Hackers anonymous and ominous By Joel Rydbeck, Nubrek Inc.
n the merchant services industry, data security is essential. Due to regulations, such as the Payment Card Industry [PCI] Data Security Standard, many of the large processors and gateways have gone to great lengths and expense to ensure they are compliant. Data protection is the crux of this effort.
If PCI regulations don't apply to your business, you should still take action to help ensure data security. We can all take steps to dramatically decrease the chance that we will hemorrhage valuable information or resources to our competitors or unscrupulous third parties. Understanding how hackers can penetrate systems and extract data is foundational to protecting your assets.
(Let it be known, I am not a security auditor; if you have questions about your data security, speak with one.)
Hacking's many faces
For most people today, the word "hacker" has malicious connotations. We think of someone trying to access our computers to steal information and transfer money. However, the term also applies to individuals who alter or enhance technology to perform tasks beyond those it was originally designed to do. Many well-meaning computer experts fall into this category.
Some types of hacking can actually be beneficial. If you or your kids are avid video gamers, you have probably employed a few hacks yourself: everything from giving yourself extra lives to increased wealth or other special perks. Developers code these hacks into the games to spice things up a bit.
At home, I recently hacked a game console and turned it into an entertainment system on my family's network. It now readily blasts our iTunes music and plays our old Nintendo games.
Hackers also offer their services in locating computer system or network vulnerabilities. Many companies hire such hackers to try to breach their networks and thus find weak spots. This is an effort to make sure their sites are safe from unwelcome visitors whose sole purpose is to breach systems and steal information. As you can see, the term "hacker" is expansive.
The hacker's way
In this article, my focus is on the invasive side of hacking: intruders who gain access to your computer without your permission. Hackers aren't always individuals. They can also be programs designed to scan thousands of Internet-protocol (IP) addresses and machines to see if they can break in.
The first indicator that you might be an easy target is if you don't have a firewall installed between your server and the Internet.
Hackers with ill intent usually look for vulnerabilities in either your network or your employees. Many successful hacks have occurred when criminals have convinced innocent employees to divulge passwords over the phone. Hackers also often look for flaws in your network via your Internet connection or your wireless network.
Some clever hackers watch when you access your digital subscriber line or cable-modem connection and can determine your IP address. Once they enter your network, they'll typically look for a vulnerable machine to use as a relay to get further access.
The age-old expression "you're only as strong as your weakest link" certainly applies. Every device on your network, from wireless routers to the chief executive officer's laptop, needs to be capable of defending itself.
Once hackers gain access to your computer, they can extract any unprotected data it contains. Data that you believe is private may then be publicly shared with someone who most likely does not have your best interests in mind.
Under a hack attack?
Following are some of the many symptoms indicating a computer has been hacked. Keep in mind, these events can also occur because of faulty hardware or software. However, small changes in any of these areas should raise a warning flag:
- A system alarm or similar indication of breach from an intrusion detection tool
- Poor system performance or system crashes
- Exceptionally slow network activity
- Involuntary disconnection of authorized users from network service
- Unsuccessful log-on attempts
- Unusual or inaccurate usage times
- Unusual log entries, such as network connections to unfamiliar machines or services, or any other unusual network traffic
- New user accounts of unknown origin
- Port scanning, including use of exploit and vulnerability scanners, remote requests for information about systems and/or users, or social engineering attempts
- Unauthorized operation of a program or the presence of a packet sniffer capturing network traffic or usernames and passwords
- Unusual usage patterns, for example, programs being compiled in the account of a user who doesn't know how to program
- Questionable entries in system data, such as new files of unknown origin and function
- Suspicious accounting entries or accounting discrepancies
- Unexplained changes or attempt to change file sizes, checksums and date-time stamps, especially those related to system binaries or configuration files
- Any other unexplained addition, deletion or modification of data.
Some symptoms listed came from a restricted, intranet portion of the University of Tennessee's Web site.
Bushwhacking the hackers
Here are several key steps you can take to secure your business. These are by no means comprehensive but should help you get a good start on tightening security.
First, secure your assets:
- Run a network firewall to secure your network from the outside world - even if you're in an office building.
- Run the Microsoft Windows (or operating-system appropriate) firewall on each computer.
- If you're running a wireless network, use Wi-Fi protected access (WPA) encryption; rotate your WPA key once every few months.
- Physically secure access to your offices.
- Physically secure access to all files, e.g., put locks on file cabinets and account for all keys.
- Physically secure access to all backup drives. (Consider using a bank deposit box or off-site backup service.)
- Restrict user access to network files. Users should only have access to what they need.
Next, run a tight ship:
- Patch your systems once a month. (If you are using a Windows operating system, go to http://update.microsoft.com to access updates.)
- Run anti-virus and anti-spyware software scans once a month.
- Require password changes for all users every 90 days.
- Require secure passwords, for example, ensure that all passwords have at least one uppercase letter, one lowercase letter and a number.
- Password-protect all computers. Enable screensavers to automatically lock unattended computers and require a password before work can resume. Instruct all employees to activate screensavers when leaving their computers for a short time and to shut down their computers at the end of the day or shift.
- Instruct all employees never to give out passwords or access credentials, regardless of the circumstances.
- Restrict users from installing applications on their computers.
- Prohibit peer-to-peer file sharing applications, such as eDonkey, Kazaa and BitTorrent, on your network.
- Consider using a more secure browser such as Mozilla Firefox instead of Internet Explorer, which may allow spyware to leak onto computers.
- Get a cross-cut paper shredder, and use it to destroy all paper and other data storage media you throw out. At Nubrek, our rule of thumb is if someone can't find it publicly on the Internet, we shred it.
Beyond a firewall and anti-spyware and anti-virus software, other applications can assist with defending PCs and their data. BlackICE is a common solution that larger organizations deploy for endpoint security. This logs information, which is often used in forensics and the prosecution of hackers.
For techies, Andy Routt, a Senior Computer Forensics Investigator, has some advice: "Many legitimate Web sites use JavaScript to enable active Web content," he stated. "When used by a malicious site, this code can also be used to compromise an unsuspecting user with a vulnerable computer system.
"One of the ways to help reduce the risk of executing malicious scripts when browsing untrusted Web sites is to use the Mozilla Firefox Web browser in conjunction with the NoScript plug-in. When installed, the NoScript plug-in allows a user to choose which sites are trusted to execute Java and JavaScript, while blocking all others by default."
To install NoScript, visit https://addons.mozilla.org/firefox/722
Hack here now
Hosting your own server can carry considerable risk and should be handled with great care. If you pay someone to host your server, go with a reputable organization to minimize your risk. If your server runs services such as teletype network protocol (Telnet), simple mail transfer protocol (SMTP) or file transfer protocol (FTP), you increase your risk.
If you are curious about hacking and want to understand it better, visit www.hackthissite.org Devoted to training hackers of all levels, it's a great place to begin to understand what hacking involves. (If the Web site won't load, try again later. Sometimes there's more traffic than it can accommodate.)
I wish you the best in protecting your business.
Joel Rydbeck, Chief Technology Officer of Nubrek Inc., brings his strong background in e-commerce and business process automation to the merchant services industry. Nubrek offers eISO, a Web application for ISOs that tracks leads and provides automated residual and commission reports. For more information on eISO or to view a free demo, visit www.nubrek.com/eiso.html
E-mail Rydbeck at joel@nubrek.com
|