Is your ICT infrastructure secure?
In today’s modern business world, it is impossible for a company to operate without information and communication technology (ICT) based on a computerized system. Whether computer systems are used to create business content (offers, reports, and materials) or to analyze data and run databases, all of these systems have one key purpose, to facilitate day-to-day business operations and to provide the fastest access to the required information.
The Internet and the Internet connection, although they are a kind of everyday life, hide a number of dangers. Computer networks on the Internet, although designed to help and improve performance, can be used as tools for a business hacking attack.
Unfortunately, the dangers of the Internet lurk from many sides. In addition to the risk of becoming a victim of one of the active classic computer viruses, crypto-viruses are especially dangerous, which are popular lately and are used for direct blackmail and extortion of money from victims. Computer systems, on the other hand, are far from perfect, and software flaws are discovered on a daily basis. Such vulnerabilities, if not remedied quickly, can be used to break into and compromise the computer system.
The scariest thing is that if a malicious hacker manages to break into the system, it can take weeks if not months until the entry is discovered and subsequently dealt with, but in that period the hacker can do a lot of damage. Most often the damage is in the form of data theft and/or modification.
What does the anatomy of a computer (hacker) attack look like?
As a start, the hacker will try to gain basic access to the computer system, this is usually done by analyzing the users (Recon), stealing the identity of an existing user (Initial compromise), and gaining user privileges (establish foothold). In this phase which lasts from a few days to a few weeks, the hacker acquires basic access to the computer system.
In the next stage which can last for weeks or even months, the hacker, using the already existing internal presence, will try to escalate his privileges or take over the identity of the system administrator (loop escalate privileges, Internal recon, lateral movement, maintain a presence).
In the last phase, when the hacker has already acquired the administrator privileges of the system, it will go into an active attack phase, during which the data will be copied, changed or access to it will be denied (with a request for redemption).
In other cases, the hacker can try to disable the system, usually by sending too many requests to it, which will overload the system and it may stop working. This is a so-called Denial of Service (DoS) attack.
For these reasons, it is quite realistic to ask, “Is my computer system secure?” Or perhaps even more, “How secure is my ICT system?” and most of all, “How can I protect myself?”The answer to this question is not easy, but basically, the protection against threats and dangers for computer systems can be divided into three segments:
• Education of users
• Active / Reactive protection
• Proactive protection
In the segment of user education, it is important that users learn how to recognize everyday threats and dangers and bypass or eliminate them. This is crucial to reducing the chances of hackers gaining initial user privileges by exploiting the user. In this way, potential attacks can be prevented early.
These are specialized training that aims to raise the awareness of the users about the dangers and to teach the users how to easily recognize such attempts. In terms of active or reactive protection, there are a number of solutions on the market that aim to prevent the already known types of attacks. Solutions in this segment include anti-virus software, network security equipment (Firewall), anti-spam filters, and similar. All of these products operate on the basis of predefined software matrices or types. Therefore, they belong to the segment of active or reactive protection. Specifically, it is necessary for someone to be attacked by a virus or malicious code, for the same code to be entered in the virus catalog and in the future to be recognized as malicious code or virus. For these reasons, the anti-virus definitions of anti-virus software need to be updated regularly.
The proactive protection segment is the least known type of protection, although it is probably the most important way we can check if ICT systems are really secure.
It is a well-intentioned simulation of a hacker attack, carried out on an ICT system, application, computer network or website, in order to detect potential vulnerabilities in software and vulnerabilities of the system before they are detected and/or exploited by malicious hackers.
This process called Ethical Hacking is an independent evaluation of the security of a particular ICT system.
Finally, in answer to the question “How to protect ourselves?”, The only correct answer is a combination of all three segments. Users should be educated about the possible threats and dangers of online operations; Systems should be provided with anti-virus software and firewalls and most of all the whole system should be thoroughly controlled by ethical hackers to verify that all components of the security system are properly configured and perform their function.
Insoft Services is a provider of ICT services and education for users and IT experts.