The optimal method to assure your organization does not suffer due to a network attack is to prevent attacks from causing any damage. There are several ways to reduce the likelihood that attacks will impact your business, all with varying degrees of cost, difficulty, and effectiveness.
Firewall
A firewall is an absolute necessity for network security. Fortunately, it has become standard, and very few networks are without one. The firewall is your first line of defense against an attack. It provides a network layer that should be configured to block everything that is not explicitly allowed, both inbound and outbound. For example, if a personal computer does not need to be reached on the internet, the firewall is the tool that will block the access. Similarly, if a computer has no need to access the internet, the firewall is the tool that will block the access. Although a firewall is important, it is not sufficient alone. Additional tools are also required for a solid level of protection.
Cost to Install/Maintain: Low
Difficulty to Install/Operate: Low
Overall Effectiveness: Low
Ad Blocker
Malware is especially effective at compromising the security of network computers if the computer visits a malicious website. Phishing attacks attempt to get the victim to access the website by enticing them to click on a link or open an attachment in an email. Another method of causing a victim to access a malicious website is to provide the malicious code to a legitimate website in the form of an advertisement. Simply accessing the legitimate website results in the malicious advertisement running and installing malware. An ad blocker is a useful tool that protects the network computer by limiting access to malicious advertisements by blocking them.
Cost to Install/Maintain: Low
Difficulty to Install/Operate: Low
Overall Effectiveness: Medium
Patches
Patches are updates to the software that we use every day. Often, patches are created to correct errors in the program that are found, which may have the potential for allowing the installation of malware. When patches are released for your software, it is important to install them to eliminate the potential for weakness.
Cost to Install/Maintain: Medium
Difficulty to Install/Operate: Medium
Overall Effectiveness: High
DNS Filtering
The Domain Name System (DNS) is how internet domain and host names are translated into Internet Protocol (IP) addresses. In other words, DNS changes the web address name into a unique number that directs you to the site you wish to visit. DNS is sometimes thought of like the phone book for the internet. For example, if you are going to access Google.com, the computer does not know where Google.com is located on the web. This is similar to an old phone not understanding what it should do when it is used to call a specific person. Either the phone or the person using it needs to translate the name into a phone number to call. Much the same way, the computer asks a DNS server to translate “Google.com” to its IP address.
By default, DNS will answer with the IP address for both trusted and malicious websites alike. DNS Filtering provides the option to block websites that fall outside of certain specified criteria. Using DNS filtering prevents the computer from accessing potentially dangerous websites.
Cost to Install/Maintain: Medium
Difficulty to Install/Operate: Low
Overall Effectiveness: Medium
Cloud Based Backup
There are various reasons a hacker works to infiltrate a network. Often, the hacker’s purpose is to delete information for a specific reason, or simply to wreak havoc. If malware makes its way into an organization’s network, it provides the hacker with the ability to delete information. In the event that all other layers of defense fail, backups to the cloud provide a restore point for the deleted information. Backing up your network is exceptionally important and in the event of an attack, may be necessary to keep your company in business.
Cost to Install/Maintain: Medium
Difficulty to Install/Operate: Low
Overall Effectiveness: High
Website Whitelisting
Website Whitelisting is similar in nature to DNS Filtering. However, DNS Filtering is limited to general category-based blocking. The method is extreme, allowing only explicitly approved sites to be accessed. Using this method is extremely effective at blocking advertisements and phishing websites. It also protects the network from reaching phishing sites set up using similar web addresses to trusted websites. An example would be the site “paypall.com”. Whitelisting ensures that a slip of the finger on the keyboard will not subject your network to potential danger. It will also block other phishing websites including Command and Control server and websites that provide the encryption key to Crypto-Malware.
Cost to Install/Maintain: Medium
Difficulty to Install/Operate: High
Overall Effectiveness: Extremely High
Some Final Thoughts
For too long we have favored usability over security. I certainly agree that there must be a balance. However, in general, we have made the current network environment far too easy for the hackers to breach. It is time that we give serious thought to which specific websites are absolutely necessary for an organization to function. If an employee absolutely needs access to Facebook, we can choose to allow it. However, is it necessary for everyone in the organization to access YouTube for example? Furthermore, they certainly do not need access to a hacked WordPress site hosting the Zeus banking Trojan, or some site in Romania hosting Crypto-Malware encryption keys. The process to increase network protection will not be easy. However, protection efforts are worth the effort. They will help to keep your network incredibly secure and functional.