With attackers developing new strategies and attacks at a truly frightening pace, defenders need to develop new countermeasures even quicker if they are to prevent an attack or at the very least diminish the damage done during an attack.
Winners and Losers
Let's face it; there can be little doubt that both sides (the bad guys and the good guys) want to be on the winning side of the cyber security tug "o" war game. To complicate matters even more the speed at which the whole cybercrime and cyber attack situation evolves can at times become a bit overwhelming; even for the seasoned professional.
Fortunately there are a number of simple, easy to implement steps that you as an individual can take to reduce both your individual personal risk/threat impact levels as well as those of a large organization and everyone in between.
I will now present a number of simple but effective long standing “tried and true” strategies that have shown time and time again their capacity to reduce or mitigate your risk and your exposure to the most common attacks of today. Also note that reducing the impact and consequences of an attack; should it become a reality, and the measures and countermeasures available to you will be dealt with as well.
Realization and Understanding - Security Awareness
The first thing that we need to acknowledge is that there is always somebody (individuals and/or groups) out there looking to make a fast buck. Denial of this and you are destined to be perpetually on the losing side.
We also need to address such factors as “insider” or “insider” collaboration attacks, scams, social engineering, hacking, cracking, phishing etc. In addition; attacker motivations need to be determined, understood and recognized as this will allow us to construct more specific targeted responses and proactive countermeasures along with custom preventative initiatives.
Some of these motivations include: fraud, identity theft, malicious intent, revenge, financial greed, scams (e.g. Nigerian 419 attacks), extortion, thrill seeking and espionage etc.
Importantly however; most attacks are not perpetrated mindlessly and without any predefined purpose. The attacker always has some goal in mind when perpetrating the attack. This comes as no surprise when one considers the amount of effort that goes into the planning, design and implementation of many attacks.
When we understand what it is that the attacker hopes to achieve through the attack we can implement both reactive and proactive initiatives that will negate a particular type of attack. Using attack specific countermeasures means that the defenders will need to implement and maintain a considerable number of strategies in order to meet most threats head-on. Most current antivirus software is effective against considerable numbers of potential threats.
Password/Pass Phrase Policy
The development of a suitable password policy is always one of the first tasks that you should undertake whenever assessing, planning, implementing, administering, maintaining, documenting and updating your authentication methods and credentials. Passwords/pass phrase are no exception to this most basic of authentication rules.
- Policy Contents - Your password policy should outline and detail all requirements concerning and about passwords and their usage by yourself or within your organization. Consistency across the board is always one goal that a password policy should address.
- Policy Documentation and Enforcement - Thorough documentation and enforcement of your password/pass phrase policies are factors critical to the attainment of the goals and directives set forth in your password/ pass phrase policies.
- Assessment - Be a realist and assess your current password security procedures and status honestly. Do not let anyone else know the details of your self-assessment. The primary purpose of a password security assessment regime is to identify areas of weakness so that you can put them right.
- Logon Password Dialogue - Always reactivate the logon password dialogue if it has been disabled
- Logging, Accounting and Auditing - With logging turned on you will be able to identify such events as attempted, successful and unsuccessful system and network logon attempts. Here you can glean considerable information that may very well point to the presence of an intruder or even attempts by an insider attempting to access system and network resources for which they do not have the necessary account privileges.
- User Education - Through continual user education and updating it is possible to create an environment with a high level of user security awareness. This goes a long way toward the establishment of a security aware culture. The benefits of a security aware culture include a considerable reduction in exposure to potential attacker(s).
Users are less likely to become victims of phishing and social engineering attacks and so enhance an organization's overall resistance to these types of attacks. Remember that it is breaches of user security that is the most common means by which attackers gain authentication credentials including logon account names and password pairs.
