For an IT manager, dealing with viruses is just part of the job. You’re constantly finding ways to block viruses from infiltrating your system, quickly remedying your vulnerabilities with patches, or, in the worst cases, recovering from an attack.
But falling prey to a hacker or a cracker is much more personal. It implies that there was some kind of vulnerability in your network that allowed an intruder access to your data.
Well, as they say, knowledge is power. The more you understand how a hacker operates, the better your chances for thwarting intrusions. TechRepublic has offered several articles on the subject of hackers, from what to do to prevent an attack to how to deal with one after it’s occurred.
Del Smith offers some practical tips about how to keep hackers from getting your system information—information that can let them discover holes in which to reach your data. In “Don’t broadcast info about Windows servers to hackers,” Del cautions about the kind of information hackers can use to exploit your systems.
Michael Mullins weighs in with another tip in “Prevent hacker probing: Block bad ICMP messages.” He maintains that, although most network administrators do a fairly good job of filtering TCP and UDP traffic, many forget to filter ICMP traffic. This is dangerous because hackers can use it to map and attack networks, so it needs to be restricted.
In “Knowledge is power against these new social engineering schemes,” Brien Posey explores some of the new ways hackers are manipulating social engineering to get what they want. (Social engineering refers to an act in which a hacker tricks a user into disclosing a password or other sensitive information, rather than relying purely on traditional hacking techniques.) It pays to take a look at the schemes being used so you can better educate your users on what behaviors to avoid.
What to do after an attack
Robert Bogue offers a three-part series on what actions will help you sort things out in the aftermath of an attack. “You’ve been hacked: What to do in the first five minutes” focuses on the most immediate actions you must take to secure your system: evaluate, communicate, and disconnect. This includes evaluating (identifying the intruder, identifying the vulnerability, etc.), communicating, and disconnecting. In “You’ve been hacked: What to do in the first hour,” he describes what you need to do to patch all vulnerabilities and get back online. The steps he outlines include:
- Image the system to preserve a record.
- Evaluate systems to detect tampering.
- Rebuild the compromised systems.
- Patch vulnerabilities.
- Reconnect your systems.
In “You’ve been hacked: What to do to prevent future attacks,” Robert focuses on long-range measures you can implement to strengthen your defenses after the dust settles. This includes establishing monitoring (log review, intrusion-detection software) and performing an external security audit.
Maybe the best lesson on what to do in a hacker attack comes from a professional (ethical) hacker. John Verry, a consultant for the security firm CQUR IT, which specializes in security assessment, protection, detection, and recovery services, offers a tale of a recent job that had an interesting twist: He discovered that the FTP server he was penetrating for a client had already been hacked. In “Hacking the hacker: How a consultant shut down a malicious user on a client’s FTP server,” Verry details the steps he took to remedy the situation. This is a must-read for any IT manager, as Verry outlines the security fundamentals that most companies fail to execute.
Armed with practical advice from folks who have been there and done that, you should be better prepared to prevent and deal with future hacker attacks.