This week Tim Ecott, managing consultant at Integralis, advises businesses to strengthen their existing infrastructure to prevent hacker attacks before spending money on expensive security solutions.
As the theft last week of millions of Visa and MasterCard accounts shows, the threat posed by hackers is real to all businesses.
Although the reaction of many in the aftermath of such attacks is to search for a scapegoat, it is important for businesses to learn from the experiences of the past.
By hardening the existing infrastructure, businesses can reduce the threat posed by hackers without needing to re-invest money.
More often than not, it is not a case of buying in the latest technology, but ensuring that the system already in place has been installed and configured with maximum security in mind.
One of the most important considerations is that of vulnerabilities - which help the hacker to access networks - and how some of the most obvious vulnerabilities should be managed.
Typically, attacks that exploit an unpatched vulnerability will result in one of the following outcomes:
- Extraction of customer data
- Defacement of home pages
- Denial of Service
As a result of these attacks, companies can face downtime, exposure of customer information, and suffer the consequences of a damaged reputation among their suppliers, partners and customers.
There are, however, a few simple changes that can be made in the approach to managing vulnerabilities from the start, which can significantly reduce the likelihood of this occurring.
Running a firewall is a key piece of the security jigsaw and it is vital that the firewall rule base is configured properly if it is to carry out its job effectively.
The first stage of a hacker's activities involves gathering information, and a poorly configured firewall will inevitably have gaps in it that will aid this process.
Basic options for gathering information are 'pinging', traceroute and 'banner grabbing'.
The first involves a hacker firing small packets of information at a web-facing server and gathering information from the automated responses that are generated.
The rule base needs to be configured to prevent this happening, as the fact that a ping can penetrate the firewall means that other exploits can potentially be undertaken.
Once the ping uncovers an active system on the end of an internet protocol address, the hacker knows there is something to attack and the floodgates have been opened.
Hackers will also use the traceroute facility to their advantage, unless the rule base prevents the sending back of information on the number of routers and devices between them and the server.
Banner grabbing is a technique that enables a hacker to identify the type of operating system or application running on a target server. Typically it operates through a firewall by using what look like legitimate connections.
A less technical but no less crucial consideration that system administrators must be wary of is the naming of systems.
For example, if a server is named "microsoft-us-firewall-1" it tells the hacker a lot about the function of that server. Calling servers by more obscure names helps to harden systems simply by offering less information to potential intruders.
Another way a hacker can harvest information is through the use of scanning tools to profile the system.
Scanning tools identify open ports and enable the hacker to make an educated guess as to the type of operating system and application running on a target server.
The main problem is that by carrying out this process over a period of time, it can go unnoticed by 99 per cent of people.
But this need not be the case; with the base rules configured correctly, a network administrator would receive a warning notice that it was happening and would be able to act accordingly to stop the hacker in their tracks.
Once the firewall has been bypassed the next challenge for the hacker is to navigate the file system.
One of the most common ways of doing this on Microsoft systems is through the use of a bug known as the IDQ bug, which provides a way for the hacker to determine the web root.
If a hacker deliberately requests an IDQ page that does not exist, they can use the contents of the error message to determine the structure of the web server and possibly the system.
There has been a patch available to prevent this type of unauthorised access, but more often than not this gets overlooked. In conjunction with other bugs, a hacker could use this vulnerability to detect and extract data located on the server.
As you can see, there are some basic flaws inherent in platforms and applications that businesses can eradicate immediately by hardening their systems.
Some flaws are more obvious than others, but all are equally likely to pose a threat to your information security.
Properly configuring web-facing servers and the firewall and preventing the use of these common hacking practices can help to deter would-be assailants.
These issues should be addressed at the installation stage, as it makes the task of updating and amending system requirements much more straightforward and effective.
Hacking is a relatively simple process, but the more obstacles you put between yourself and the hacker the less likely it is that your system will be compromised.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment