The ABCs of Network Security
Network security is a broad topic – really broad. To read through an entire book of various “security” this and “malware” that might be helpful to some people, but it’s pretty boring to just about everyone else.
Instead, we decided to compile a useful guide consisting of the most important network security terms you should know.
Welcome to the ABC’s of network security.
Antivirus (AV) programs came about sometime in the late 1980s. Initially, they were intended to do exactly as their name suggests – to detect and remove virus programs entrenched within computer systems. Over time, antivirus software has become far more advanced.
Modern AV programs are able to provide users with many advanced functions. That includes active password protection, running potentially dangerous applications in virtualized environments, stopping spam, and much more.
Businesses benefit from having AV software because it constantly runs in the background of their systems. With little client-side effort, the program will scan, detect, and eliminate cyberthreats automatically.
Brute Force Attacks
Brute force attacks refer to a trial-and-error method of breaking into protected data. Typically, malicious actors will use automated software to throw as many words or numbers at a login as possible. When a toddler snatches your phone and starts inputting as many PIN entries as they can to try to access your phone, they are (hopefully inadvertently) attempting a brute force attack.
The attack usually takes a long time. Just 4 digits in a PIN is equivalent to 10,000 different combinations of numbers. To fight against brute force attacks, there are a few different things you can do.
For starters, you can set your passwords to be complex. Word-based and numbers-only passwords are easily guessable, but those with alphanumeric and special characters included are significantly harder to crack. You can also lock users out after a certain number of attempts. Combining the two is the smartest way to protect yourself from brute force attacks.
HIPAA, SOX, PCI-DSS, NIST – these are only a few of the biggest regulatory compliance laws and regulations out in the marketplace. These laws often require regular network scanning and public disclosure of both compliance and noncompliance.
In nearly all cases, noncompliance will result in severe penalties that take the form of significant fees and even complete termination of your business. To avoid these penalties, organizations turn to periodic compliance audits.
Impartial third-party sources perform these audits – such as managed service providers and security experts. They give you a full layout of your IT infrastructure and tell you specifically where you must fix your problems to regain/attain compliance.
DDoS stands for Distributed Denial-of-Service attack. Its purpose is to completely halt traffic by overtasking a specific machine or network resource with a myriad of incoming requests.
In practical terms, it’s like trying to make it through a door while being surrounded by hundreds of other people. However, the giant crowd of people don’t actually want to pass through the door. They’re just standing around to prevent you from coming in, effectively blocking you and anyone else who legitimately wants entry.
Cyberattackers can commandeer botnets, which act as a hivemind of computers. They can then point this botnet to a certain site or server and overload it, preventing others from accessing it. These types of attacks are common during major events, such as elections and holidays, to prevent people from seeing and accessing information.
To mitigate the risk of a DDoS attack, you can spread your services and applications among multiple different servers. That’s a practice known as load balancing.
In the modern world of cyberattackers, malicious actors, ransomware, and malware, encryption is more important than ever. When you create a file, it’s usually not automatically encrypted. Without encryption, that file is ripe for the picking by any hacker that can get access to it.
In its simplest form, encryption is the practice of scrambling data in a secret order. Different encryption algorithms utilize different methods and kinds of “scramble patterns”. To protect your data effectively, you can use programs and services that use multiple types of encryption for maximum protection.
Encryption is especially useful because it adds another barrier for hackers to get through. If your encrypted files and folders get stolen by hackers, they’ll probably never open the files themselves.
That’s because they can only be unlocked by a “key”, which is usually a password or other authenticated program.
Most regulatory compliance laws actively require data encryption. Going the extra mile to encrypt data keeps it safe and sound from cyberattackers while putting your mind at east.
The internet is a big, wide, and mostly open space. When you browse the internet, you’re reaching out to servers all across the world and accessing them remotely. However, it’s important to remember this: the internet can (and must) also reach back out to you.
That’s how malicious viruses and other nasty cyberthreats sneak into your network.
Luckily, firewalls are here to protect you. They serve as the stoic guardians that defend your IT infrastructure. When internet signals reach you, firewalls filter them according to the type of signal coming in. In other words, they block the bad stuff and allow the good stuff to pass through.
According to Lifewire.com, a gateway “joins two networks so the devices on one network can communicate with the devices on another network. A gateway can be implemented completely in software, hardware, or in a combination of both.”
For most organizations, the gateway is the device that connects the network of work computers to the internet – typically a router. Because data traffic passes through the gateway, it’s an especially critical piece of equipment that must be secured.
Without proper security measures, gateways can be accessed remotely. They can give away sensitive information such as inbound/outbound files and connected device information (which can be used to access the connected devices themselves).
To protect your gateway, you must set a secure password to your Wi-Fi. Separating a guest network from your main network also helps keep potentially malicious users away from your critical information.
The definition of a hacker is someone that exploits security weaknesses and loopholes to gain access to software, hardware, and all kinds of data. So, no – someone posting social media statuses in your stead because you forgot to log off doesn’t actually constitute hacking.
As with anything tech-related, there’s a rich taxonomy of the different types of hackers out there. Generally speaking, they can be broken down into three kinds:
White hat, black hat, and gray hat hackers.
White hat hackers are known as “ethical hackers”. They exploit systems for the benefit of companies. When you undergo a penetration test, you’re employing the services of a hacker that will tell you where your IT infrastructure is vulnerable, and how you can fix it.
Black hat hackers are the ones that often make the news. They use their knowledge of systems, hacking programs, and other nefarious methods to infiltrate systems and steal valuable information. Their motivation ranges from pure anger to monetary gain. When you set up network defenses, you’re mainly protecting yourself from these hackers.
Gray hat hackers are a healthy dose of both white and black hat. They infiltrate and violate ethical hacking rules and regulations, but they don’t have the malicious intent of a black hat hacker.
It’s critical to know exactly where your network stands in terms of security. To find out, you’ll need an IT security expert to perform an infrastructure analysis.
They’ll utilize various tools to scan your network(s), including your Wi-Fi. Unlike a penetration test, this method of scanning is non-intrusive (requiring no hackers). For that reason, these tests are less expensive – and less thorough.
Jitters in Networking
Simply speaking, network jitters are a lag in packet delivery. Packets, which are nothing more than formatted groups of data, are critical to receiving and sending messages. It would be hard for websites and other digital platforms to send all their information at one time.
Instead, they send everything through a series of packets. Jitters happen when there’s a difference in the delivery speed of the packets. If you’re not getting a steady stream, you’re likely suffering from network jitters – jumps and inconsistencies in performance.
You may be wondering why we decided to include jitters in a discussion about security. When jitters occur, many people notice and mistakenly attribute the performance issues to a virus infection or other form of malware.
So, as a general rule of thumb – check your internet connection before you start spending money on finding infections that may never have existed at all.
If you work in a white-collar job, you’re no doubt typing up a storm for most of your day. Want something done? Put your fingers to the keyboard.
Unfortunately, some programmers with evil intentions realized that too – and that’s how keyloggers were born.
Keyloggers capture every keystroke you input. They then send the log of your keystrokes back to the cybercriminal that sent them out in the first place. It’s especially dangerous because they don’t just capture the passwords and PINs you type – they also capture the content every sensitive email and file you write on.
Keyloggers are indistinguishable from a run-of-the-mill virus, in that they both get into your system through a direct download or via a gap in your security. To defend against them, you’ll need a robust network security service in effect.
One of the biggest threats to security is old, unpatched, and out-of-date hardware and systems. Legacy systems are particularly dangerous to networks. Because they’re built upon old and outdated platforms, there’s usually no way to update them and make them secure for modern threats.
Many people are hesitant to switch their infrastructure to newer, supported types. While the cost of changing infrastructure is never palatable, the cost of a massive security breach is always greater (and always looming).
As BYOD (bring your own device) policies become more commonplace in the workplace, it’s critical to stay vigilant for security concerns. Each new mobile device introduced into an office environment brings additional security concerns.
What if that device has a virus on it already, and it connects to your main network? An estimated 4% of all mobile devices are already infected with malware, not only impacting the device owner but also employers.
Or, what if your employees have sensitive company information on their personal devices? It could cause a serious security concern, especially if they left the company or lost their device.
To address mobile security, companies should employ third-party services to manage their mobile devices. Mobile device management will continue to grow as long as mobile devices stay in production.
Offered by many, network monitoring services are exactly what they sound like. Behind the scenes, company networks are consistently scanned for threats, intrusions, and other warning signs.
Should they detect any suspicious and/or malicious activity, they’ll immediately alert a security expert. This expert will then analyze the severity of the intrusion and determine if it’s serious.
Sometimes, the alert will be for a minor virus. Other times, it may be for something more serious, such as ransomware. Or, it could even warn of a full-scale cyberattack. Regardless, network monitoring ensures your safety by keeping you vigilant at all times.
If you’ve got a business-level file and folder structure, you’ve likely got a lot of data that needs to be kept secure. Handling it yourself is a risky move. After all, handling your own security takes lots of time and puts all the pressure of keeping your infrastructure secure on you.
On the other hand, outsourcing your security puts a dedicated network security team to work for you. You then get to leverage multiple experts, each with years of experience, for the sole purpose of keeping you protected.
You also get access to enterprise-level security features set at a price point that you can afford.
Patch management refers to the management of updates to security programs and devices. These updates are known as patches. Consider the number of programs on just one computer. Now, consider the number of computers in an office. And then, consider the number of all applications on all of those computers. That’s a lot of individual programs to maintain and update.
Without proper maintenance, even one of these unpatched programs can leave a hole for someone to sneak into your network and wreak havoc.
Patch management puts the tedious responsibility of updating and securing these applications and devices on a professional, freeing your time up and allowing you to run your business.
The QAZ worm is a virus that allows a hacker to hijack your computer and remote control it from any location on Earth. It was rampant circa the year 2000.
It was the also the only thing we found that started with “Q” related to network security.
Ransomware is a special type of virus. It operates like virtually every other virus out there – except it has a very dangerous outcome. Ransomware sneaks into your network through emails, links, and as attachments. All it takes is one misclick on a shady link and then… Ransomware.
It starts its mission by encrypting every file and folder on your local machine. From there, it propagates through your network, encrypting everything it can reach. That means anything from your shared folders to your entire company’s backups.
Once it’s encrypted everything possible, it leaves a message in a text document in every public location. The text document almost always says that it will decrypt your data and give you your files back as long as you pay the ransom. The ransom itself is typically sent to an untraceable location using Bitcoin or a similar cryptocurrency.
Paying the ransom is risky because there’s no guarantee that you’ll get your data back. For both companies and security experts, ransomware is a huge pain to deal with. The best course of action is to actively protect yourself against it using advanced security devices and programs.
Yes, it’s also a comedy term you’ve probably heard before. However, spoofing in terms of network security refers to when a person or program successfully disguises themselves as another person through email communications and other digital methods.
From there, they use their deception to gain access to sensitive data and information.
Spoofing is reserved for the more patient cybercriminals. It takes a long time and careful planning to properly infiltrate an organization. The criminal learns who the key players within the company are, how they speak to each other, and what they have to say to get what they want – all by reading emails and various conversations.
To fight back against spoofing, you must implement additional security rules within your company. For example, establishing a rule that people must physically call and confirm money transactions can save you from mistakenly transferring funds into a cybercriminal’s hands.
Threat reports are the reports you receive after an attack strikes your systems. Regardless of whether the cyberattack succeeded or failed, threat reports break down the details of the attack.
They serve as invaluable tools for showing you where you’re most secure, and where you need to spend more time in patching your security holes. Threat reports are often included with antivirus programs and other security solutions.
In terms of security, user training is extremely important. The vast majority of cyberattacks aren’t conducted via intricate hacking methodologies. They’re welcomed with open arms by uninformed people that don’t know what to look for in links, emails, and other carriers of malware.
Having user training policies within an organization has proven to be very valuable to organizations as a whole. For starters, they’ve decreased the amount of downtime and IT clean-up required after a security breach. They’ve also helped people within companies understand the reasons behind robust (and sometimes strict) security policies.
User training doesn’t have to be a tedious affair. Two things you can do right now:
First, hold semi-frequent seminars to train on the latest cyberthreats. These don’t have to be every other week, but they should be frequent enough to be memorable. Secondly, you should seek and share helpful security articles to keep everyone informed of the latest threats.
Virtual Private Network (VPN)
To understand why VPNs are important, we must first discuss the importance of IP addresses. IP address stands for Internet Protocol address. Functionally speaking, it serves as the “home address” of your device. If someone knows your IP, they know exactly where your computer lives.
In short, they can use it to send targeted attacks directly to you with devastating effects.
IP addresses are assigned and distributed by network devices, such as routers and modems. To protect your virtual address from being discovered, you can use a VPN.
Virtual private networks take your connection and directly tunnel it elsewhere in the world, giving you a temporary IP address that leads to a dead end. In other words, you can still access everything you like, but malicious would-be attackers can’t trace your actions back to you.
Whitelisting is the act of clearing something for approval, recognition, and access. A whitelist is the list of all approved devices and applications. Many businesses block websites and applications they deem inappropriate from their whitelists, resulting in better overall security measures.
XML stands for eXtensible Markup Language. It’s a language of code that is both legible to humans and machines alike. It’s not very different from its cousin, HTML – they’re both used in regards to data on the internet.
XML carries data with a specific focus on describing what that data is within the code. Allowing an unknown party to edit XML data on your website can result in a DDoS cyberattack. It’s commonly known as the “Billion Laughs” attack.
Well, maybe not you specifically. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all cyberattacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.
As an active part of your business, you must always ensure your company-wide permissions are set correctly. Giving people unnecessary permissions to access and edit files and folders puts you at severe risk.
Simply put, zero-day exploits are exploits that take advantage of security loopholes prior to them being patched. They get their name from the fact that there have been “zero days” between the time the security flaw was discovered and when the first attack struck.
Constant vigilance is required to protect against them. When major security flaws are discovered, it’s important to be on the lookout for patches that close the open security holes.