Guarding the inner sanctum

As the sophistication of hacking tools increases in direct proportion to the decrease in the technical skill and knowledge required to operate them, professional firms with a presence on the internet are facing mounting risks. A successful hacker does not just compromise the firm’s data, staff records, accounting spreadsheets and business plans but, where clients’ files are exposed, can endanger the entire practice.

The importance of keeping confidential data secure is, arguably, appreciated by the legal profession more than most. However, while information technology advances have changed the face of law practice by allowing closer contact with clients and more efficient communication throughout the legal system, this has been accompanied by increased security risks.

Expert hackers are notoriously resourceful and network attacks can be as varied as the systems they attempt to penetrate. The nature of the internet means that computer hackers can share knowledge across borders and jurisdictions. A quick internet search on the words "hack," or "crack" turns up thousands of sites, many of which contain malicious code and instructions for use. The proliferation of easy-to-use operating systems has compounded the problem by reducing the ingenuity and knowledge required to cause serious damage. Numerous graphic-based hacking tools require only an IP (internet protocol) address or host name and a click of a mouse button to execute an attack.

Worms, such as Blaster and MyDoom, exploit known defects in operating systems, infecting many thousands of hosts around the world in an alarmingly short time. In March alone, rampant NetSky variants are estimated to have accounted for 60 per cent of all viruses reported, making them among the most prolific infections witnessed to date. A theory purported among anti-virus experts is that NetSky’s virulence was down to competition among its writers and that of the Bagle worm to see who could wreak most havoc.   

As increasing numbers of firms rely on a corporate network and the internet to carry out their day-to-day business, these worms can have a devastating impact on their reputation in the marketplace, not to mention their bottom line. It has been forecast that computer viruses will cost the global economy $35 billion this year alone.

So, what can be done to stop malicious intruders in their tracks and make careless users think twice before exposing themselves to attack?

Hackers and intelligent viruses will specifically target system weak spots where two separate security arrangements meet. Disgruntled employees, corporate spies, guests and untrained users are all potential areas of weakness. As a result, firms should continuously monitor the potential for attacks and regularly test the state of security infrastructures.

To achieve these objectives, a change of mindset towards internet security is required to embrace a more proactive approach. To counteract the threat, it is essential to look beyond protection from traditional anti-virus software and the “never-ending race against time” patch updates. This reactive approach results in always being caught on the hop. The cost of having to patch every machine within a firm can also be costly and time consuming. In addition, what use is security technology if it is only capable of telling you that you have been hacked? There is a need to adopt multi-layered security systems not only for detection and reaction, but also for protection and prevention.

It is possible to aggregate multiple security functionality, combining host intrusion protection, distributed firewall and malicious mobile code protection, as well as operating system integrity and audit logs all within a single package. Unlike traditional security technologies - which look for tell-tale signatures in the virus code - this analyses behaviour to provide robust protection and reduce operational costs. It also reveals who or what has tried to break into systems and how they have been handled.

By identifying and preventing malicious behaviour before it can do any damage, potential security risks to networks and applications can be removed. It is the equivalent to having security cameras in every room and a team of private detectives questioning every suspicious move - essential when attempting to prevent confidential information falling into the wrong hands.

When evaluating different types of security breach, it is important to understand some of the inherent limitations of IP, the basic language by which most computers communicate. The architects of the internet failed to anticipate that it would move beyond its original purpose of facilitating learning and research among various government entities and universities. Based on this assumption of limited appeal, strong security was not included as an integral part of the IP specification during its early days. As a result, most subsequent implementations of the protocol, including those used in the internet and corporate networks, have proven vulnerable to attack.

Although complementary technologies, such as SSL, have sprung up to augment IP’s lack of security by adding additional encryption to data in transit, technological deterrents need to be backed by the development of a formal security policy to regulate the unpredictable human element. Such a policy will detail rules which must be followed by individuals with access to an organisation's technology and information assets. It can be as simple as an acceptable procedure for network resources, or several hundred pages long, detailing every element of connectivity and associated policies. Either way, it should include items such as an authentication strategy, defining the levels of passwords required for each type of user, including corporate, remote, dial-in users and administrators.

There is no miracle cure where network security is concerned. It is inevitably an ongoing investment, both in terms of financial outlay and manpower. Currently, the threat of a security attack is being further heightened by the growth in the number of firms switching to broadband. Research by the Yankee Group estimates broadband users are five times more likely to be affected by a security attack. The DTI reckons around 44 per cent of UK businesses suffer one or more security breaches a year, a percentage set to rise in line with increased broadband uptake.

However, it is important not to lose sight of the fact that the risks incurred by conducting business online can be more than outweighed by the tremendous opportunities on offer. To get the maximum possible return from the internet, it is necessary to mitigate the danger of unwelcome guests by deploying a combination of the right tools management and policies, together with a commitment to adhere to procedures, from board and partner level down.  By doing this, it is possible to capitalise on the benefits of the internet, while minimising the risks from unwanted intrusion to a firm’s inner sanctum. 

Gordon Thomson is country manager for Cisco Systems Scotland.