Network security and the need to know

While network and Internet technologies offer many new growth and competitive opportunities for small and medium enterprises (SMBs) it is also a time when it raises the need to protect computer systems against threats. about security.

According to a survey conducted by the CSI Computer Security Institute in 2003, 78% of computers were attacked via the Internet (59% in 2000). Today, even the smallest businesses feel they need to carry out online business activities, and so many factors need to be ensured for this model.

However, according to Jim Browning, vice president and director of research at Gartner's SMB, most businesses do not properly recognize the importance of security, they often take them lightly while they should be priorities. top when conducting online activities.

If not properly protected, every part of the network becomes the target of attack by hackers, competitors, or even employees in the company. Although 40% of SMBs in 2005 performed more secure network management and Internet usage, according to Gartner statistics, more than half of them did not even know they were attacked by hackers.

The basic platform

Like many other types of crime, cyber threats and Internet resources come from small communities. Although as small as this factor is constantly growing because there are few sanctions that effectively restrain it, just an attack tool released online is immediately many computer systems become items. Attack targets through software vulnerabilities. The people behind these attacks could be hackers, software crackers or "insiders".

- Access control : Confirm identity and decide whether to allow access to the network or not. Authentication can be via password or other complex measures such as using biometric equipment (scanning fingerprints or faces).
- Firewall : A software or hardware solution that helps prevent attempts to penetrate from outside or only allow legitimate data to enter the network. Today, firewalls are very popular for enterprise networks.
- Identity management : User identity and current acceptance status, define and enforce access to system and network resources.
- Intrusion detection : The software's ability to analyze network activity, detect intrusion behaviors and send notifications to administrators.
- Preventing threats : It involves linking multiple security technologies (firewalls, detection / intrusion protection) and intelligent network services to reduce the impact of known or unknown threats.
- VPN (Virtual Private Network): Virtual private network allows computers to connect securely (securely) to enterprise networks via the Internet. Using a combination of hardware devices on enterprise networks and special software on remote computers that businesses can use VPN for satellite offices, headquarters away from the center and mobile devices of employee.
* Hackers (hackers): Most people are knowledgeable about security and the principles of operating the Internet and computers. In the past, hackers' intentions when breaking into computers were often non-profit colors, just to prove their skills or show off "achievements". Today, this goal has gradually vanished and instead there are bigger motives: money, personal hatred, politics . The concept and concept of hackers is also varied, however, it is possible divide hackers into 3 forms: white hat, black hat and gray hat.

Hackers "white hats" are often security experts, who for the general safety of the community in the fight against "black hat" hackers. "Gray hat" is a new phrase referring to "half-black and half-white" hackers (both right and wrong), factors that can change according to circumstances.

* Cracking the cracker (cracker): It is also very dangerous and causes great damage to businesses. The "favorite" jobs of this type of people are unlocking software, modifying Web pages, stealing credit card information, destroying data.

* Insider : It is the employee in the company who wants to obtain personal information of others to satisfy curiosity or serve other purposes.

The most common security threats are network attacks, psychological attacks (social engineering), viruses, worms and spyware. Complex cyberattacks with political or financial motives usually target only one specific company or computer system. The purpose is not outside the intention to modify the database, steal accounts or personal information, install reconnaissance programs to allow intruders to initiate attacks from the system itself. victim calculation.

Network attacks have three basic methods:

* Reconnaissance attack: A method of attacking information to launch a real attack later on the network.

* Access attacks: A method of taking advantage of the weaknesses of the network (usually a bug or security hole).

* Denial of service attack: This is the most powerful attack method by sending a large number of information queries to the server, causing overloading, making the computer impossible (or difficult to ) access from outside.

System administrators need to properly assess the level of attacks so that they can take reasonable measures to combat and protect them.

-Virus : A program that can search for other programs on the network device and infect them by copying into it a version of the virus. When these programs are executed, the attached virus is also activated to begin the next infection cycle. Unlike worms, viruses cannot infect computers without some help (user interaction).

- Depth : The program can spread and infect itself over the Internet at a very fast speed.

- Trojan Horse : Retrieved from an idiom, this is the term for a malicious program hidden in a certain cover (such as a game program), helping the mastermind have Can issue remote control commands.

"Social engineering" methods are often used to steal sensitive business information.This is the least powerful attack method as it is very effective in many cases.Sometimes an attacker can get what he wants, such as asking for password information to upgrade the system from technical support.

Viruses, Trojans, worms and other threats can work together to create a big risk to the safety of a business. These threats often strike a predetermined target, surf the Internet and look for vulnerabilities in the victim's computer system to invade. Viruses and Trojans often require new user interaction to be infected, while computer worms do not need to; they are able to spread via e-mail to infect "less secure" computer systems in just a few hours, or even minutes. According to PestPartrol software security firm, the number of security threats has increased from 27,000 (2000) to 60,500 in 2003.

* Solution

In order to minimize the damage from attacks that take advantage of security holes, businesses need to seriously implement the detection process -> thoroughly resolve or prevent the vulnerability. Often the first step is to draft a security policy and inform the employees in the company. This policy should clearly define the rights and obligations of each person in contact with enterprise technical resources.

Once there is a clear policy and regulation, the next step is to combine service measures to minimize or even eliminate many of the current security "headaches". These measures may include technical implementation to detect and prevent abuse and vandalism; train staff and apply thoroughly and smoothly the security policy set out.

* Impact

Internet security can directly affect the revenue and business situation of the business. A 2003 survey by CSI and the FBI Computer Intrusion Prevention Team showed that among 75% of businesses surveyed, they felt that they suffered financial losses from security incidents; 47% of enterprises said that they could accurately assess security losses; and 23% reported a loss of about 10 million USD per year due to assault acts.

Another damage is very difficult to evaluate but extremely important for SMB, which is the period of system malfunction (downtime) and product damage due to slow response to security incidents. In many cases, businesses must temporarily remove important servers, desktop systems and chains related to security incidents. While facing potential damages, many small businesses have not focused on this risk.

* Some work to do

Threatening security and deploying technology to minimize them is always closely related. For successful security requires a step-by-step approach and a thorough processing process:

- Conduct periodic reviews of security policies
- Deploy security technology to provide secure connections, prevent threats, and manage identification and evaluation . at reasonable times and parts.
- Repair and protect endpoints, servers and desktops from identified or unidentified threats. Be aware that there is in fact no single security technology that is perfect, but need to incorporate a variety of different measures and technologies.

There are many basic security steps that do not require much money or effort. SMB can perform simple and easy steps to improve the security environment of your business. SMB may be a small target but not so they are less likely to be attacked, whereas businesses of this type need to protect themselves against risks by implementing preventive, common and easy-to-deploy activities. .

There's more.