Business Security Information

This summer, I helped a friend install a DVR (digital video recorder) for his business security camera system.  I also helped him configure the DVR and his network to allow remote viewing of the security cameras for him and a few key employees.  While helping him with this project, I realized how much physical security systems have changed over the past few years.  More and more of them are being manufactured with network capabilities with many of them being installed on the business network.

Since about 2002, most office copying machines have been equipped with hard drives. This is the digital revolution. The problem is that the office copier’s hard drives also store a copy of all documents that you copy. Also, since some office copiers also function as scanners, faxes and printers, copies of those documents are also kept by the copier. If a criminal steals the hard drive or copies a copier’s contents, a wealth of information related to your business, employees, and clients are at their finger tips, especially since most of the information is unencrypted.

Late last year it was announced by a couple of security researchers that cPanel was vulnerable to cross-site request forgery attacks (CSRF).  If you manage your business’ website, you know that cPanel is an administration interface that allows you to perform many tasks related to running a website.  This includes accessing website stats, email accounts, and log files, submitting tickets to the support desk, and a variety of other tasks.  Cross-site request forgery attacks allow attackers to exploit web-based services after the user has already logged into the web-based service.  In a cPanel attack, once you are logged in, you must be lured by the attacker to visit a malicious website that the attacker runs or has compromised.  Once you go to the malicious website, the attacker can execute unauthorized commands since you are already logged into cPanel, and no password would be necessary.

When you look at the desktops, laptops and other devices in your business, do you realize the number and variety of software applications running on these devices?  Applications include Adobe Reader, Adobe Flash, Microsoft Office, off-the-shelf accounting software, and other similar types of applications.  Beyond these normal applications found on most computers, custom applications may also be used in your business such as credit card processing, accounting or other business-oriented software applications.  Most business owners and managers do not realize the number and variety of applications running on the computers they use.  Studies have shown that businesses spend most of their security efforts updating and securing the computer’s operating systems and not the software applications.

I have written numerous articles covering the different elements and aspects of security, but one issue I have never touched on is the importance of having quality information to make good security decisions for your business.  Quality or complete information is key to any business decision including security issues, but most businesses fail to track security incidents or issues at their company.  I have worked with a lot of small and medium-sized businesses over the years, and I have not run into one yet who does.

It seems like almost every book or article I read defines computer security a little differently.  Often the terms computer security, information security, network security, information system security and information assurance are used interchangeably even though each of these terms covers a slightly different portion of security.  I feel that computer security is the overall general term used to indicate the protection of a company or organizations data, network and computer systems.  The other terms  (information security, network security, information system security, etc.) fall under the main heading of computer security.

A rootkit is a collection of software programs that contain a variety of tools and allow an attacker root or administrative level access to a computer or network.  Attackers install rootkits usually after having obtained basic user level access to a system, then gaining higher access to the account by using a cracked password or through some other vulnerability on the system which allows them to install software on the system.  Once a rootkit is installed, it allows the attacker to bypass security measures and hide the intrusion.  Rootkits do this by replacing normal operating system components or altering existing system tools or software so as to escape detection.

In the computer security field, a backdoor is basically a computer program that gives an attacker easy access to a computer system and bypasses security measures that are currently in place.  Computer programmers sometimes install backdoors in the programs they write, but they use the backdoor  to access the program for the purpose of troubleshooting the software.  For this definition, we will limit our discussion to backdoor programs that attackers use.  Backdoors, whether used as a troubleshooting tool or as a means of gaining undetected access to a computer system, are a security risk.

Just when you thought it was safe to use wireless, along comes a new attack on wireless encryption.  WEP (Wired Equivalent Privacy), the oldest form of wireless encryption,  has not been safe to use for quite some time, and I would recommend you use one of the other wireless encryption methods mentioned in this article if you are still using WEP.  The information or data that you send or receive on your wireless connection can easily be captured and read by others if you don’t encrypt that traffic.  This article will help you make necessary changes to your wireless network.

In the security arena, an exploit means a program, procedure, or a technique used to take advantage of a security vulnerability or hole in a computer program or application.  Basically, it is a form of attack against a computer system which takes advantage of known weaknesses.

A special type of exploit called a Zero-Day Exploit is an attack method that takes advantage of an unknown weakness or a vulnerability that has just been announced before a patch for the weakness has been developed or distributed to users of the software program or application.