Bug Watch: It'll never happen to me

This week, Mark Read, professional services consultant at MIS Corporate Defence Solutions, warns companies about the 'it'll never happen to me' attitude towards security breaches. As 200 UK companies a day find out, crackers are not always choosy and whatever type of company yours is can be a target.

Some organisations believe that the internet is such a large place that they will never become a target, or believe that a cracker could possibly want to steal their company information. Here are five reasons why your company could be the next victim of a security breach or attack, whoever you are.

Netblock scanning

Crackers spend time scanning blocks of IP addresses, simply searching for vulnerabilities. The first hole that they find could be in your system and, whether you are a small company or multinational corporate, if they see a way to compromise you, they will.

In general, most crackers do not care who their victim is. More often than not, they just want to compromise a system to prove that they can. If they are lucky enough to find that their target is a big player it is just a bonus.

Worms

Worms such as Code Red and Nimda have no idea whether you are a big or small company. These worms work in a similar way to the crackers who scan netblocks, except that they look for a specific vulnerability.

If your company is guilty of failing to applying the latest patches and security updates, and your system has this particular vulnerability, the worm is able to use your network as the launch point for attacks on other systems. Should this situation arise, the fact you've been compromised is impossible to keep secret.

Trojans

Is your firewall policy as tight as possible to prevent crackers from getting in? Are all of your servers fully patched? Yes? Then your network is totally secure, right? Sorry, wrong.

While you may have taken all possible steps to keep the crackers on the outside, you are still at risk from an attack that originates inside your network. You remember the story of the Trojan horse? The same applies to security.

Users can be huge security risks in themselves unless you have strict policies in place that they understand and adhere to. Programs such as animations and games downloaded from the web or received by email are not always as innocent as your users may think.

While these programs may be entertaining on screen, there's a chance of something a lot less entertaining happening to your system.

Data from a workstation or network may be secretly transmitted to a cracker's own server that is listening somewhere out on the internet, or a cracker could access your workstation by creating a reverse connection back to an attacker's host.

Again, this is down to the luck of the cracker. If you happen to install their Trojan on your workstation, they don't care who you are, but you've just become the next victim.

Stepping Stones

Crackers who have a specific target in mind rarely attack their target network directly. Initially they will look to compromise another vulnerable network, allowing them to attempt to cover their tracks by launching their targeted attack from this system.

So it appears to the final target that the vulnerable network is attacking them. If a company cannot prove that a member of their organisation did not perform the attack, a costly legal situation could arise.

The Enemy Within

When looking at security, companies always check the devices they have in place to keep crackers out of their system. What they often fail to realise is that the cracker they're desperately trying to keep out may already be in and on the payroll.

Although your employees may not be master crackers, the problem occurs because of human curiosity.

Information on how to hack, and the necessary tools, are so easily available on the internet that anybody, no matter how little technical knowledge they may possess, has the potential to do damage.

Should one of your employees take their newly discovered skills and put them to use on your corporate network, you will have a problem. Their intentions may not be malicious, but their curiosity could be the root of all sorts of problems.

The secret to good security and avoiding breaches is good education and common sense. Do not rely purely on security products alone, understand the threats and never assume that it won't happen to you.

Not every company will use the same security tools and services, but every company should use a level that is appropriate to them. There is no such thing as 100 per cent security, but you can't go wrong by aiming for it. Try not to become a cracker's next victim.