Within the past few of months, two of our clients were encountering severe security breaches. In other words: They “got hacked”. Were they big multi-million dollar enterprises? No – they both were Vancouver based SMB’s with less than 100 employees. It is always amazing how little importance small and medium size ventures pay to network security. The most often heard question is…

Why Would Someone Want to Hack Into a Small Business Like Ours

For many reasons! First of all: It’s nothing personal! If you still think of “hackers” as guys in trench coats sitting dark rooms littered with pizza boxes, only lit by the glow of monitors: Think again. People are always amazed by the following demo: Take a freshly installed Windows machine with disabled firewall. Connect it to the internet and leave it alone for 30min. Now run a virus scan – whoa! That’s just 30 min. This is what your company network is facing every single day. So let’s face the fact:

Your Network is Under Attack

I am not trying to create panic. It’s a simple fact every sysadmin doing her job knows. Accept it! It’s real, and it’s probably happening right now. Go check!
 Almost all attacks you are facing are widespread, automated attacks against large portions of the network. To use a common analogy, you are not dealing with a criminal mastermind spending all night trying to break into your house, but rather with a small time crook using a whole bunch of generic keys bought on ebay, trying to get into each house on the street by trying each key in every lock.
Aside from viruses spread via email, password guessing attacks as well as the automatic exploit of security holes in the software installed on both server and clients accessible from the outside world are the most common forms of attacks. The good news is: Since the attacks are generic, they can be easily prevented, using common sense and widely available, mostly free tools.

What Are They After?

The question is still out there: Why would someone try to infiltrate your network in the first place? Spammers will try and get their hands on your address books – already verified (by you!) email addresses are worth real money! Also, they often times will install software on your machines which helps distribute SPAM emails. If you notice emails being sent from your network get frequently stuck in other spam filters, it’s probably because you got blacklisted as a source of spam. This is very difficult to reverse and can mean a severe hit to your company’s credibility. Not to mention a waste of your computing and network resources as well as person hours to clean the system.
Often times the successful attacker will also routinely scan your system for credit card numbers and passwords stored on your hard drive.
Another common usage of infiltrated systems are targeted attacks against other networks – so called distributed denial of service (DDOS) attacks. The intruder will install software on your (and thousands of other) machines that “sleep” until they receive a start signal, at which point they bring the target network to its knees by flooding it with too many requests. This so happened to amazon, ebay and many other of the big players.
Thing get embarrassing when client related information get exposed and the source tracked back to your company. Remember that you are responsible for taking “appropriate measures” to protect your client’s information. While you might be able to demonstrate this in front of the court of law, it will be much harder to regain your client’s trust.

Apply Common Sense

Use secure passwords! Amazing how often the “number one rule” gets violated! The most basic form of attack applies a dictionary and name lists to guess username and passwords. Networks allowing remote access – via web forms, shell or VPN – and username/password combinations like “paul/paul” are easy targets.

Maintain a firewall for your network and configure it conservatively – only allow access to really essential ports. Ideally, only allow access from trusted IP addresses. If the person responsible for your network can’t explain to you in easy words what a “port” is, you are in big trouble! Ask her – now!!!

Utilize Intrusion Detection Systems (IDS) such as OSSEC or SNORT. If this for some reason proves unfeasible, at least use easy to install tools the like of denyhosts.

Scan emails BEFORE they reach the client machine. For some reasons it seems almost impossible to prevent employees from opening unknown attachments (“Oh look – someone I don’t know sent me a postcard! Lets open it…”) – curiosity kills the cat. Virus scanning emails before they get delivered to the client is a vital element in combating SPAM and preventing virus infestations.

Educate your employees! Knowledge is the best defense. Trust me: The time and money it takes to raise awareness amongst your workforce is nothing compared to spendings on system recovery, damage analysis and control. Some of our clients hold their employees personally responsible for carelessly imposing security risks on their network.

Update all your machines on a regular basis – especially the operating system. Apply the latest security patches for every software installed on your machines.
Regularly virus scan all machines in your network, use up-to-date virus libraries.

Check your server logfiles regularly for suspicious activities.

Encrypt your data using strong encryption! Thus, even if your network gets breached, the intruder wont be able to access any vital data.