'Tis the Season for Hacking

Michael Vizard

This is the time of year when thoughts turn to staying home with the family, so IT organizations go with skeletal crews as employees take time off. But while the IT staff is at home getting some well-deserved rest and relaxation, this could be the prime time for hacking.


At least that's what a survey by Tufin Technologies predicted last August when the company surveyed 79 hackers during the Defcon 17 event in Las Vegas. Eighty-one percent of them viewed the holiday season as an ideal time to hack corporate systems. After all, the hacker is probably at home, too, enjoying the holiday. So why not engage in his favorite pastime?


Alas, this means no rest for the weary IT staff that has to support and defend those systems. Perhaps most interestingly, 96 percent of the hackers said it doesn't matter how much companies spend on security if there is no one around to watch over and configure firewalls, which because of the complexity of managing security today are likely configured poorly. Unfortunately, firewall management is an ongoing challenge for most IT organizations.

 

In the meantime, the folks at Tufin advise IT organizations to:

 

  1. Always test the firewall before holidays. Review and remove any unnecessary rules and objects, as many of the firewalls tend to offer functionality that is not being used or intended. A test of the gateway and the firewall will reveal the services in use, which can then be reviewed and removed as required.
  2. Restrict firewall services to authorized IP addresses. Restricting services offered to only authorized address ranges effectively hides their presence to the Internet, while at the same time still enabling the service to be used by intended users.
  3. Apply latest relevant patches and workarounds. Attackers often are able to profile the firewall and VPN location and type based on the default ports in use. It is a high priority to keep a disciplined approach to patch updates.
  4. Enforce session logging and alerting to detect attacks. Log and alert any and all failed port scans or attempted connections to VPN and firewall management ports. This will help you to detect potential hacker attacks and to take preventative action.
  5. Spring clean firewall policy. If any default ports are detected, organize a spring clean of the firewall policy configuration to ensure there are no hidden errors resulting from a default installation.
  6. Set a limit on the number of failed authentication attempts. Lock out an account and raise an alert flag after a set number of failed authentication attempts.


Other useful tips from Tufin can be found here, and IT Business Edge has brought on Sue Marquette Poremba to cover security issues on a daily basis. But most importantly, no matter how good you're feeling, Tufin reminds folks that contrary to popular misconception, this is not the season of goodwill to ALL men, so don't leave the back door open for anybody.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.