Ten Security Threats To Business Data
MSC Trustgate.com Head of Research and Development, Dr. Seah Boon Keong, has warned that apart from security threats of viruses, unauthorised access to corporate data and information is also on the rise.
“Companies in Malaysia must seriously be aware of these threats as the common use of user ID and password as a form of security protection is no longer sufficient,” he cautioned.
He advised businesses to be alert of the following top ten security threats and trends:
1. Bad Security Policies
Not having or not enforcing a company security policy is simply a bad policy. These are some of the prime examples of poor security decisions. Users who install the latest file server with the default password very seldom change that password later on. There are also users who use weak passwords – passwords that anyone can easily guess such as ‘12345’ or a birth date or his/ her own name.
If an intruder or hacker manages to hack the system because of a weak password, his first attempt would be to find the list of all default passwords. Therefore, companies must have strong, enforceable policies (such as to change passwords frequently, or determine the use of alphanumeric characters) to avoid this.
One method to overcome the frequent changes required for a password is to use digital certificates. A digital certificate is an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
Each user will have his own digital certificate and present it to the system in order to log in. Perhaps they can use a smart card to store the digital certificate. Using a digital certificate is certainly a much safer and better way to authenticate and authorise a user.
2. Computer Viruses
Since the early 90s, computer viruses have been evolving from file and boot viruses to macro viruses, to remote control Trojans (a destructive program that masquerades as a benign application), to mass mailer viruses (worms), to the current metamorphic viruses. While over the last couple of years, viruses such as CIH (Chernobyl) and mass mailers ‘I Love You’ and ‘Melissa’ have been ‘the big thing’, more recently, there has been a blending between traditional intruder attacks and traditional virus attacks.
For instance, “Code Red 2” and “Nimda” are examples of mass mailers, active network infectors and traditional attack method, all combined together. These viruses spread via the Internet, compromise the computers, security features, resulting in easy accessibility to ill-intentioned hackers. When a server is infected, the worm then scans the Internet, searching for more vulnerable servers.
Viruses today are far more powerful and therefore, businesses need a more comprehensive ‘protection’ solution to deal with them. Antivirus software alone cannot meet all requirements especially when it comes to a worm virus. Securing e-mails with digital certificates can help secure all recipients in the message. It prevents the worm virus from extracting the recipients’ information.
3. Physical Theft Of Data
This problem arises when machines are left unattended. Physical security around critical infrastructure is very important to avoid data or important information from being stolen. For example, organisations may use security devices such as smart cards with digital certificates installed to ensure protection against access to the corporate network.
4. Back-Door Trojans
Unauthorised access is a major issue. Trojans create a ‘back door’ to allow an attacker to go inside the organisation unknowingly. The back door is a hole in the security of a system deliberately left in place by programmers or designers, intended for use by programmers.
This malicious security-breaking program is usually disguised as something harmless such as a directory browser, game or even a program to find and destroy viruses.
Back-door Trojans allows users to perform a local exploit against your system because they have gotten control of your system. This is far more dangerous than someone trying to direct an attack from some remote site. Awareness, the right tools and good security policies are the ways to fight this threat.
5. Vulnerabilities Of CGI (Common Graphic Interface)-bin Web Server
CGI is one of the most common ways to interact with a web server. When web servers are installed incorrectly or there are coding flaws in CGI-bin coding, it may create a vulnerability that allows attacks to exploit the system through the CGI-bin, running local commands on the system. Codes can be executed in local mode on that web server. It permits the hackers to do whatever they like on that server, such as reading and deleting sensitive information.
6. Exploiting Buffer Overflows
A buffer overflows when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a specified amount of data, the extra information can overflow into the next nearest buffers, corrupting or overwriting the valid data held in them.
Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. The extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could damage a user’s files, alter data or disclose confidential information.
“Code Red” is an example of this in which it enables root access or local access to a system.
7. Denial Of Service Exploits
This technique has been used multiple times to target and temporarily disable specific sites, among the most famous including Yahoo! and CNN websites. The attack is characterised by an explicit attempt by attackers to prevent legitimate users of a service from using that service.
Some examples of such attacks include attempts to ‘flood’ a network, thus preventing legitimate network traffic; attempts to disrupt connections between two machines, thus preventing access to a service; attempts to prevent a particular individual from accessing a service; and attempts to disrupt service to a specific system or person.
These attacks come in various types and are aimed at a variety of services. There are three basic types of attack – consumption of scarce, limited or non-renewable resources (such as network connectivity, storage space, bandwidth and other hardware resources); destruction or alteration of configuration information; and physical destruction or alteration of network components.
A Denial of Service attack can disable your computer or network, and even your organisation! It can result in significant loss of time and money, thus it’s advisable to seriously consider taking the necessary preventive steps.
8. Software Vulnerabilities
Vulnerabilities associated with software have an impact on the integrity and privacy of the software. As computer intruders learn more about how the network software is used, it is possible for computer intruders to have an impact on the availability, integrity, and privacy of network functions, which could also result in fraud.
As a preventive measure, software and operating system need to be constantly patched for any security loopholes to avoid any exploitation from hackers on these systems.
9. Remote Access
Traditionally, security consisted of firewall or gateway systems that were the crucial point for blocking malicious code or attackers, from trying to get inside. Now, security is more likely to be in danger of being compromised as more users are connecting into the corporate network from laptops, or connecting between Personal Digital Assistants, notebooks and handphones or other handheld devices.
As such, the organisation’s security protection must be extended – using personal VPN with IPSEC digital certificate on desktops or mobile systems is vital to secure the connections and protect vital information from leaking to unintended sources. Moreover, with PKI solution implemented in the organisation, digital certificates can be easily issued and controlled on a wide-scale basis.
10. BIND (Berkeley Internet Name Domain) Vulnerability
BIND is used in computers, known as domain name servers (DNS) that function as the Internet’s phone books. For example, typing a domain name such as Yahoo.com prompts a server to contact Yahoo’s computers.
Any vulnerabilities or exploits against it can have a profound impact on the Internet and traffic. Hackers and intruders have consistently tried to target BIND. If left uncorrected, the flaw could allow an intruder to change those directories and spoof traffic as if it came from somewhere else, redirect or raise traffic, which could eventually, cripple huge sections of the Internet.
Organisations should constantly watch out for patches and updates to BIND, to safeguard against this threat.
The list is not exhaustive and it is highly recommended that the Information System or Network Security Specialists of various organisations to consistently keep abreast of the latest threats that could jeopardise the network and corporate data.
About MSC Trustgate.com Sdn Bhd
MSC Trustgate.com was initiated in 1999 by the Multimedia Development Corporation (MDC) and attained the endorsement from the MSC Implementation Council to ensure that the MSC will receive the best and most appropriate products and services.
MSC Trustgate.com became the VeriSign affiliate of South East Asia in that same year, putting itself in a firm position to provide its clientele leading security infrastructure solutions. As a member of the VeriSign Trust Network, MSC Trustgate.com affords its customers a globally recognised service that is compatible with the existing technological requirements. It also offers market-leading end-to-end trust services, including authentication and validation, access management (single sign-on solutions), Web and mail content filtering, intrusion detection services (IDS) and Managed VPN services that enables mobile users to lock onto a VPN using conventional ISP dial-up needed by websites, enterprises, and e-commerce service providers to conduct trusted and secure electronic commerce and communications over IP network.