A Five-Step Plan to Help You Stay Ahead of Computer Security Attacks, Risks, and Threats, Part One

Feb 28
18:13

2007

Etienne A. Gibbs

Etienne A. Gibbs

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

I have put together five steps that you can take under consideration when evaluating your home or business computer systems. These steps will be presented in five parts.

mediaimage

The University of Georgia network security system fight off 80,000 to 90,000 potential attacks daily. At the Bank of New York,A Five-Step Plan to Help You Stay Ahead of Computer Security Attacks, Risks, and Threats, Part One Articles sensors catch millions of security "events" in a month and "we don't even treat the scripts that run out there or worms flowing across the Internet at any point in time as an incident because they are not entering the network," notes Eric Guerrino, the bank's head of information security.With all the threats floating around in the cyberjungle, how do you sniff out a serious Information Technology security breach? The best defense requires a mix of technology muscle and human interpretive skills. Detection systems are essential tools, but it's up to professionals to make some informed distinctions.

I have put together five steps that you can take under consideration when evaluating your home or business computer systems. These steps will be presented in five parts. Now, let's begin:

Step No. 1: Let the Bells and Whistles Alert You about the Initial Attack

The Bank of New York's incident-response team sizes up threats based on some critical calculations: the probability of imminent attack, the probability that an attack will succeed once attempted and the potential damage of the attack if it proves successful; the location of the potential targets, the host operating systems and their associated vulnerability to the attack; and the sensitivity of the data residing on affected devices.What gives an organization the best chance to safeguard itself? The critical elements include multiple levels of traditional and emerging security monitoring tools; an analysis system capable of crunching copious amounts of event data; and the ability to process observations from employees and customers. Firewalls and intrusion-detection systems are the old reliables of detection technology. Standing at the intersection of internal networks and the public Internet, firewalls are the established first barrier to external attacks. Intrusion-detection systems, which joined the security force in the late 1990s, monitor networks for suspicious activity. Intrusion-prevention systems go a step further, monitoring traffic and then initiating an automated response, such as dropping a particular packet of data. Old-school intrusion-detection systems identify threats based on the signatures of known attacks. But some new threats are too nimble for that: So-called "zero-day" attacks occur at the same time a vulnerability is discovered, leaving no time for the creation and distribution of signatures. To address this, security teams have supplemented signature-based systems with behavior-based detection technologies, which establish a baseline of normal network traffic. The systems then search for anomalous patterns, for example, traffic coming from a network at a time when no one should be using it, helpful in flagging previously unknown types of attacks.

In responding to zero-day exploits, their biggest concern, Bank of New York deploys hundreds of intrusion-detection and intrusion-prevention sensors that record events on a daily basis. Its intrusion-detection/prevention systems shield the bank from the vast majority of exploits, and only a fraction of the events warrant a security-breach investigation.

The University of Georgia also uses an intrusion-detection/prevention combination. The university operates a Security Operations Center that monitors its intrusion systems around the clock and also minds firewalls, virtual private networks and other security products.

Because cyberpredators and other cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.

These cybercriminals leave you with three choices:

  1. Do nothing and hope their attacks, risks, and threats don’t occur on your computer. 
  2. Do research and get training to protect yourself, your family, and your business.
  3. Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!

© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator

Categories: