Business Security Information

Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF).  If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.  This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks.  Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service.  In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised.  Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary.

When you look at the desktops, laptops and other devices in your business, do you realize the number and variety of software applications running on these devices?  Applications include Adobe Reader, Adobe Flash, Microsoft Office, off-the-shelf accounting software, and other similar types of applications.  Beyond these normal applications found on most computers, custom applications may also be used in your business such as credit card processing, accounting or other business-oriented software applications.  Most business owners and managers do not realize the number and variety of applications running on the computers they use.  Studies have shown that businesses spend most of their security efforts updating and securing the computer’s operating systems and not the software applications.

I have written numerous articles covering the different elements and aspects of security, but one issue I have never touched on is the importance of having quality information to make good security decisions for your business.  Quality or complete information is key to any business decision including security issues, but most businesses fail to track security incidents or issues at their company.  I have worked with a lot of small and medium-sized businesses over the years, and I have not run into one yet who does.

It seems like almost every book or article I read defines computer security a little differently.  Often the terms computer security, information security, network security, information system security and information assurance are used interchangeably even though each of these terms covers a slightly different portion of security.  I feel that computer security is the overall general term used to indicate the protection of a company or organizations data, network and computer systems.  The other terms  (information security, network security, information system security, etc.) fall under the main heading of computer security.

A rootkit is a collection of software programs that contain a variety of tools and allow an attacker root or administrative level access to a computer or network.  Attackers install rootkits usually after having obtained basic user level access to a system, then gaining higher access to the account by using a cracked password or through some other vulnerability on the system which allows them to install software on the system.  Once a rootkit is installed, it allows the attacker to bypass security measures and hide the intrusion.  Rootkits do this by replacing normal operating system components or altering existing system tools or software so as to escape detection.

In the computer security field, a backdoor is basically a computer program that gives an attacker easy access to a computer system and bypasses security measures that are currently in place.  Computer programmers sometimes install backdoors in the programs they write, but they use the backdoor  to access the program for the purpose of troubleshooting the software.  For this definition, we will limit our discussion to backdoor programs that attackers use.  Backdoors, whether used as a troubleshooting tool or as a means of gaining undetected access to a computer system, are a security risk.

Just when you thought it was safe to use wireless, along comes a new attack on wireless encryption.  WEP (Wired Equivalent Privacy), the oldest form of wireless encryption,  has not been safe to use for quite some time, and I would recommend you use one of the other wireless encryption methods mentioned in this article if you are still using WEP.  The information or data that you send or receive on your wireless connection can easily be captured and read by others if you don’t encrypt that traffic.  This article will help you make necessary changes to your wireless network.

In the security arena, an exploit means a program, procedure, or a technique used to take advantage of a security vulnerability or hole in a computer program or application.  Basically, it is a form of attack against a computer system which takes advantage of known weaknesses.

A special type of exploit called a Zero-Day Exploit is an attack method that takes advantage of an unknown weakness or a vulnerability that has just been announced before a patch for the weakness has been developed or distributed to users of the software program or application.

In securing your computer network, you have probably thought about servers, desktops and laptops, but what about the other devices that you have on the network such as webcams, printers, network switches, routers, voice over IP phones, or NAS (network attached storage that can store 1 terabyte or more of information)?  All these devices recently were studied and tested by researchers at Stanford University, and out of the 21 devices they tested, not one was secure.  Because the devices were manufactured by sixteen different manufacturers, the security issue is not limited to one manufacturer.

When I first began my career in security, perimeter protection was the hot topic.  Physical security usually involved security fencing, razor wire, alarm sensors and, depending on what you were protecting, maybe even mobile patrols.  For computer security, this involved protecting the main entry point to your network with firewalls, intrusion detection and other software or hardware devices.  Today, with so many different entry points as well as interconnected networks, there is no set perimeter to protect.  There are exceptions to this, but think about VPN connections, extranet connections, supplier networks and others that you connect with or you allow to connect to your network.  Some networks have a variety of third party vendors providing or maintaining portions of the business network. Depending on the security setup of other networks that connect to you, your perimeter may include other entry points you really don’t know about or have control of.