FREE online courses on Corporate Espionage - What can be done about it - Other Technical Countermeasures

Hackers are mostly interested in the notoriety and sense of achievement that goes with hacking a prestigious website, or accessing a sensitive computer network. They would consider it a rare prize to hack a software or hardware company's website. The WIPRO website/intranet at Bangalore was the prime target of some knowledgeable hackers last year. The then WIPRO President, Ashok Soota was, however, quite aware of this and more than equal to the challenge of guarding his company's website.

HACKERS USE VULNERABILITY SCANNING TOOLS to probe for weaknesses. ‘SATAN' is one of them – tell your systems administrator to use tools like ‘SATAN' to regularly scan your company's system for vulnerabilities.

Modem connections should be kept to the minimum – they provide back door access, especially by using ‘WAR DIALLERs'-devices that search ranges of telephone members to locate those connected to computers through modems.

Intrusion Detectors

Intrusion Detector(s): these are software that warn of attack/intrusion. Load them on your system. Couple it with ‘HONEYPOTS'-booby traps for hijackers-which appear to be caches of valuable data but are loaded with ‘useless information or ‘bait' and give warning of attack. They can also contain DISINFORMATION to throw competitors off the right track.

Access Controls

Access Controls: All technical penetrations can be minimised with proper access controls. They prevent users from accessing files they shouldn't be accessing-use ‘default access' for this. Many access controls are already provided by the system manufacturer. All you have to do is turn them on

Password Checkers

• Many passwords are easy to guess; enforce use of strong passwords
• Password checkers highlight such passwords, to enable installation of more complicated ones
• The hundreds of password crackers available on the Internet can be used to test your own systems
• Find weak passwords before criminals do.

Perishable Password

• Set passwords to expire after twenty-one days
• This automatic feature can prove very useful

Account Lockouts

• After non-usage of a specific time period, say 14 days – accounts can be set to lock out automatically
• Auto lockout can also be programd after 2 or 3 failed attempts. This warns of attempted intrusions and account has to be re-set manually. Good feature.

Audit Logs

Audit Logs an auditing program must be an essential feature of a server system.

§         It records who is accessing what files, when

• Reveals attempts to access sensitive files
• Records security-related events
• Uncovers huge data to enable investigation into security-related areas.

In a major Bank, such audit logs were part of a damage control exercise after hundreds of personnel record files had been accessed:

• Helped to identify the searcher
• Enabled search of his records to see which all files he had accessed other than personnel
• It also highlighted the fact that the breach started ONE YEAR BEFORE! So, audit logs must be scanned regularly, or the impact will be lost.

Mirrored Logs

• Skilled hackers can MODIFY Audit logs to escape detection!
• ‘Mirrored', or duplicate logs automatically recorded on another computer, can circumvent this
• Administrators should compare original and ‘mirror' logs to spot discrepancies, signaling (sophisticated) break-in.

Use Write Protect Disks

• These protect data which are not to be over-written, merely accessed e.g. Static websites.
• It's surprising that even the Govt. Departments' websites were not thus protected, and got hacked

Adequate Software Testing

Adequate Software Testing: Systems crashing, or going into unforeseen modes, can be due to inadequately tested software.

• More losses are caused by such flawed software than security breaches
• A major foreign bank in India lost several crores because of a one-line programming error, due to their haste to install

ATMs

ATMs (Automated Teller Machines): It resulted in unlimited cash access for three days before it was detected. Though news blackout was damped for obvious reasons, this Bank has since almost withdrawn from retail banking in India.

Other Valuable Countermeasures

• Regular Bug Sweeps – to locate bugs (one Company's Annual Maintenance Contract people were installing the bugs! It was only deductive logic that revealed the bugs).
• Encryption: Data for storage or transmission can be easily coded (or ‘encrypted')
• Even telephone conversation can be ‘encrypted' (called ‘scrambled'-a scrambler device is used at both ends, between instrument and phone line). Most Secretary-level IAS officers, and above, have to use them.
• Digital signatures – a form of encryption – not only secure data but also furnish authentication. India's new IT Bill has provision for Digital signatures.
• Smart cards: one-time passwords tools
• Store valuable, long-term data OFF LINE! It's simple, cheap, and very effective. [Keep your new design for the next generation photon drive for space vehicles (!) on a non-overwrite disk, in a Bank Vault]!
• Surge Protectors (spike busters) to save your equipment from violent voltage surges in telephone lines.