Reading the latest Brien Krebs report, and so many
others I've seen emerge lately, it brings to mind that these kinds of attacks don't just happen against
the listed industries. They also go after any organizations that could have any
potential information on those industries. This means lawyers, accountants, or any other outsourced professional services. What savvy criminal wouldn't want to know the dirty or otherwise secrets of some public company?
What a crazy wonderfully incomprehensible universe we live in. The
thing is, not too many of us have reached that higher plane of
existence, and see the Matrix in all its glory for us to unfold and
manipulate.
THERE IS A GODDAMN SPOON! Right there. In front of me. It's
got marmalade on it. Mmm tasty marmalade...
I digress. So in simple terms, there's
some easy crap you can do to secure your network to prevent 99% of the targeted attacks seen lately. Really easy simple
rules to follow that prevent your company from being one of those 'low-hanging fruit' so easily targeted by the untalented masses buying the latest exploit kit off the black market. Of course I'm talking about a Windows network, but I
suppose this applies to any network really.
So, here's a few things to bare in mind:USE A VULNERABILITY AND PATCH MANAGEMENT SOFTWARE. With vulnerability and patch management software running, it addresses the kinds of vulnerabilities sought after by opportunists chomping at the bit to dismantle the lasted adobe update to see what they can attack on users too lazy to update their software. As seen time and time again, the main source of exposure comes from outdated software on workstations. This update software should be maintained and checked periodically to ensure its operation.
DON'T ALLOW USERS TO OPERATE UNDER LOCAL ADMIN RIGHTS. Give them the local admin account and password so they can go to town installing whatever application(*from the approved list*) that they want to install. Keep it separate from their user account, so they get used to switching accounts when they want to do something important. This saves the casual click to install and view exploit. Might make them stop, think, then ask their IT if its ok. With vulnerability management software, you'll see if someone installs something they shouldn't, so you can then go slap them with the mighty glove of "I'm watching your every move on this workstation, so behave!" It's a bit big brother'ish, and likely not necessarily true, but if you put the fear in them, they'll think before clicking or installing.
KEEP YOUR INTERNET FACING SERVERS IN THE GODDAMN DMZ ZONE. This includes any virtual host you have. Visualization is great until the fabled VM Escape attack hits, then what else is running on that host hmmmm? The last thing you want to do is poke a hole in your router or firewall to allow even a single port to access your network. Should any server be compromised, it could be pivoted inward by an attacker to gain access to other more important information assets.
SANDBOX YOUR WEB BROWSERS AND OFFICE APPS. Isolating the web from the workstations is the only way any organization can maintain a high degree of trust from their clients and save themselves from an embarrassing situation where the data ends up in the hands of some third party. The easiest place to hit any organization from is its endpoints. Sure outdated software can be a hole, but so can your fully updated Internet Explorer browser that Sally just learned how to break with her new virus code you stumbled onto.. Sally also works for the NSA and might not want to tell anyone about this problem just yet... O.O So... yeah, just get yourself an application that will sandbox your internet access. Also, NEVER turn off User Access Control in Windows, as it essentially disables Internet Explorers built in sandbox.
Also, install EMET if your using Windows. No comment on that, just read up on it and install it. All over the freakin' place.
LOGS ARE YOUR FRIEND. Love the logging, enable it everywhere, ensure it is pertinent information you are getting, and ensure you automatically email yourself those logs. Make a folder in your email and direct all of your logs there. CHECK THE LOGS. Too many companies rely on automation and not the diligence of a human brain to make sense of it and mitigate potential threats.
KEEP INFORMED ON THE SOFTWARE YOU RUN. That's right. Read those security bulletins from Microsoft. Subscribe to info security blogs. Follow industry leaders on twitter. RTFM DAMNIT!!! Most importantly apply suggested mitigation strategies. Network management tools such as group policy allow you some great granular and uniform control of your workstations. Use them. Use security templates already written by people smarter than you. Having a baseline configuration in your environment allows you to easier see when changes happen.
MAKE YOUR USERS FEAR YOU. What does the IT guy know? Pretty much everything, and often is seen as the omnipotent master of his domain who sees all, knows all, and grants you access at his whim. Garner this reputation, foster this. Fearful users are careful users. Hammer into them the importance of their online actions. The human element is ALWAYS the easiest way to get information out of a company. Kevin Mitnick proved this time and time again, and even wrote a book on it. Informed and cautious users are really your first and last line of defense against the Shisters out to steal.
MEDITATE. Because people are people, IT can be stressful, and one day you might see past the spoon.
