Your network needs to be accessible–it’s how your business operates and how your company’s workflow stays efficient. Your network also needs to be closed off from the bad folks.
Network attacks are on the rise. Sometimes intruders want to steal data, sometimes they just want to cause havoc (possibly to get you to pay a ransom) and other times they don’t even want you to know they’re there–they just want to spy. Whatever they’re up to, you don’t want them there. Here are five things to know about network attacks.
- Distributed denial of service attacks (DDoS). An oldie, but a goodie, that doesn’t even need to get into your network to have the desired effect. Whether it’s flooding your server with packets or forcing your databases to perform complex SQL queries, it can bring your network to its knees.
- Stolen accounts. This is the one most people think about. The attackers either get into an account or figure out how to create one. This can be caused by weak passwords that get brute forced or social engineering like a phishing scheme that unwittingly hands over access. Privilege escalation builds on this by elevating what an account can do.
- SQL injection attacks. Malicious code is used to exploit a vulnerability in your code to access or damage your data. It’s a juicy target with so much software still operating on SQL queries. Keep your accounts patched and don’t share databases between websites.
- Man-in-the-middle attacks. Whether the attacker is in your network or not, if encryption isn’t end-to-end, they can intercept traffic. That means they can possibly hijack sessions and obtain user credentials.
- Insider threats. These are hard. Somebody you trusted didn’t deserve that trust and abused their access. You need some kind of behavior analytics to detect suspicious user behavior to defend against the insider.
Knowing is half the battle, so just knowing about threats like these gets you part way to making your network more secure–you know, when you do something about it.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Tom Merritt’s Top 5 series (TechRepublic on Flipboard)