Sony’s devastating security breach is not only a public relations nightmare and now, an identity-theft worry for its customers, but it’s also a reminder (yet again) of the vulnerability of computer networks.
Sony’s PlayStation network is comprised of networked servers housing massive amounts of data including valued customer data. The parts making up Sony’s network are not much different than the parts making up any other business’ network, except most business networks are on a smaller scale.
While Sony is not releasing a lot of detail as to how the breach was carried out or what security mechanisms it had in place that failed, there are some good lessons learned for any business no matter what the size about protecting network infrastructure and the data residing on those networks.
One of the key ways any company owner can protect themselves is to forget the notion of, “Why would anyone want to hack into my network?” Why? Because they can. Whether you run a business making chocolate candies or handle financials for thousands of clients, taking an offensive approach against hackers, network intruders, or script kiddies looking to make a name for themselves, is fundamental to protecting your business network.
It’s important to know that in the technology world, there is no such thing as 100 percent secure. You can lessen the chances of network or data compromise though, with a few tips:
Password Protection: Lots of users still aren’t practicing network security basics, which include smart password protection. Using hard-to-guess passwords with a combination of alphanumerics is a must. For those with larger business networks, resist the temptation to use the same passwords throughout your infrastructure. That means your servers, wireless routers, managed switches, and anything you need to authenticate should have different passwords. On the end-user side, enforce strong complexity policies. This is a feature that can be enabled in any Windows network. Users should be forced to change passwords at least every 30 days. For more, check out PCMag’s How To Create Strong Passwords.
Keep track of any device that connects to your network: The best way to recognize an intruder on your network is by recognizing those who doesn’t belong there. There is some great software out there from companies like Symantec, McAfee, and Sophos that will assist you in end-point security protection. Business end-point protection extends beyond having an antivirus solution on every machine in a network (although you need that, as well). Good end-point protection means a firewall that will help detect and keep out intruders, as well as network access control from companies like StillSecure, which will control what devices are allowed to access your network and exclude devices that aren’t allowed. If a breach could be devastating to your company, restrict end users from connecting home devices like iPads, smartphones, or USB drives to any company computer. This can be done by enforcing a company policy as well as by deploying end-point compliance security solutions.
Protect the network against DDoS attacks: This is a common and often successful way for even novice hackers to bring networks to a stand-still. Flooding a network with requests until that network can no longer respond and eventually chokes is known as a denial-of-service attack. Firewalls can help, but there are also anti-DDoS devices available. Companies such as IntruGuard make DDoS attack-thwarting appliances for businesses of all sizes. If you have your Web site hosted, ask the company hosting it what provisions they have in place for security threats, including DDoS attacks.
Learn the ABC’s of DLP: Data Leak Prevention, or DLP, is a crucial part of your business network’s security arsenal. DLP is software or devices that can aid in preventing data theft. It does so by allowing network administrators to lock out unauthorized users from USB and FireWire devices, prevent users from connecting PDAs or any other plug-and-play devices, and allow defining and controlling data retrieval policies. One example of a DLP solution is DeviceLock. TITUS also offers DLP solutions suitable for the small-business.
Lock down the Wireless LAN: A wireless network is a good conduit for a hacker to gain access to resources on a network. Use the filtering capabilities that come with just about any router today. That means taking the time to include any MAC address of any device that should have access to your WLAN into the MAC address filtering list in the router’s management console. This will give only the devices that you approve access to your WLAN. Strong password management and frequent changing of passwords can also help keep intruders out. Turn off remote router administration if possible and by all means use WPA2 Enterprise-level security for business wireless routers or RADIUS authentication. Don’t deploy routers in your business that do not have this level of security.
Be wary of free hosting sites: Many smaller businesses have a domain name, Web site, and email hosted by a company. Some companies offer free hosting, but you get what you pay for and many of these companies may not have the strongest security mechanisms in place to protect your data. Of course, some small hosting sites can perfectly suit smaller businesses that are not heavily data-dependent or do not conduct credit card transactions over the Internet. But for other businesses, such as an investment firm, opt for a paid hosting service, one that painstakingly details its security and remediation plans in case of any breaches.
Encrypt and use VPN: Whether you host your own site or have hosted Web services and email, you should use encryption. SSL encryption can be enabled on email, database, and Web servers. Sites like GoDaddy.com offer SSL certificates for purchase for an extra layer of security for transactions over the Internet. Also, consider using encryption VPN for employees who want to remotely access files on the company network. It’s harder to compromise an encrypted connection and is tighter security than some of the newer remote access cloud solutions.
Protect the Perimeter: Third-party application or appliance firewalls (separate from the default firewalls found in OSes and routers), Unified Threat Management devices, and Intrusion Detection/Protection systems (IDS/IPS) are all parts of a layered, comprehensive security solution. Purchase the best devices you can, as these technologies can help protect against DDoS attacks, snooping and other external threats. Zyxel offers UTM appliance for the SMB, as does eSoft. Juniper and Dell have partnered to deliver the J-SRX Services Gateway Series. Cisco and Juniper also offer many firewall and IPS/IDS solutions. Many SMB security devices are designed to be easily deployed without the need for dedicated IT support.
Hire a dedicated security expert: With cloud computing so pervasive now, many businesses do not need full-time, on-site IT staff. The one consultant you may want to consider retaining is a security expert. Have an IT security professional perform regular audits of your network’s security health. An expert can help to pinpoint holes, potential leaks and any other security weaknesses that could compromise your business.