Top 5 Network Security Breaches
- Open Ports – Ports are different doors to your computer. Each computer on the internet has an IP Address that is that computers unique Address. Similar to each house in the US has a unique mailing address for its zip code. Once you talk to a computer there are several ports or doors that are used to access it. For instance port 80 is for internet content, port 3389 is for remote desktop communications, port 21 is used for FTP.
A good firewall is the best way to protect yourself from hacking attempts that take advantage of unguarded ports.
A firewall is your first line of defense and it is very important in a business environment.
There are three main types of firewalls you can use:
Software Firewalls like the one built into windows or Zone Alarm
This type of firewall is better than nothing but it can easily be compromised via the other security breaches I will describe below.
Hardware based firewall built into your router
This type of firewall is generally sufficient for the home network. Depending on the brand they can be difficult to configure or lack some protection so you should always do your research and make sure you do not buy the cheapest one you can find. You get what you pay for.
Enterprise/Commercial hardware based firewall
The most superior of them all. This high end firewall is very complex and not something you should just purchase and try to setup yourself. These firewalls also have VPN support built in so multiple business locations can securely be on the same private network over the internet without fear of data snooping or loss.
- Malicious websites – Websites can actually install spy-ware, Trojan horses and tracking cookies without your consent.
Spy-ware is software that is classified as any piece of software that basically takes control of your computer behind the scenes to do anything from tricking you into buying fake anti virus software to sending emails to everyone in your list to spread itself.
Trojan horses do as the name suggests, they allow a hacker direct access to your computer without your consent. From there they can snoop through your files, delete things pretty much anything you could do.
Tracking cookies track your whereabouts and utilize that information to target pop-up ads while browsing the internet.
The best way to protect yourself is to only access business oriented websites on your business network. Yes this sounds obvious but so many people think sites like MySpace, Face-book and other sites they happen upon via Google are safe.
The next step is to always make sure your operating system and internet browser have the latest updates. Microsoft releases updates EVERY Tuesday. If you don’t notice an update being installed at least once a month you should make sure Automatic Updates is turned on. There are constant security fixes being implemented in all browsers.
A popular misconception is that Apple computers have no worries. This is not true, so few people use Apples the average hacker is not targeting them because its a waste of their time. As Apple takes a bigger chunk of the market via phones, tablets and computer sales there will be a bigger threat. You should always been on guard.
In a business environment you need a content filter. The content filter has very flexible settings. The filter works off national black lists that block users from accessing known dangerous sites. Also the filters can have white lists and restrict content on broad topics like gambling, nudity, games, etc..
- Email Links – To this day malicious software installed on computers via links in email is still a huge problem. These links take you to those malicious websites I already spoke about and install things on your computer.
The number one way to fix this is not to open emails from people you do not know or businesses you have never heard of.
In a business environment an advanced firewall can also automatically filter out malicious emails.
- Viruses – These days viruses are getting harder and harder to come by and usually are transmitted via one of the above security breaches. However these can still be transferred via files sent to you by people who do not know they are infected.
A good virus scanner is the best way to protect yourself. AVG is a very reliable anti-virus and it is free. Microsoft has recently introduced Microsoft Security Essentials, which is currently rated #1 and recommended for all home use by Skynet Solutions.
In a business environment we recommend purchasing AVG and utilizing the built in scanning of viruses in emails via an enterprise firewall.
- Wi-fi – Yes your Wi-fi is not safe. Anyone sitting within range can break your encryption. Modern day encryption used by 802.11n is very strong and it would take 2 hours of sniffing your constant traffic to crack. However, it is possible and the risk should not be taken lightly.
A good best practice is to limit the connections to your Wi-fi via Mac Address. This is just a barrier that will help. This again is not fool proof and only slows the hacker down.
In a business environment there are two things you can do.
- Setup a separate zone that is isolated from your internal network so even if compromised the hacker would not have access to your internal network.
- Setup an encryption rotation server that will rotate the encryption key every 15-30min making it virtually impossible for any hacking attempt to succeed. This method requires a server and a domain controller.
(Source: Skynet Solutions)
By Jed Parmenter