it do. I have seen many small companies who regard the user as a minor consideration when making security decisions. Social networks are a source of back door entry points into companies, that are now raising their public profile, by joining them to advertise free to a larger wider audience. Once users, within the company can log in, (to see the latest company advertising,) they will get tempted to wander. Finances make that decision, and the techies have to make it happen. Aggressive methods are also needed. Company policy should consider penetration testing methods. If it is done within the company, cost could be kept to a minimum. Many of us IT types have a big interest in it, and keep up to date on the method hackers used. It is a fine line between poacher and gamekeeper, and the gamekeeper can only do his job by knowing what the poacher is up to.
    4,625 pointsBadges:
  • ErroneousGiant
    I would have to agree with Chippy088 in that the weakest link is often the user, but as administrators of the environment (not just the network) it is our responsability to either put in place means of preventing users from putting the company at more than accepted risks or to educate the users about the risks. Users trawling around random sites and upper management making poor decisions can only sholder blame so far. The IT team are just as responsible for any breach by either not verify security properly, not having the correct security in place, or not shouting loudly enough if it's not in place. The kicker is when you have shouted enough and you are purchasing the equipment..... and then get hit (this happened to friend of mine in Sydney a year or so ago).
    3,120 pointsBadges:
  • James Murray
    As technicians sometimes we get lost in technical solutions to solve every problem that on the surface appears to be technical. In reality this is a risk analysis problem that needs to be understood and then addressed by management. There are industry standard, business methodologies for auditing and identifying risks within any department including technology groups. We all know that users inside and outside the organization are going to attempt to breach security. (Whether they mean to or not) Therefore we have to plan that it will happen, and not be surprised afterwards that it did happen. Our job is to devise systems that will keep the 98% of attempts made by amateurs and the ignorant from being effective. Then plan contingencies for the 2% who we can't stop from breaking through our security. Users naturally wander the infrastructure in places they shouldn't. Most users assume that the technical planners were smart enough to keep them out of the places they shouldn't be going. If we aren't that smart, I'd say that we have to shoulder some, if not all of the blame when the front desk secretary notices that he/she has access to the payroll records for the company. Is it a surprise that he/she might take a peek at those records? In my mind it is the IT group that is the problem not the secretary. But what if we unwittingly do hire a hacker to be our front desk person? Or a group of hackers takes interest in our organization? We need contingency plans. Once the walls have been breached, have we created a new security walls for possible entrance points? Do we know every hole that's been created in our first security wall, so that we can close it up in the same way a castle drawbridge is raised when there is an attack? I've found that the most technical people in the organization are the most arrogant about their own security risk. It's been documented in many hacker articles that there are 10 common admin passwords. The two most common admin passwords are still are "Password" and "P@ssw0rd". 8 out of 10 networks I audit, have given administrative rights to their service accounts. Often the administrative account is also a service account. Most administrators fail to see this as a real problem? Why are system administrators even running with the system admin account? That should be a backup account locked in a safe. Each system administrator should have their own account so that their activity can be tracked on the network. Password changes need to be enforced on the network, yet most organizations never change the Admin passwords or their service account passwords. Yet how often are these accounts, A) Given admin rights B) A common service account password C) Documented in a spreadsheet that is accessible to the entire IT group. So if the service account has administrative rights to the entire network, knowing the service account password gives access to the entire network. A common problem is that changing the system administrator password when the old System administrator leaves, certain applications coincidentally stop working? Before trying the benevolent hacking route on a system, I will perform an IT audit, security audit and business process audit. I think a benevolent audit is very exciting and demonstrative, but if you know the tactics used by the hacker, it's just easier and less expensive to just identify the paths the benevolent hacker would take to break in. Some of the most obvious mistakes I find, Administrative accounts being used by multiple people Common knowledge within the organization or IT department of the Admin password Tracking turned off on corporate data files Service accounts that are compromised or are the Administrator No Security Policy documented No documentation on security groups, policies and/or explicit rites Inconsistent backups Poor understanding of router and firewall ports Only one security wall between the corporate data and the internet Red flags during the audit The front desk person knows and shares with me the administrative password for the network. The manager says, "We trust all our employees, so we don't need to worry about security." No documentation for the security model describing the network data structure No documentation around the physical topology of the network No hardware or software inventory on the network No documentation on the open ports for the router or Firewall Servers and workstations are months out of date on their security patch levels Timing errors on the server In answer to the original question about how companies can avoid being a sitting duck, I'd have to recommend: A) Continuous auditing within the IT groups. Focusing specifically on corporate requirements, industry best practices, corporate policies and procedures, policies B) Then reviewing contingency plans in case of failure and security breaches. C) Finally assigning a “Security” role that focuses specifically on the organization's security. This role would be responsible for reviewing corporate security policy. As part of that responsibility would continually gather security requirements from departmental stake holders, manage security audits within the organization and maintain a discussion around these issues within the entire business organization.
    1,795 pointsBadges:
  • ErroneousGiant
    Wow, a lot of great stuff there Ekardris. One thing I would point out is that the general business model for dealing with risk often is ths worst way to determin risk. Fantastic interview here with Brian Snow who was the technical director of information assurance for the NSA in the US on this very subject. Very informative.
    3,120 pointsBadges:
  • MelanieYarbrough
    This is a lot of great information! Thanks to everyone for sharing. I've added everyone's points so far, but keep the discussion going! -Melanie
    6,345 pointsBadges:
  • Don’t pass the buck: Security policies straight from the community - Enterprise IT Watch Blog
    [...] setting up a sufficient defense in the case of a successful breach. We threw out the line, and the IT Knowledge Exchange community responded with some priceless opinions and advice. Does your company have a vague security policy or some [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: