The ultimate guide to defense in depth

Security_Feb11_BEven the most reliable business network security and sophisticated user credentials can be vulnerable to cyber attacks to some extent. The concept of a comprehensive layered security, called defense in depth, is based on a strategy which has been around since the time of the Romans. A multiple-layered defense is created to prevent the advancement of attack. This strategy has been proven to be an effective IT security method these days.

Just like the human body, a computer system can also be attacked by many viruses that can infect and disrupt computer operations. And what’s worse is it doesn’t just disrupt the operations of your computer, but these viruses and other malware can gather sensitive information or even gain access to other private and secured computer systems on the same network.

Although computer viruses aren’t deadly, they can spread at an unimaginable rate across your entire computer system, affecting your database, networks and other IT-related sources. You can get these viruses by opening bogus email messages, downloading unknown file attachments, and accidentally clicking ads that pop up your screen. This is why there is a need for a strong and effective security system to protect your network.

One of the tested and proven security strategies used today is defense in depth. This concept focuses on the coordinated and organized use of multiple security countermeasures to keep your database safe from intrusive attackers. Basically, this concept is based on the military principle that a multi-layered and complex defense is more difficult to defeat than a single-barrier protection system.

The defense in depth strategy assures network administrators by working on the basis of the following guiding principles:

Defenses in multiple places

The fact that many viruses can attack the network system from multiple points means that you need to deploy strong defense mechanisms at multiple locations that can endure all types of attacks.

Defense in depth focuses on areas by deploying firewalls and intrusion detection to endure active network attacks and also by providing access control on servers and host machines, to resist distribution attacks from the insiders. This multi-layered defense also protects local and area-wide communication networks from denial of service attacks.

Multiple layered defense

Defense in depth is an extremely effective countermeasure strategy, because it deploys multiple layered defense mechanisms between the attacker and its target. Each layer of the defense has a unique mechanism to withstand the virus attacks. Furthermore, you need to make sure that each layer has both detective and protective measures to ensure the security of the network.

The reason for wrapping the network with multiple layers of defense is because a single line of defense may be flawed. And the most certain way to protect your system from any attacks is to employ a series of different defenses that can be deployed to cover the gaps in the other defenses. Malware scanners, firewalls, intrusion detection systems, biometric verification and local storage encryption tools can individually serve to protect your IT resources in a way others cannot.

Perhaps the final layer of defense should be educating your employees not to compromise the integrity of the computer systems with potentially unhealthy computer practices. As much as possible, teach them the dos and don’ts of using the computer, as well as how they can prevent viruses and other computer malware coming in and destroying your system.

If you’re looking to give your computer systems better protection against the harmful elements that the internet can bring, then give us a call now and we’ll have one of our associates take care of you and help defend your business.

Published with permission from TechAdvisory.org. Source.

Security – 4 threats in 2014

Security_Jan07_BWith each new year comes resolutions, goals and trends. One popular goal of many small businesses is to ensure that their systems are secure for the year to come. Often, the first step to take is to look at current trends, but when it comes to security, you should be looking at threats. If you know what potential threats may arise in the year to come, you can better set security plans in motion to limit these from adversely affecting your company.

Here are four security threats businesses should be aware of in 2014.

Increased attacks on cloud end-points

Cloud-based systems saw solid growth throughout 2013, with numerous systems being introduced and older systems reaching new levels or maturity. Small to medium businesses in particular were heavy adopters of these systems. Because of this, we expect to see an increase in attacks against cloud providers.

Providers know this and take steps to ensure security of systems on their end. Hackers know this too, so will be likely going after the weaker points – end users. It is expected that hackers will begin targeting users of cloud systems with various schemes that try to gain control of computers and mobile devices. Once access is gained, they will go after their main target: Corporate or personal clouds and the data stored within.

This could pose a problem for many companies, especially those who access cloud systems from their mobile devices. January and February would be a good time to look into the security of all of your systems, ensuring that your cloud-based systems are secure on all devices.

Mobile malware will continue to gain popularity

Take a step back for a minute next time you are in public and look at how many people have smartphones or tablets in their hands. Chances are, at least 60% or higher will. It is fairly obvious that the mobile device is the most popular trend in tech at the moment, and whatever is popular is also a target.

We predict there will be an increase in mobile malware attacks throughout 2014. This could see either an increase in the number of apps that have malware in their code, or websites that host malware. When you visit a site with this malware, you are informed that you need to update an app, and when you agree to this the malware is downloaded and installed.

This could prove to be a tough for companies to manage, especially since the number of mobile users will likely grow. If you haven’t started looking into how to secure mobile devices, now would be a good time to start.

Growth in social engineering scams targeting mobile users

Social engineering is the act of essentially tricking people to give away confidential information. Hackers have been using this for years – for example, emailing users telling them their bank account has been compromised, and that if they click on the link in the email and enter their account info, the account will be secured. In reality, the link is to a fake site that captures information which can then be used for any number of illegal activities.

As we mentioned above, the number of mobile users is steadily increasing. This means that it is highly likely that hackers will begin to target these users with mobile specific social engineering. This could be tricking them into downloading an app which then steals information stored on the phone, or simply targeting those who use just their tablet.

In order to prevent this from happening, you need to brush up on how most social engineering schemes work. You should also encourage your employees to look where the links in emails lead to and be aware that generally, most major businesses like banks don’t email customers asking for passwords or user names.

Windows XP will become a big target

Microsoft will stop support for Windows XP and Office 2003 in April of this year. What this means is that they will no longer be offering security updates, software updates or support for these products. It is a sure thing that these programs are about to become a big target, and that new security loopholes and exploits will be found on a regular basis after the cessation of support.

For businesses that are using a newer version of Windows like 7 or 8, you should be secure from these exploits. If you are using XP on the other hand, you might want to upgrade as soon as possible. Contact us, we can help with that.

From the overall looks of things, we think this year will see a drastic increase in mobile based security threats, along with attacks on older versions of software. Now is a good time to review your strategies regarding both mobile and the software/hardware you use, to ensure that it is secure. If you would like help with this, please contact us today for a chat.

Published with permission from TechAdvisory.org. Source.