Right from the first well-publicized international security incident on ARPANET in 1986, there has been a rapid evolution in the requirements of network security. In a previous post, we had discussed about what threats are and how they can take a toll on your organization’s IT security. Now, let’s look at external threats specifically. Majority of the threats tend to be external, which comprises all possible external sources that try to gain unauthorized access to your organization networks using the Internet or any other networks.
The most common attack is the Denial of Service (DoS) attack. Let us consider a scenario where your network may be flooded with large volumes of access requests. It may result in your network being unable to respond to the legitimate ones. The DoS attacks mostly use a technique called buffer overflow by which web servers are overloaded causing a denial of service attack.
It may further result in:
- Slow network performance
- Non-availability of a particular website
- Inability to access any website
In the current scenario, external threats have morphed from network level threats like intrusions and DoS attacks into much more sophisticated content-based threats. Let us look at some of these:
- Malware: It is a code or software that is specifically designed to damage, disrupt and inflict some illegitimate action on data, hosts, or networks. Viruses, worms, Trojans, and spyware fall into this category. They may come in the form of attractive packages that appear to be from legitimate websites but may end up stealing sensitive information.
- Hacking: It’s all about exploiting the vulnerabilities in your network. Application-specific hacks, in particular, are becoming more threatening than ever. They use advanced SQL injection which forces database yield otherwise secure information by causing it to confuse classified data such as passwords or blueprints, with information that is for public consumption such as product details or contacts. You may want to be hawk-eyed on your application event logs.
- Spam: All unwanted online communications belong to this category. There are two main types of spam viz.:
Usenet spam is mostly targeted at people who read newsgroups, where normally the readers don’t tend to give away their personal and contact information. They also have the ability to disrupt the system administrators in managing the topics or content they accept.
Email spam is targeted mostly at individual users with email messages in large numbers.
- Phishing Attempts: These are about all possible fraudulent attempts to breach into your system and access data. BFSI is the most targeted sector, especially banking customers. The customers tend to get emails apparently from the bank requesting passwords or other log-on data. Also, with sophisticated phishing techniques, users can also be directed to deceptively real, but fake and counterfeit banking websites to share confidential information.
With ever-increasing sources and targets of external threats, you need to have more sophisticated levels of intelligence to identify, analyze, and defend your IT infrastructure. It is advisable to group your network security audit into three layers:
- Level 1: Scan the IT systems for suspicious activities by using intrusion prevention technology.
- Level 2: Integrate your IT security defense with compliance management.
- Level 3: Be equipped to execute real-time active responses to mitigate security threats as they are encountered.
Watch out for more coming your way.