If you’re an IT administrator reading this right now, you’re probably saying to yourself, “There is no flippin’ way there are hackers in my network – we have firewalls and other security safeguards in place!” While both hardware appliances and security software are a key part of any network – as well as anti-spam, anti-malware, virus protection, web security and the like – it is very possible that hackers have found workarounds for accessing your internal IT infrastructure. We’re going to discuss how hackers have broken through the network security in place at your organization and what you can do to stop them.
One common way for hackers to break through the solid walls of your IT infrastructure is through something known as waterhole attacks. These attacks occur when employees inside your company migrate to commonly visited websites where customized malware awaits dormant until clicked on or even simply hovered over. Sometimes this malicious code will lay in wait until a certain point in time when it may start to redirect users to fake downloads posing as legitimate tools. This code can infect their machines – residing on your network – with malware, spyware, and viruses. In fact, my company experienced this issue firsthand when our Internet Service Provider (ISP)’s home page was infected by a waterhole attack. Even with web security blacklists blocking malicious sites protecting your network, when popular websites on the allowed list like Apple, Facebook, and Microsoft are infected with waterholes (which has happened), it might seem like little can be done to stop this nasty process.
So now that we know how hackers may have gotten past even the most diligently protected networks, what can you do to stop the hackers?
Step 1: Educate your Users
Network and system administrators need to make their users aware of potential web browsing vulnerabilities. You might offer them a list of sites that have been compromised and also ensure that preemptive and proactive scanning of downloaded items occurs consistently from client machines. And though it may seem obvious, simply request that employees regularly accessing sensitive internal corporate data use caution when accessing web sites.
Step 2: Implement Web Security
If you haven’t already implemented this critical security tool in your network – now is the time! Your web protection tool, whether onsite or cloud-based, should proactively monitor web access, prevent and defend against letting harmful data both inside and outside your network, and be able to alert admins to any potential network breaches. One possible solution that can work hand in hand with your other web security tools is the implementation of Tegoh’s Intelligent ID. Intelligent ID’s Identity Activity tool “offers visibility as well as precision, monitoring endpoint activity for keyword usage, file usage, and browser usage that could indicate a potential threat.”
Step 3: Know your Network
As the popular saying goes, “Knowledge is Power”. As an administrator, being knowledgeable about the inter-workings of your IT network is crucial. If you don’t know how every piece of your IT puzzle fits together, then it may be hard to ascertain when there are missing or extra pieces. A place to start in gaining this network awareness is through network documentation, via a Visio or similar diagram. Secondly, utilizing network monitoring tools that do the following – monitor and track network traffic flow between IP addresses and other endpoints, define allowable ports and traffic, and tools that alert to unauthorized activity – should be put into place to increase familiarity with your network. Another common vulnerability that needs to be addressed – even with these other safeguards in place – is protecting against inside hacking. Administrators can prevent their network from being hacked from the inside with Intelligent ID. It “protects your organization against insider threat(s) by monitoring file and user activity across multiple channels and alerting administrators to abnormal or potentially risky behavior on your endpoints.”
Now that you are armed with the awareness, tools, and knowledge to protect against hackers, you should be able to breathe a little easier knowing that network intruders will receive a firm, swift kick right out the door of your network infrastructure. And with preventive tools like Intelligent ID in place – you can permanently slam the door to your network infrastructure closed – and keep it firmly shut and securely locked and protected.Tags: intelligent ID, IT Infrastructure