The Information Security Team and the IT operations team must be aware of the Security Scams and the methods that may be used to attempt and effect the Breach. General methods deployed for the purpose are -
- Theft of Physical Equipment/s
- Social Engineering
- Phishing
- Hacking
- DoS, DDoS, Ping of Death, Syn Flood Attack
- Defacement of Website
- URL / IP redirects (also referred as Pharming, normally is man-in-middle attack)
- Malware implants (trojans, worms, viruses to capture keyboard inputs, sniff network activity etc)
To reduce the chance and to reduce the impact of any breach, it is always a good practice to identify the entry points to the corporate network and reduce them to the minimum. With minimized entry points the steps that must be taken to reduce the impact of any attempt or breach therein are -
- Firewall / IDS / IPS and System logs must be reviewed on a regular basis to identify any sign of security Breach or attempt therein
- Consider deployment of an effective event-correlation mechanism to help you in root cause analysis and establishing the entry point and the probable target system.
- Ensure that the Mobile Equipments are configured with Data Security and Protection measures like File / Hard Disk encryption
- Employee awareness must be maintained with regards to the procedures for reporting suspicious activities, system issues, mails etc
- Engage Interaction with external parties (Law Enforcement, Security Consultants, Industry Associations etc) to be informed about the porabable or possible Security Breach
The steps discussed above are just the preliminary steps and organizations need to do more than just guarding the gates / entry points.
I would discuss the road ahead in next post.
