Lo ckdo w nthenetw o rk netwo rk mo nito ring is a

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: everal mo nths af ter patches were available, ro ughly o ne quarter o f all DNS servers were still unpatched and expo sed.IBM, X­Fo rce Threat Repo rt: 2008 Year in Rev iew , January 2009. To be f air, no t all f irms delay patches o ut o f negligence. So me o rganizatio ns have legitimate co ncerns abo ut testing whether the patch will break their system o r whether the new techno lo gy co ntains a change that will cause pro blems do wn the ro ad.Fo r example, the DNS security patch mentio ned was inco mpatible with the f irewall so f tware deplo yed at so me f irms. And there have been cases where patches themselves have caused pro blems. Finally, many so f tware updates require that systems be taken do wn. Firms may have uptime requirements that make immediate patching dif f icult. But ultimately, unpatched systems are an o pen do o r f o r inf iltratio n. Lo ck do w n hardw are. Firms range widely in the security regimes used to go vern purchase thro ugh dispo sal system use. While so me large f irms such as Kraf t are allo wing emplo yees to select their o wn hardware (Mac o r P C, deskto p o r no tebo o k, iP ho ne o r BlackBerry),N. Wingf ield, “It’s a Free Co untry…So Why Can’t I P ick the Techno lo gy I Use in the Of f ice?” Wall Street Jo urnal, No vember 15, 2009. o thers issue standard systems that prevent all unappro ved so f tware installatio n and f o rce f ile saving to hardened, backed-up, scanned, and mo nito red servers. Firms in especially sensitive industries such as f inancial services may regularly reimage the hard drive o f end-user P Cs, co mpletely replacing all the bits o n a user’s hard drive with a pristine, current versio n—ef f ectively wiping o ut malware that might have previo usly sneaked o nto a user’s P C. Other lo ck-do wn metho ds might disable the bo o t capability o f remo vable media (a co mmo n metho d f o r spreading viruses via inserted discs o r USBs), prevent Wi-Fi use o r require VP N encryptio n bef o re allo wing any netwo rk transmissio ns, and mo re. The clo ud helps here, to o . (See Chapter 10 "So f tware in Flux: P artly Clo udy and So metimes Free".) Emplo yers can also require wo rkers to run all o f their co rpo rate applicatio ns inside a remo te deskto p where the actual executing hardware and so f tware is elsewhere (likely ho sted as a virtual machine sessio n o n the o rganizatio n’s servers), and the user is simply served an image o f what is executing remo tely. This seals the virtual P C o f f in a way that can be tho ro ughly mo nito red, updated, backed up, and lo cked do wn by the f irm. In the case o f Kraf t, executives wo rried that the f irm’s previo usly restrictive techno lo gy po licies prevented emplo yees f ro m staying in step with trends. Emplo yees o pting into the system must sign an agreement pro mising they’ll f o llo w mandated security pro cedures. Still, f inancial services f irms, law o f f ices, health care pro viders, and o thers may need to maintain stricter co ntro l, f o r legal and industry co mpliance reaso ns. Lo ck do w n the netw o rk. Netwo rk mo nito ring is a critical part o f security, and a ho st o f technical to o ls can help. Firms emplo y f irewalls to examine traf f ic as it enters and leaves the netwo rk, po tentially blo cking certain types o f access, while permitting appro ved co mmunicatio n. Int rusion det ect ion syst ems specif ically lo o k f o r unautho rized behavio r, so unding the alarm and po tentially taking actio n if so mething seems amiss. So me f irms deplo y h oneypot s—bo gus o f f erings meant to distract attackers. If attackers take ho neypo t bait, f irms may gain an o ppo rtunity to reco gnize the hacker’s explo its, identif y the IP address o f intrusio n, and take actio n to blo ck f urther attacks and alert autho rities. Many f irms also deplo y blacklist s—denying the entry o r exit o f specif ic IP addresses, pro ducts, Internet do mains, and o ther co mmunicatio n restrictio ns. While blacklists blo ck kno wn bad guys, wh it elist s are even mo re restrictive—permitting co mmunicatio n o nly with appro ved entities o r in an appro ved manner. These techno lo gies can be applied to netwo rk techno lo gy, specif ic applicatio ns, screening f o r certain kinds o f apps, malware signatures, and hunting f o r ano malo us patterns. The latter is impo rtant, as recent malware has beco me po lymo rphic, meaning dif f erent versio ns are created and deplo yed in a way that their signature, a so rt o f electro nic f ingerprint o f ten used to reco gnize malicio us co de, is slightly altered. This also helps with zero -day explo its, and in situatio ns where whitelisted Web sites themselves beco me co mpro mised. Many technical so lutio ns, ranging f ro m netwo rk mo nito ring and respo nse to e-mail screening, are migrating to “the clo ud.” This can be a go o d thing—if netwo rk mo nito ring so f tware immediately shares news o f a certain type o f attack, def ens...
View Full Document

Ask a homework question - tutors are online