Response is as important as resolution in a network breach
Last week, it was announced that several congressional offices had been hacked, with the hack originating from a Chinese IP address.
The incident reminded everyone who administers a public or private network that security breaches and intrusions are ever-present threats - and that how you detect and respond to these threats can be as critical as the threats themselves.
The first step should be thoughtful assessment of what is transpiring. For instance, it is easy to confirm that the hack came from China because of the Chinese IP address - but is there sufficient evidence to prove that it was actually the Chinese government? The IP address could have been used by another entity, or even by a mischievous teenager.
Security breaches demand sound fundamentals. If you get hacked, investigate and solve the issue at hand, and don't forget that how you communicate the situation to your inside users and the outside world is just as crucial as technical problem resolution.
Second, sites should be conducting regular intrusion detection, monitoring and reporting of their networks. This includes daily monitoring, and also quarterly vulnerability and penetration tests - combined with annual intrusion and penetration tests conducted by an outside audit agency. Most of the time, you will find network vulnerabilities. These can be remedied by inserting multiple firewalls, following industry-suggested security guidelines and educating internal users on proper security procedures.
Third, there should be an escalation process that brings in security specialists when there is a potentially sensitive network breach. Government agencies and officials possess sensitive information. Organizations like the National Security Agency (NSA) can help in situations like these.
At the end of the day, it is up to all of us who work with security and technology to take appropriate steps to protect our networks. This begins with sound ethical hacking practices that show us the natural vulnerabilities of our networks so we can patch them, and progresses into effective analysis, assessment, response and communication of a network breach until the crisis is resolved.
Richard Landrigan teaches Certified Ethical Hacking at NetCom Information Technology a national IT training company headquartered in New York City. Mary Shacklett is President of Transworld Data, an international IT marketing and technology consulting practice.
» posted by jroberts
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
