Client Portal +

Protecting Your Critical Data - Part 1

President Obama’s recent appointment of a Cybersecurity Coordinator underscores just how critical internet security is in our modern, interconnected world. On May 29th, President Obama unveiled an ambitious plan that would, among other things, develop a comprehensive strategy to secure networks and begin a national campaign to support cybersecurity awareness. Why has our President placed such a strong emphasis on internet security? In the last few months alone, the blueprints for the presidential helicopter Marine One were found on a computer in Iran, San Francisco was locked out of its own network; California’s ISO (power grid) suffered a partial shut down due to system compromise, several major credit card companies had confidential customer data stolen, hackers infiltrated the MIT network, and Viewsonic Corporation had key intellectual property stolen or deleted. The cost of damage done in these instances alone amounted in the hundreds of millions of dollars. It is clear that the theft or damage of data on our computers and networks is a serious and potentially devastating problem that deserves our careful attention.

 
Fortunately, there are many resources available for implementing best practices for information security into your organization. One of the best ways we can demonstrate how to protect your systems is through case studies of recent incidents and their outcomes
 
We will present a case study of an internet worm infestation in this article. Next month, we will present a different case study of information theft and conclude with some practical recommendations on how you can adequately protect your networks. 
 
Case Study 1: Worm Infestation
 
Recently, we were contacted by a client whose entire network was brought to a standstill by an internet worm. The worm had infected a laptop computer an employee used while on a business trip. Once the laptop was brought back to the business, the worm spread quickly and within a few hours had infected nearly 600 computers – 98% of their computer systems. The worm was designed to slow internet traffic dramatically and blocked all legitimate traffic from traveling over the network between computers.   Most employees were unable to use their network files, print, or perform day to day productivity tasks on their systems.
The internet worm in question exploited a security hole in Windows XP’s RPC protocol. Microsoft had known of the vulnerability for months prior to this incident and had already issued a patch to fix the problem. 
 
What went wrong? 
 
While the patch was available, the company had no policy to distribute patches to their computer systems. Most computers on the network had never been patched or updated since they had initially been purchased. In addition, the company had allowed their antivirus software to become out of date by not renewing their annual contract with their software vendor. Even though the company’s firewall blocked the worm from reaching computers on the internal network, it could not protect them from the infected laptop. The company’s firewall was a gatekeeper and prevented viruses and worms traveling from infected computers on the internet from reaching the systems on the internal network. However, the firewall was circumvented because the infection was brought into the internal network on a laptop. 
 
What were the consequences?
 
The consequences of this worm infection were very serious. The internet connection had to be shut down. Many of the computers had to be erased and re-installed (“re-loaded”) from scratch. This resulted in a massive dollar and information loss to the company. 
 
What actions had to be taken?
 
Once we had removed every trace of the worm from the company’s network, we worked with them to implement new policies for patch management. We enabled Microsoft’s free tool, Windows Update on all systems and configured an update server at the company so patches could be installed quickly in the future. Every computer was set to download and install approved patches automatically. In addition, we deployed an antivirus solution with a central console that could be easily maintained and managed. In the event antivirus software expired or was out of date, the company’s IT staff would now receive alerts. Lastly, we worked with the company to segment their network so that traveling laptop computers would connect on a separate network than desktop computers. We setup a less secure network for these laptops that was separate from the more secure internal network. Once laptops connected to the network, they are scanned for any suspicious traffic before being allowed to connect to the secure network
 
Conclusion:
 
The company in question is still recovering from the financial loss suffered during the worm incident. A costly lesson learned from the incident was that investing in the necessary staffing and resources to prevent an infection would have been a fraction of the dollar loss suffered due to their outage. In much the same way that a tune-up and safety inspection of your car reduces your risk of a costly repair, proactive and preventative network security initiatives will reduce your exposure to a damaging security breach. 
« Back to News Index
...TekTegrity has the technical skills to guide our demanding IT needs as well as personnel with social skills to interface with our team, take advantage of their insight and make them feel comfortable. We can now spend our resources making our business more capable and profitable.Henry Pontarelli
Lisa Wise Consulting
Join our email newsletter

SLO and SB Counties
805.596.0135

Kern County
661.302.4532

email us
info@tektegrity.com