In today’s digital world, IT network protection is a very important issue, given the number and diversity of attacks that occur on a daily basis. Both large and small companies are equally vulnerable to hacking attacks, which can seriously jeopardize their business, causing unavailability of services, loss of data and financial damage…
Bearing in mind the seriousness of the consequences of malicious attacks on businesses, it is extremely important to ensure the protection of each segment of the infrastructure, while planning the protection of company resources with a comprehensive approach. In order to achieve this, one should bear in mind the few most common levels where additional protection is required.
The first level of protection makes a secure firewall, set up at the entrance point of the internal network and data center. Its role is basic traffic filtering. Also, it’s a good idea to have an upgrade in the form of a new generation firewall (NGFW), which offers much greater functionality than traditional systems. It can be used to filter user traffic at the URL or application level, thus creating the ability to block applications that fall into the category of potentially malicious, such as, for example, Tor or Torrent. Many NGFW solutions also support advanced anti-malware protection, stopping the distribution of a malicious file at the network level. The traditional packet filtering method at the TCP or UDP ports level has been replaced by the DPI Inspection (Deep Packet Inspection). DPI method also checks the header of the package and its content, which can carry harmful information too.
One of the most common methods that attackers can use to distribute malware is e-mail. Malware can be delivered in various forms, such as attachment, hyperlink, macro inside a document, and so on. By using various techniques, an attacker can make the e-mail itself legitimate, which is why a large number of end users opens the content of the mail. Some of the possible techniques are e-mail spoofing, domain shadowing, using homoglyph (similar characters with different values). E-mail can also be used as a means of collecting additional information from employees using the phishing method or for scanning potential spam victims with “directory harvest” attack. The company needs to filter malicious mail before reaching end users and thus introduce an additional level of protection.
In order to achieve the maximum level of security, prior to the SMTP server itself, a device should be installed that will filter all e-mail that enters or exits the server. This device does not only perform an antispam role, as it is usually assumed, but it examines e-mail at several different levels and makes a decision about its correctness. The first step in the e-mail inspection is to check its reputation using the Threat Intelligence database, which the vendor regularly updates. At this step, most malicious messages are detected and discarded. Then follow the antivirus and antispam inspections, after which the decision on the correctness of the e-mail is made. Such a device should give the administrator the ability to define his own policies and filters. Some of the parameters that can be used to create the filters are: message size, attachment type, subject content, message or attachment body . If e-mail meets filter-policies, different actions can be applied to it. Mail can be placed in quarantine, attachment can be removed, tag or string inserted into subject can be rejected or delivered. When it comes to outgoing mail, in addition to basic antivirus and antispam check, DLP (Data loss prevention) inspection can also be defined, ensuring that employees will not be able to pass strictly confidential information outside the company.
It is commonly believed that the only protection that needs to be applied on the user’s endpoint device is the antivirus. Due to the nature of the attacks itself, this protection is often not sufficient, as it is as good as its database of known viruses. In addition, malware protection is not the only thing to think about when it comes to workstation safety.
In companies where it is allowed to take out laptop workstations out the company, they should keep in mind that such devices are not always under company network protection. In such cases, the most practical is use of VPN client, which is automatically connected to a VPN, when it detects that the workstation is out of trusted network. In this way, it is enforced that all internet traffic of the employee always passes through security devices, such as a firewall or IPS, which increases its security outside of the company. Also, such workstations are exposed to the dangers of being stolen, so the encryption of disks can provide security of data on them.
In some companies, it happens that employees, knowingly or unconsciously, share confidential information with unauthorized persons. In such cases, it is important that there is a DLP protection mechanism, which, based on file categories, will be able to define policies and allow their exchange only between certain user groups. This solution will detect file exchange via mail, USB, IM, File Share and other methods, and prevent unauthorized data transmission, while providing communication visibility.
How can ITAF help you?
If you need help with protecting your business and your brand, contact ITAF. Our experienced security experts can help you with installing and maintaining some of the most effective protection against any security risks, training your employees and helping to defend your business from the lasting effects of hacking attacks.