Read Part 1
It sounded like science fiction when we have first learned about the Ransomware. Cyber attackers swooping on computer network and lock the essential files encrypting them and demanded for a ransom that you had to pay in bitcoin – a currency that runs in the dark web. In the first part of this series of articles we also came to know how denial of service – an old tactic hackers use to jam the network – had been morphed into a new avatar. Your service is denied this time but in a new way. And you are being asked to pay a hefty ransom to get back your access to your essential files.
How can I save my SOUL?
The question is easy to be asked rather than to be answered. Cyber attackers always find a new way to play with your digital soul but you cannot just sit back and watch helplessly and surrender to their dirty tactics. You can maintain an austere approach and show controlled emotions of not clicking any link or downloading any application. In fact, this is considered as a good gesture to keep your soul out of harm’s way. Problem is, it’s really very difficult to adhere to this austere practice, always. You can suspect an unknown link but some links, especially those coming from friends, are not always falling under suspicion. Moreover, you have to download new applications to run your system. You have to get the update patches, upgrade your system.
Then What?
Well, let’s first understand the scenario – the difference between present and past needs of computer technology.
When computer technology wave first began to cause ripples people were unsure about how far that flutter could reach. How far it would go was beyond imagination at that time and, above all, the number of enthusiasts was very undersized. It was a closed community who could have been trusted and data were being shared fearlessly. You can’t compare that time with today’s widespread needs and pervasive hunger for data. The aspect of security has been added as an afterthought.
Today, as we know, the Internet actually consists of millions of networks and they are interconnected without any frontier. Can you imagine building an Internet-border between countries and issue web passports and visas to enter into other nation’s network?
No. That is not only unthinkable but also against the idea of Internet itself. It has made any organized or non-organized network accessible from any computer in the world and it’s also made it vulnerable to threats from any individual without any physical access to it.
Computer Security Institute (CSI) in a recent survey says, seventy percent of the organizations have been polled and they confirm that their network security defenses had been breached. In most cases, the insiders had made the system vulnerable by clicking outer links or downloading applications. And the percentage is whooping sixty!
It appears that every organization should teach their staff about the computer security first because it’s really difficult to assess exactly how many computers are connected now and how they become cause for other’s security breach.
Secure Network Design
In an inter-network there are many networks that consistently share data keeping them connected. The idea of secured areas has already been tested by using firewalls.
A firewall has at least three interfaces – inside, outside and DMZ (demilitarized zone). In such cases three networks are created. Inside is considered as the most trusted area of inter-network. It can be called as private network also. A department as accounting and human resources may belong to that area and being guarded by firewall. Sometimes it’s unavoidable to adopt a situation where a firewall can be configured to allow access from outside to the trusted site and thereby the seed of vulnerability begins to sprout. It always carries more risks to allow access from outside to inside rather than to DMZ. Demilitarized zone is basically meant for the outside users and it’s kept completely isolated. It permits data flow both way – from outside to DMZ and DMZ to outside not allowing them to enter inside. DMZ is also called bastion host and usually keep the operating system updated with patches given by the vendors.
Demilitarized zone is basically meant for the outside users and it’s kept completely isolated. It permits data flow both way – from outside to DMZ and DMZ to outside not allowing them to enter inside. DMZ is also called bastion host and usually keep the operating system updated with patches given by the vendors.
The Back-Stabber
Having network security arrangement in place properly could have stabbed you from your back if your front face, that is, web site had been hacked by someone making your company disreputable. From the intent of testing his hacking skill often young engineering students try to hack reputed organization’s web site just to show their prowess. Not bad intent, always. But the news of a hacked web site of a company often carry forward a wrong message to people who think that internal data have been compromised which is not the actual scene as your valuable data stay behind the guard of firewall. But to do that you need to keep many things in place.
First, you have to keep your authentication process tight maintaining OTP (one time password). Second, you need to encrypt your traffic that can prevent unwanted malicious users. Third – firewall system must be appropriate. Fourth – updating security patches and turning off machines which are not needed.
The fifth one is very important as it involves the insiders. If someone steals a hard drive containing valuable data your every effort melts down at one go. Physical security is another important aspect that has to be upheld in the strictest manner and remember that percent – sixty percent of data breach incidents take place with the help of the insiders.
What about amputation?
Like human limbs a computer can be just lopped off from the ICS network. This type of amputation or disconnection of a computer had been termed as air-gap security measures till some time when companies decided to backtrack from using it and now it significantly slows down except for few extreme situations. An air-gapped computer usually has no connection to the INTERNET or to any computer that has connection to the INTERNET.
For commercial houses, sustaining such sanctity remains almost impossible for many reasons. You can keep a computer out of reach but how can you keep it without running and that means human intervention is necessary. It needs security patches; it needs to be updated using software or there has to be file-exchange to store data. How can you avoid that? It makes the whole process exceedingly awkward.
Finally, it turns out to be a never ending battle between good and bad. There are claims from many companies or open source media about operating systems that can’t be hacked. Surely, there are more secure systems available in the market but “absolute security”?
It sounds like a dream!