Although no network or system is 100% immune to an attack, an efficient and stable enough security system can help avert many exploitations.
While such an approach may seem a time-consuming and costly endeavor, the recent attack on Belgian telco Belgacom shows that well-established companies like the main affected of Belgacom, are not immune from attack. The attack forced the company to report the break-in to security authorities and shut down parts of the network. For technological guidance and options click here.
Security organizations need to remain continuously vigilant and adjust to new developments, of which there are a constantly growing number.
How to defend against attack
Research conducted by RSA (security researchers) indicates that there are ways to deflect attacks. Depending on the nature of the attack, the company will be put under a variety of conditions to detect and defend itself.
Use of internal intrusion prevention systems is therefore crucial, especially if they have been in place for some time.
Security systems are continually deployed to provide access control and account monitoring in the company, ensuring that employees are monitored if needed.
Powershell script could automatically capture a scan of the network for any malicious code, even though system operations can be handled by the standard scripting language.
If users are still performing commands, configure the scripts to block unwanted commands or alert if the system is taken over by an attacker.
Reactive injection of a variety of input containing checks to ensure that input could not be incorrectly interpreted, for example, a script that checks an input is valid if it contains an MS-DOS-style command which terminates the process.
Allowing invalid, local and network paths on the network.
The most common strategy to protect against such attacks are the use of application whitelisting and a control channel to prevent a hacker from gaining access to certain processes and computers, so you can protect your systems and data from data breach as you can get more information about this at https://www.fortinet.com/resources/cyberglossary/data-breach.
Whitelisting is the best way to combat attacks that exploit vulnerabilities in software that runs in a user’s browser, such as many commercial and open source browsers. Using a whitelist allows the browser to validate the user’s consent to complete the network access request.
Presto is one of the popular applications used in this manner, being used by Tor, OpenSSH and SSH clients and bridges to protect and restrict web activity.
Control channels are another option to mitigate against such attacks. They do not block traffic, but block it according to different criteria. For example, on some platforms, they block all access to a particular web page, while on others they block an entire domain.
Use the resources available to you wisely
Before a breach or attack on an infrastructure becomes a problem for your company, the important thing is to ensure that everyone is equipped and trained.
It may also help to define a security policy regarding the technical usage of the environment and the desired operational and security principles of the business.
Set up and deploy processes for screening employees, for example, using a system like ScreenOS to monitor the application installation process and access of the internet and email.
It’s therefore important that you find out what you’re actually doing on your network. How you set up your systems, the way you monitor network resources and employees, the behavior of employees and their access to systems these are all relevant factors that could indicate vulnerabilities to an attack.
Sometimes the answer is as simple as to see that a program has been installed and then verify it. Or, try using caution and ask employees to check their password through a screen or device.