Network security and the need to know
While network and Internet technologies offer new growth and competitive opportunities for small and medium-sized businesses (SMBs) it is also a time when it needs to protect computer systems against threats. about security.
According to a survey conducted by the CSI Computer Security Institute in 2003, 78% of computers were attacked via the Internet (59% in 2000). Today, even the smallest businesses feel they need to carry out online business activities, and so many factors need to be ensured for this model.
However, according to Jim Browning, vice president and director of research at Gartner's SMB, most businesses do not recognize the importance of security, they often take them lightly while they should be priorities. top when conducting online activities.
If not properly protected, every part of the network becomes the target of hackers, competitors, or even employees in the company. Although 40% of SMBs in 2005 performed more secure network management and Internet usage, according to Gartner statistics, more than half of them did not even know they were attacked by hackers.
The basic platform
Like many other types of crimes, cyber threats and Internet resources come from small communities. As small as this factor is constantly growing because there are few sanctions that effectively restrain it, just an attack tool released online is immediately many computer systems become items. Attack targets through software vulnerabilities. The people behind these attacks could be hackers, software crackers or "insiders".
- Firewall: A software or hardware solution that helps prevent attempts to penetrate from outside or only allow legitimate data to enter the network. Today, firewalls are very popular for enterprise networks.
- Identity management: User identity and current acceptance status, define and enforce access to system and network resources.
- Intrusion detection: The software's ability to analyze network activity, detect intrusion behaviors and send notifications to administrators.
- Threat prevention: It involves linking multiple security technologies (firewalls, detection / intrusion protection) and intelligent network services to reduce the impact of known or unknown threats.
- VPN (Virtual Private Network): Virtual private network allows computers to connect securely (securely) to enterprise networks via the Internet. Using a combination of hardware devices on the corporate network and special software on remote computers that businesses can use VPN for satellite offices, headquarters away from the center and mobile devices of employee.
* Hackers (hackers): Most people are knowledgeable about security and the principles of operating the Internet and computers. In the past, hackers' intentions when breaking into computers were often non-profit colors, just to prove their skills or show off "achievements". Today, this goal has gradually vanished and instead there are bigger motives: money, personal hatred, politics . The concept and concept of hackers is also varied, however, it is possible divide hackers into 3 types: white hat, black hat and gray hat.
Hackers "white hats" are often security experts, who for the general safety of the community in the fight against "black hat" hackers. "Gray hat" is a new phrase referring to "half-black and half-white" hackers (both right and wrong), factors that can change according to circumstances.
* Cracking the cracker (cracker): It is also very dangerous and causes great damage to businesses. The "favorite" jobs of this type of people are unlocking software, modifying Web pages, stealing credit card information, destroying data.
* Insider: It is the employee in the company who wants to obtain personal information of others to satisfy curiosity or serve other purposes.
The most common security threats are network attacks, psychological attacks (social engineering), viruses, worms and spyware. Complex cyberattacks with political or financial motives often target only a specific company or computer system. The purpose is not outside the intention of modifying the database, stealing accounts or personal information, installing reconnaissance programs to allow intruders to initiate attacks from the system itself. victim calculation.
Network attacks have three basic methods:
* Reconnaissance attack : A method of attacking information to trigger a real attack later on the network.
* Access attacks : A method of taking advantage of the weaknesses of the network (usually a bug or security vulnerability).
* Denial of service attack : This is the most powerful attack method by sending a large number of information queries to the server, causing an overload phenomenon, making the computer impossible (or difficult to ) access from outside.
System administrators need to properly assess the level of attacks so that they can take reasonable measures to combat and protect them.
- Virus: A program that can search for other programs on the network device and infect them by copying into it a version of the virus. When these programs are executed, the attached virus is also activated to begin the next infection cycle. Unlike worms, viruses cannot infect computers without some help (user interaction).
- Depth: The program can spread and infect itself over the Internet at a very fast speed.
- Trojan Horse: Retrieved from an idiom, this is the term for a malicious program hidden in a certain cover (such as a game program), helping the mastermind have Can issue remote control commands.
"Social engineering" methods are often used to steal sensitive business information. This is the least energy-intensive attack method as it is very effective in many cases. Sometimes an attacker can get what he wants, such as asking for password information to upgrade the system from technical support.
Viruses, Trojans, worms and other threats can work together to create a major risk to the safety of a business. These threats often strike a predetermined target, surf the Internet and look for vulnerabilities in the victim's computer system to invade. Viruses and Trojans often require new user interaction to be infected, while computer worms do not need to; they are able to spread via e-mail to infect "less secure" computer systems in just a few hours, or even minutes. According to PestPartrol software security firm, the number of security threats has increased from 27,000 (2000) to 60,500 in 2003.
* Solution
In order to minimize the damage from attacks taking advantage of security holes, businesses need to seriously implement the detection process -> thoroughly resolve or prevent the vulnerability. Often the first step is to draft a security policy and inform the employees in the company. This policy should clearly define the rights and obligations of each person in contact with enterprise technical resources.
Once there is a clear policy and regulation, the next step is to combine service measures to minimize or even eliminate many of the current security "headaches". These measures may include technical implementation to detect and prevent abuse and vandalism; train staff and apply thoroughly and smoothly the security policy set out.
* Impact
Internet security can directly affect the revenue and business situation of the business. A 2003 survey by CSI and the FBI Computer Intrusion Prevention Team showed that out of 75% of businesses surveyed, they all suffered financial losses from security incidents; 47% of enterprises said that they could accurately assess security losses; and 23% reported a loss of about $ 10 million annually due to assault acts.
Another damage is very difficult to evaluate but extremely important for SMB, which is the period of system malfunction (downtime) and product damage due to slow response to security incidents. In many cases, businesses must temporarily remove important servers, desktop systems and chains related to security incidents. While facing potential damages, many small businesses have not focused on this risk.
* Some work to do
Threatening security and deploying technology to minimize them is always closely related. For successful security requires a step-by-step approach and a thorough processing process:
- Conduct periodic reviews of security policies
- Deploy security technology to provide secure connections, prevent threats and manage identification and evaluation . at reasonable times and parts.
- Repair and protect endpoints, servers and desktops from identified or unidentified threats. Be aware that there is in fact no single security technology that is perfect, but need to incorporate a variety of different measures and technologies.
There are many basic security steps that do not require much money or effort. SMB can perform simple and easy steps to improve the security environment of your business. SMB may be a small target but not so they are less likely to be attacked, whereas businesses of this type need to protect themselves against risks by implementing preventive, common and easy-to-deploy activities. .
There's more.
- See network security struggles like the front
- Campaign to find cyber security experts 'child' of NSA
- Network security and data security in Vietnam: When the bell rings ...
- Symantec alarms network security
- Why is information insecurity still happening frequently?
- How dangerous is the gap in Wi-Fi network?
- Minimize risks from security attacks
- The second network and security laboratory in Vietnam
- Network security - How to set a password with high security
- VPN network error threatens wide-area data security
- 11 -9 on the network
- 'Network weapon': Indispensable in the UK arsenal