Common holes in your Cyber Security Defense - What else you need to think about.

Did you know that there have been successful attempts to enter a secure building through a heating and cooling duct? Have you looked around your building lately to see what entry points a creative bad guy could use for entry?

In my last blog WIRELESS I discussed how wireless on your network can be a way in for our actors (bad guys). I am going to expand on that in this blog. There are many holes you may not even realize you have on your network so I will show you how some very simple every day things can put you at risk.

BYOD - (Bring your Own Disaster... ohhh I mean device) is a really hot topic and has been for a while. I think one of the biggest reasons is the constant struggle on how to regulate it much less control it. First, let me define what this is. Pretty much it is allowing equipment (cell phone, pad, laptop or anything else you can think of) to attach to your network wirelessly or wired which your business does not own. An example would be Mary doesn't like Windows very much for her publishing job you have her doing for your marketing. She asks if she can bring in her MAC to do publishing (makes sense to me) and you allow her to do this. She brings it in, hooks it up to the network and does her job with your network resources.

Probably a more common scenario is an employee with a phone that you let use your secure WIFI in order to pay his bills at lunch time, do a little surfing (because you put the proper filters for web sites in place... hint hint... wink wink..) and it is allowed to carry that data across the network to his phone because phone reception sucks in your building.

Could anything possibly go wrong in either of these two scenarios? NAH!!  Everything is peaches and cream. Nobody goes to a bogus site or clicks on a bad link. WRONG!!  The best way I describe this is kind of like a Trojan horse. You have a device that was possible infected BEFORE they started using your network. It is like sterilizing an area for a medical procedure only to have the doctor sneeze all over it once in the area. You get my drift.

Think about that router and firewall again. Like a moat and wall around a castle it is there protecting you. Someone sends you a gift of  a pretty horse that gets delivered INSIDE of the protection perimeter. Now you have an issue on how to contain or even stop it from spreading inside out. That is the danger of people bringing devices into your space. But that is just one thing to be aware.

I mentioned printers in my last blog but it is not just printers. It is any device attached to the network. It could be that fancy new scanner you just bought. It would even be that electronic picture frame. Maybe even the new fridge you just bought for the company break room but thought it was so cool that you could monitor it from the Internet so hooked it up to your network.

There is one that I am suddenly seeing more and more of. HVAC. That is right. Anything within the last few years are going to controls that are hooked up through the Internet. A very perfect and vivid example was Home Depot where the actors used credentials that the HVAC guys failed to changed to gain access and go where they needed to go. Every device that connects to your network is capable of being used as an entry point. What is worse is that it is on the inside of your defense. That isn't a good thing.

So once again I will stress. Policy and procedure. Know what is on your network and how it interacts. Did you password get changed from the default? Who knows the passwords and are they complex enough? When was the last time (if ever) you had a security professional just simply test for these holes? 

What are becoming obvious to hackers today for holes are things the common businesses owner has no clue are even a threat much less how to fix it. All of the way back to the bank analogy. It is like having that vault in a bank but there are all of these passages in that you dont even think about. When it comes to security you need to keep in mind what is connecting where. It is easier than you think for the bad guys when you leave those holes open. Think like the bad guy..

www.cyber-cs.com
mchristian@cyber-cs.com

Starting at the perimeter for Cyber Security

I believe the old saying goes " A chain is only as strong as a the weakest link". Same goes for perimeter security and it is a place to start talking about a structured and layered approach.

In my previous blog I described your data being like money in a bank. It should take many layers to get even close to it just like in a bank. If you are a bad guy trying to steal money in the middle of the night the first order of business is trying to get in the door or inside of the building. The same goes with data on a network.

I am going to pause for a second and put a disclaimer out there for you. In this blog I am only going to describe the technology side of security. Not the actual physical security. Physical security is as important but for the sake of simply staying focused we will talk on the technology side. Many businesses do not think about the physical security aspect of protecting data but in later blogs I will go through some of the things I have seen and experienced that will bring to light how important that aspect of security is. Still with me??

Think of the Internet as the world outside of the door of your business. So you have a door on your business. Right?  Same goes for your network. You have to put a door there so it is not wide open that any body can come on in. Take a look around at your data and financials. We are trying to avoid that. The harder it is for the bad guy to break down that door and get in the more of a fighting chance you will have.

So this door. The door will be a piece of equipment that you probably have heard of at some point called a router. What that router will do is let traffic in and out of your door or doors (I will talk about those doors in a minute) and direct traffic (emails, data etc) to where it needs to go. I will not go into the gory details of how that works but it is kind of cool what it can do.

Now a router is not just a router in most cases. A router has on it something called a firewall (the better ones at least). Picture our bank again. Now think of that bank of having thousands of doors on it that can either be made to just let people in, just let people out or to let them go in and out. On the router these are called ports. Here is a very important part. There are a few doors every bank has to have open just to make sure people can come in and go out (when you surf the Internet you have to go in and out of one of those ports). The rest of them should pretty much be locked, sealed and welded shut so someone doesn't get into your bank without you knowing. This is typically done when it is first set up. 

Even more important is every door has a master key (this would be the admin password for the router itself which can be used to change settings). That key is known to the world and anyone with the key can get in the door and do what they please. So what do we do if we know we have a common lock with a common key?  Change the lock and key!! I can not tell you how many times I go to visit a new client and simply test the original password (typically either admin, password or 123456.. I am not kidding!!) and bang!!  I am in their router and able to do any type of voodoo I do including opening doors they don't know about so I can get in later. I just described how a majority of hacks on routers happen. CHANGE THE DEFAULT PASSWORD!  

Sorry for yelling but this is one of the simplest and most effective ways to keep a common hacker out of your system and so many times it just is not done. Anyway.. That is kind of routers 101 so to speak. I do have one item to add. Spend a few hundred dollars on a router. Please!! I have replaced countless inexpensive routers because frankly they just are pretty easy to breach. I wont mention brands hear.  

I will mention several brands that I like to work with that really are solid. My favorite is probably Watchguard (http://watchguard.com/) . Excellent product! Very powerful if you need it but also does a fantastic job of updates on their systems and I just do not have problems with failures. Averageish cost is $500. You can add services such as a web filter, virus protection and Intrusion detection but that where you would have to have someone who knows his stuff to be running it. Other brands I have used are Cisco, Dell Sonicwall and Fortinet. There are many more out there but any of these work for a small business without killing you in price. All make routers that are $100K + so lets just say you have a wide range.

There is one more thing to be addressed. I have run into businesses that would not put a router on thinking they were safe. Their provider of their Internet plopped this black box in (cable modem), hooked up to their stuff and sure as shootin they had Internet. They never asked if there was a firewall on there. Some do have that firewall, some don't and some just are not very good though it has been getting better. Don't just trust that black box. Many providers will not even give you access to see what is going on in case one day you have trouble. Put your own equipment on.

So in closing the router is your first line of defense for your network. If you want to tighten up your security this would be the best place to start. Not the only place though! Many more layers to go through. Aren't you excited? Next I will touch on wireless which is an area many businesses are not understanding is a wide open door into their system.. Till then...