Client Portal +

Protecting Your Critical Data - Part 2

How do we protect what is on our computer networks? In a previous article we discussed in detail the case of a business whose poor security practices resulted in an internet worm infecting their computers and servers. This compromised files on their network and made day to day tasks impossible on their computer systems. In a similar way, information theft can be devastating to any business. All too often, critical information about your company’s intellectual property, clients, processes, or trade secrets is vulnerable to being stolen over the internet. While your company’s network allows the efficient sharing and storage of information to authorized users, it can also provide a conduit for a thief to steal your data.

 
What follows is a case study of a company that had critical files and data stolen, resulting in tens of thousands of dollars in cost to secure their systems and further damage through competitors gaining access to blueprints, business plans, and financial data.
 
Case Study 2: Information Theft
 
We were engaged by a company that was concerned about suspicious behaviour on their network. Additional user accounts had been added to their server, and the accounts did not match any of their employees. The IT staff were the only persons authorized to add and remove user accounts.
 
Initial Investigation
Our engineers scanned their entire computer network but did not find any suspicious files, with the exception of one server. On that server we found remote control software that would allow the person who installed it to connect into the server from anywhere in the world and access data on it. We immediately disabled this software.
 
How Could This Have Happened?
How did the remote control software get on the server? Unlike our first case study, all systems had current antivirus software and were being patched properly. The entire network was properly protected by a firewall. We setup logging and alerts on the server and firewall to keep track of every attempt to connect to them from both known and unknown sources. It was time to do some Dick Tracy style investigative work. 
 
Discovery
Late one evening, we were alerted when remote control software was re-installed on the server. We traced the installation to a laptop computer that was connected to the company’s network through a Virtual Private Network (VPN). The company had several traveling sales staff that were not based in their corporate office. These staff had access into the network in much the same way the computers in the corporate office had access. They used software that created a VPN connection from thir laptop directly into the company’s network in order to access files, printers, and other network resources.
 
Taking Action
Of course, we confiscated this laptop and began scanning it. The laptop had expired antivirus software and had not been patched in months. The sales staff were contractors that owned their systems and were not supported by the company’s internal IT staff. The company’s policies and tight security on their internal computers was not applied to these laptops.
 
What Was the Damage?
We found a keystroke logger, remote control software, and a “hacker kit” on the laptop. The hacker kit was being used to access the server and attempt to guess the administrator password on the server. Because that password was not very strong, the password cracking program had successfully guessed the password and was able to install the remote control software on the server. Additional investigation strongly suggested the software was placed on the computer by a competitor, and they were using the software to steal sensitive information.
 
What Went Wrong?
Clearly, the company’s IT staff did a good job protecting the computers within their network. Unfortunately the company had no policy with regards to their contractor’s systems. Because these computers were allowed access to the internal network, a back door was essentially left open. Once through the back door, the company was very vulnerable because the administrator password was not strong enough to protect it from being guessed by a password cracking program.
 
Resolution
We worked with the IT staffers to implement two new policies. All contractors were only allowed access to the company’s internal network if their computers were maintained and monitored by the IT staff. Administrator passwords were strengthened by requiring them to be at least 8 characters long, include both uppercase and lowercase letters, and symbols. In addition, passwords were set to expire after a specific time period so they would be changed frequently.
 
Learning From Their Mistakes
You CAN keep your systems safethrough solid computer security policies and wise password management. The tools available to implement these policies are freely available and most of the time cost nothing. In order to help companies implement these policies, the SANS Institute created a great resource called the Security Policy Project. This project is a compilation of many recommended policies, documented and ready for your company to customize and use in your organization. You can go to http://www.sans.org/resources/policies/  to take advantage of these resources
 
Here are some guidelines to creat two of the foundational policies every company should have to secure their network:
 
Establish a Computer Security Policy
  • Set Rules for behavior – set appropriate expectations about what employes can and cannot do on the computer systems.
  • Authorize monitoring and investigation – clearly state out in company handbooks and other documents that computer systems are monitored for security purposes
  • Define consequences of violations – reward those who use computer systems properly and warn those who do not to ensure compliance.
  • Company baseline security – all computers, including those used by subcontractors, must meet secure guidelines your company sets.
  • Minimize risk – don’t allow questionable software or computer use. Segment the network out if certain staff, for example developers, need different security levels on their computers in order to perform their tasks effectively. 
     

Implement a Password Policy

  • Maximum Password Age – depending on your security requirements, you may require that all passwords be changed once every 90 days
  • Enforce Password History – what is the point of setting a policy for passwords to be changed every 90 days if employees can use the same password or a nearly identical one over and over again?
  • Minimum Password Length – a password such as “cat” is very easy to guess. In general, longer passwords take much more time to guess.
  • Must meet Complexity Requirements – many people tend to use the name of a family member or pet as their password. With a complex password, you could still use the name, but you would need to have both upper case and lower case letters and a number. While the password “susan” is easy to guess, “!Susan25!” is very difficult to guess, even for a password cracking program.
 
Conclusion:
There are many aspects of computer and network security, and they vary greatly depending on what systems you have, how confidential your data is, and many other variables. However, If you follow the guidelines above and use the SANS resources to help create your policies, you will have taken significant steps to secure your computer network.
 
« Back to News Index
We have had zero problems with viruses attacking our system since partnering with TekTegrity. TekTegrity is proactive in planning and has put us in contact with vendors to keep our software up to date. It’s one of the best decisions we made to partner with TekTegrity.
Dorothy Green
Pleasant Valley School District
Join our email newsletter

SLO and SB Counties
805.596.0135

Kern County
661.302.4532

email us
info@tektegrity.com