Bug Watch: Beware the Christmas crackers

Bug Watch: Each week vnunet.com asks a different expert from the IT security world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

As Christmas snowballs towards us, Paul Rogers, network security analyst at security consultancy MIS Corporate Defence Solutions, delves into the underworld of industrial espionage, providing the top five tips to ensure businesses remain unscathed from hackers and crackers this Christmas.

With the Christmas season upon us, bringing with it the usual mad scramble for that last-minute gift, what is often overlooked is IT security. While offices shut down for Christmas and the New Year, there are some hackers and crackers less full of seasonal goodwill that will be scanning networks hoping to find rich pickings.

With the explosion of resources available over the internet, the need for businesses to protect themselves when connecting to the web increases. However, by following a few simple tips, it can mean a hack-free festive season.

1. Ensure your security policy is adhered to as it would any other month of the year. With many passwords needing renewal at the end of the month, make sure that these are implemented before leaving on holiday.

With time in the office alone, a disgruntled employee is far more likely to crack into a system with passwords that are left unchanged, entering possibilities such as colleagues' favourite restaurants or partners' names. Once entering into previously inaccessible areas, information such as payroll, email and HR files can be viewed.

2. Make sure that internet-facing systems are protected correctly by firewalls and other external protection systems. IT security is very much about layers, the more put in place, the harder it is to get through.

Ensure that there is a dedicated person or team on hand to monitor the system and keep up to date on any new vulnerabilities, either through a shift, team work or 'on call' system, thus making sure that the latest updates and patches are implemented.

3. Intrusion detection systems should be configured to alert the correct person if there is a problem, so that it can be acted on quickly and successfully. A new intrusion detection system is very similar to a new burglar alarm. When it is first set up, initial glitches such as doors slamming shut can in turn set the alarm off, causing a false alert.

Systems need to be set to detect malformed or large amounts of Internet Control Message Protocol (ICMP) traffic (ping, for example), such as potential denial of service attacks, rather than individual or small numbers of pings to verify the host is up.

4. Disable remote access points such as dial-in servers and modems, keeping only necessary connections available through the use of a secure VPN (virtual private network). Very much like when you physically leave the office, lights are turned out and doors locked.

5. Ensure a security emergency and disaster recovery plan are put in place. Companies generally have a physical disaster recovery plan, for example in case of flooding or fire. Having an equivalent for your IT system, in case hackers deface your website or bring your internet presence down, is also essential.

Not only do the correct people know what to do, but potentially damaging postings can be rectified before damage such as branding, corporate embarrassment and legal issues set in.

Physically locking your workstation server and protecting against physical access to your system might seem obvious, but many overlook the fact that outsiders can gain access to your building to manipulate sensitive data or physically remove it.

By ensuring that any sensitive data is encrypted, this means that if hardware is removed from the office, access is still denied. Better still, by storing this type of data on a central server, rather than at the workstation, this provides an even higher level of security, along with backup mediums being stored off site.

Many consider IT security as an expensive, often unnecessary option, and a large number of businesses are still taking a reactive rather than proactive stance towards IT security, with many failing to devise and implement an appropriate IT security policy.

However, as illustrated, there are routes that systems administrators can choose, such as changing a password or disabling guest accounts over the holiday season, that are simple, economical and effective.

With an average of 20 UK systems compromised by hackers each day, can you really afford to be complacent as you sit down to yet another mince pie?

Next edition: 22 December