In this day and age – it is perhaps a little more difficult than in the past to “know your enemy”. However many organizations also ignore the “know yourself” adage. A well-executed Security Assessment can help your organization to “know itself”.
We employ an “out of the box” approach that assumes that your enemy does not follow “standard practices” whilst attempting to compromise your network.
Then, using penetration testing, application security assessments and social engineering, we can help you to find the “weakest link”.
We will then provide you with an in-depth report on our findings.
Following that we can help you to develop an effective security management plan, including remedial actions, and preventative measures.
ASK US ABOUT OUR NO LIMITS HACK GUARANTEE!
A simple comparison of IT Security Risks...
Securing your network/data against unauthorized access is much like securing your home against intruders. There are obvious points of entry (such as your front door, back door and windows), and there are sometimes non-obvious points of entry (like that small window/vent that goes into the basement or crawl space) These out-of-sight, out-of-mind points may have been secure at one point, but then for one reason or another become unsecured. Who of us doesn’t check to make sure that all doors/windows are locked before we leave the house? We do this because someone may have opened a window and not closed it all the way, or a garage door that is always locked may have been left unlocked by the last person who used it.
Now let’s add another factor to the equation: keys. Keys represent authorized entry to the house. You would assume that whoever has a key to your house has it because they have been given one by you or your family. But what often happens? Keys are left under the doormat or in a “safe” place that is convenient for multiple users. If your house is not brand new, chances are someone who lived in it in the past still has a key. Perhaps someone in the family “lost” a key. Now add the fact that most brands of locks only have so many different keys, and there are also master keys available that open most locks. If that isn’t enough, locks can usually be picked in a relatively short time by someone who has the tools and the know-how.
If someone wants to get into your house badly enough, you can’t stop them. They can use a brute force attack: an axe on the door, a rock through a window, or a chainsaw through the wall. If that person is frustrated by their attempts to get into your house, and they have something against you, they can just burn it down.Now all of that might sound a bit excessive, but it happens all of the time. You may be thinking: “I have never had any of that happen to me”. Statistically speaking, most people will never experience someone breaking into or trying to break into their house unless they live in certain neighborhoods, or if they are known to have very valuable goods inside.
How does all of this apply to your network? Each of the types of attack mentioned have corresponding attacks in the IT world.
Is Complicated by
|Doors, Windows||Access points such as Desktops, Laptops, Servers, Routers (wired and wireless), Modems||Windows PCs have 65,535 TCP ports and 65,535 UDP ports which can be used and locked for use by various applications|
|Locks, Alarm Systems||Network protection (such as firewalls), access protection||Software conflicts|
|Keys||Authorized access (such as usernames and passwords)|
|Lost or “Hidden” Keys||User accounts that have been compromised, passwords that are overly simple or hidden in an accessible location (i.e. under the keyboard or mousepad)|
|Pre-Owned Keys||User accounts that have not been properly de-activated after an employee leaves the company||Especially dangerous are old administrator accounts that have not been deleted because certain services require the account to run (such as backups)|
|Master Key||Administrator accounts and passwords|
|Lock Picks||Available tools for gaining unauthorized access without alerting the owner|
|Forced Entry||Brute force attacks that can overwhelm a system and allow exploits||On computers and networks, forced entry is not always obvious the way physical forced entry is on your home|
|Burning Down the House||Attacks that compromise data, wipe drive, etc.||Uneducated users who employ unsafe mail and/or internet practices|
|Valuables||Your data, ERP systems, reports, credit card information, etc.||Certain regulations govern the way your data is handled. For example, HIPAA, SOX, Canadian Privacy Act, ICFR, and ISO/IEC 27000x *|
With all of these variables to take into consideration two questions arise:
Question: If there are so many factors to take into consideration in truly securing a network, maybe we should just do the best we can and be content with that?
Answer: What would you do if your network was compromised and you lost some or all of your data? The fact is, according to global data, some 80% of businesses fail within 18 months of a major data loss/interruption incident.
Question: To what extent should we go to protect the integrity of our network/data?
Answer: How valuable is your business to you? To illustrate: If you wanted to protect a physical item of great value, you might place it in a secured building with a large wall around it and armed guards with guard dogs. Entry/exit might be severely limited and controlled, with the item being under continuous surveillance. The greater the value of the item, the more steps are taken to protect and secure it. Additionally, you would likely take out some kind of insurance against loss. With that in mind then, the amount of time and money you spend on data protection, integrity, and insurance should be proportional to its value to you. Some businesses can lose thousands, tens of thousands, or even hundreds of thousands an hour during network down-time; and, if the down-time is long enough, that can lead to the business having to close its doors.
So, how should you proceed?
- Hire a company to analyze your company’s security. Even though your IT department may be doing an excellent job, there are almost always weaknesses that need to be addressed.
- Act on the recommendations you receive, and lock down your network to the best of your ability. Make sure that all of the management and employees buy into the lock-down.
- Protect the integrity/continuity of your data by storing back-ups off-site.
- Actively monitor your network for intrusion attempts.
- Periodically have your network re-assessed by an outside group to make sure that it has remained secure.
With the down-turn in business and economy globally, you may be tempted to consider this an unnecessary expense; but in reality the opposite is true. A down-turn in the economy makes it vital to protect your main business asset: your data. Otherwise, an unexpected loss of data might just mean the loss of your business edge, or even your business.