Response is as important as resolution in a network breach
Last week, it was announced that several congressional offices had been hacked, with the hack originating from a Chinese IP address.
The incident reminded everyone who administers a public or private network that security breaches and intrusions are ever-present threats - and that how you detect and respond to these threats can be as critical as the threats themselves.
The first step should be thoughtful assessment of what is transpiring. For instance, it is easy to confirm that the hack came from China because of the Chinese IP address - but is there sufficient evidence to prove that it was actually the Chinese government? The IP address could have been used by another entity, or even by a mischievous teenager.
Security breaches demand sound fundamentals. If you get hacked, investigate and solve the issue at hand, and don't forget that how you communicate the situation to your inside users and the outside world is just as crucial as technical problem resolution.
Second, sites should be conducting regular intrusion detection, monitoring and reporting of their networks. This includes daily monitoring, and also quarterly vulnerability and penetration tests - combined with annual intrusion and penetration tests conducted by an outside audit agency. Most of the time, you will find network vulnerabilities. These can be remedied by inserting multiple firewalls, following industry-suggested security guidelines and educating internal users on proper security procedures.
Third, there should be an escalation process that brings in security specialists when there is a potentially sensitive network breach. Government agencies and officials possess sensitive information. Organizations like the National Security Agency (NSA) can help in situations like these.
At the end of the day, it is up to all of us who work with security and technology to take appropriate steps to protect our networks. This begins with sound ethical hacking practices that show us the natural vulnerabilities of our networks so we can patch them, and progresses into effective analysis, assessment, response and communication of a network breach until the crisis is resolved.
Richard Landrigan teaches Certified Ethical Hacking at NetCom Information Technology a national IT training company headquartered in New York City. Mary Shacklett is President of Transworld Data, an international IT marketing and technology consulting practice.
» posted by jroberts
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
