The Razors Edge: Too Much Security vs. Not Enough Security

How much is enough, well that is a trick question. Implementing and managing network security and access control is a slippery slope. Too much security and business screeches to a halt. Not enough and you are working for the bad guys. So, let’s apply some Common Sense to it.

The 12 Secrets of SMB Security

Secret #9: Implement Network Security with Access Control

Cost: Moderate to High depending on the options selected

Technology skill level: Moderate to High

Participants: Technical support and all network users

Though an organization’s technological environment is often referred to as “the network,” in reality it is a collection of pieces put together in a certain way to meet the technology-specific needs of that organization. Good network security requires access protection for each component on the network including firewalls, routers, switches, and all connected user devices. Otherwise, anyone who could reach your network could locate and harm the network components and services. In addition, remote and portable devices should be required to authenticate themselves to the network so that it is possible to limit who can see and access the network services such as databases, shared files and printers. Access to important data should be limited to the relevant users and should not be made available to all employees. This not only helps in preventing sensitive information from leaking out but also prevents unauthorized persons from intentionally or unintentionally corrupting the data.

A firewall acts as a buffer between the components of your network and the external environment. It helps in keeping out undesirable and harmful content from the network. Other techniques, such as proxy servers and network address translation (NAT) can help in further adding protection limiting the information an outsider can have access to. This helps in preventing them from learning about the components used in your technology environment making it more difficult for attackers to find vulnerabilities.

The more access restrictions you can legitimately place on your network using blocking capabilities within the firewall and other similar services, the easier it will be to keep it secure.

Special Considerations

Good access control is critical for wireless access since use of this type of connectivity is less visible. It is not uncommon for someone sitting in a car in the parking lot to be able to access an unsecured wireless network and destroy or damage everything on the entire network. You may have a wireless or remote access (dial-in) connection to your network and not realize it, since many vendors install them to provide remote support capabilities.

The ability to reach and use services on your network from outside (called remote access) is extremely valuable for traveling employees, suppliers, and customers. Remote access also allows technology vendors to provide support for critical network services quickly without having to travel to your site. Employees can and do add remote access devices (dial-in) directly to their computer so they can work from offsite. Use of this type of network access requires careful control, or anyone who happens to find the access point using simple scanning tools can get into the network and alter or destroy information. Instant messaging, chat sessions, and music-sharing capabilities establish other routes (peer-to peer) into the network, bypassing many of the traditional network security mechanisms. These options are a growing source of harmful codes and must be used carefully.

What Happens without a Good Network Security?

Attackers are constantly putting up devices on the Internet with programs such as query functions which looks for weaknesses in your system. Unprotected systems are infected within minutes after connectivity is established especially when Internet access is available through cable modems, digital subscriber lines (DSL), or other high-speed connections. As we know, one infected device can put all other devices on the network at risk since it can be used as an inside source for locating weaknesses in the network and attacking them.

Unfortunately, not all attackers are external to the organization. Jealousy makes people do irrational things. Employees can compromise fellow employee machines using tools readily available from the Internet when there is poor network security. These tools allow them to spy on others’ actions, view information outside of their job function, stalk and harass others, and plant inappropriate content on others’ machines. This is one of the simplest ways to exact revenge from the person you want to without getting caught. The best way to avoid such a situation is by being more aware of cyber security practices.

Access to each component on the network should be limited to protect it from improper access and harm. Basic access protection can be implemented using strong passwords.

Establish procedures to turn off the file and printer sharing feature on each computer unless it is in use, particularly when accessing the Internet using cable modems, digital subscriber lines (DSL), or other high-speed connections.

Instruct employees to disconnect from the Internet by turning off the online session and turn off their computer when it is not in use.

Access to network protection devices such as firewalls, switches, and routers should be further limited to only those individuals responsible for the maintenance and support of these components.

Knowledge of the passwords for each component should be limited to two people–the primary user and the person responsible for creating and maintaining backups.

Try and ensure that the vendor providing component support should exercise the same level of caution.

Do not select the option on web browsers for storing or retaining user name and password.

Make sure that authentication for wireless and remote access is required.

Additional Steps

Consider the use of smart cards or other hardware tokens for remote access to network-critical components, especially the firewall, switches, and routers. Educate employees in the use of these devices along with the reason for their use, and assign the responsibility to the employee in the event of loss or destruction.

Get technical assistance to establish intrusion/detection monitoring to make sure the network is being used as expected without internally - or externally – generated interference.

Following is an example of how emails are used as a means of extorting money not only from large businesses but also from smaller ones.

Cyber Blackmail Goes Mainstream

Once perpetrated predominantly against wealthy individuals or major corporations to extract large payouts, cyber blackmail has now become prevalent even in smaller business. Office workers are now widely reporting being the targets of an extortion scam that seems to target almost anyone with an e-mail address. The e-mail demands that the recipient make an on-line payment of a small sum of money, usually $20-$30 dollars. If the recipient fails to comply, the sender threatens to attack the company’s computer system and wipe out sensitive files or upload child pornography. Unsuspecting victims often opt to pay the extorter rather than risk the possibility of attack or embarrassment. Consequently, many instances of cyber extortion go unreported and investigations are not conducted.

Thanks so much for taking the time to read Part 11 of 15 in the “The 12 Secrets of SMB Security” series. Please feel free to contact CopiaTECH with any questions about anything you read or your small or medium-sized business and cyber security.

Please continue on to Part 12 in the series, “What to do with your secret sauce.”.