When someone says Network Security
the first thing that comes to mind is Paul Blart Mall Cop (Sony Pictures 2009).
The connotation is simple, security is a big thing that no one can see that
supposedly protects your network. The network is the 400-pound gorilla in the
room that everyone uses but most don’t know how it works, “just call IT (Paul Blart)
he can fix it”. The two parts, network and security must work in harmony for it
to be a seamless protective service. Paul Blart did not care what people thought
of him, just did his job to the best of his ability.
At my company, probably similar to
yours, we have a team of network security employees that we trust to keep
everything safe. But what are they protecting? There are hardware and software components
that are subject to attack from threats at any given moment. The software or
hardware that every user is using can be compromised through email (spam or
phishing), or side-by-side malicious downloads that come from seemingly
harmless sources. It is the job of the security team to detect and mitigate
these from accessing the company’s network and thus multiple machines and
ultimately the entire company.
On the downside, if an attack is successful
the attacker could easily seize control and demand anything from monetary
ransom or other concession to “release” their hold and restore the soft/hardware
to the company. In other cases, the attacker may not want anything more that to
cause harm in which case a malware virus would simply “seek-and-destroy” company
property on their network and thus cripple the company with no hope of
recovery. Both of these are truly devastating to businesses and are very easily
avoidable.
As computers have evolved from the
large mainframes in their living room sized boxes have shrunk and developed
into the tiny little phone laying next to this laptop the knowledge of the
technology has migrated as well. Once it was only the large corporations and government
that could afford computers. Now everyone has a computer, and in many homes probably
several “devices”. As the technology moved to the public domain the “tech assassins”
grew in numbers as well. The knowledge of technology was no longer only
available to those with money but was now available to all via the internet. I looked
just today as several viable trusted sites on the web to see how to unlock an
iPhone and try to bypass the security. It’s actually quite simple, you just
have to know where to look.
So, the need for a robust network
security force exists for pretty much everyone. Now the odds of a hacker targeting
you as an individual may be pretty slim, but attacks on corporations and the
government are almost endless. This brings me to my big question, why is it so
hard for us to make a security system that is unbreakable? It seems that if we
could just stop changing the software on the user machines security would be
basically impenetrable. This sounds absurd coming out of my mouth, but it is
almost exactly what my company did for almost ten years.
Obviously if you stop doing upgrades
and keeping up with the technology you will ultimately fall far behind, but who
are you chasing? The competition, your friends, the “Jones’s”? That’s a question
that I can’t answer but can tell you that technological advances will not stop
and in fact increasing daily.
My company, I will not name them,
had an archaic view of technology. The business that we are in is almost
exclusively computer-based and is definitely a “tech field”. We are the forefront
of our type of technology and are pioneering the tech that we produce. Which is
freakishly frightening because in the front-of-the-house (customer service and
basic computing) we just 4 years ago made the leap from Windows XP to Window 7 and
last year from 7 to 10. The belief from our executive team was that we were
insignificant and didn’t need the newer technology. It took two attacks, one
was email spam and the other phishing, to get them to listen and understand. Spoiler
alert, it also answered my big question.
Because of evolving technology in
network architecture and the infinite resources on the internet it was quite
easy for a hacker to get into our old outdated, unprotected email system. The OS
developers search out exploits in the current software and patch it. So, when
they send an update for their OS it will include the patch for the exploit. Since
we never updated our OS (and Microsoft was no longer supporting it) it opened
the door for attacks. Once they had access to our email, our network was wide
open to them and they did what they wanted. Ironically the first was using our
own email system to direct a DoS attack on our website. The second, phishing
attack, installed ransomware and shut us down for a few days and was very
costly to remove. I was never more thankful for backups than that day.
So, obviously we will never be
protected from security threats by just doing nothing. The threat is always
there and waiting for someone to find it. Since technology is now everywhere
the need for network security has increased dramatically. The need exists both
for digital control and situational awareness (Li, Y. et al, 2019). The digital
control is for the virus detection and antimalware software to protect the software
and hardware on the network. This is normally a real-time protection that is
running on the system and relies on little to no input from the network
security team. The situational awareness is for the users on the network and their
education and awareness of what a threat looks like. The wideset gap in any security
is not the hardware or software but the humans using them. The vast majority of
attacks come through exploiting a person’s trust and getting inside the easy
way (Gulshan, K., 2014). It is crucial for companies and individuals to
education themselves and their employees on the types of threats and how to avoid
them. Also, to empower them to report a breech when it happens to try and minimize
the damage of a successful intrusion. Education and awareness are possibly the
most important part of any network security.
“Safety Never Takes A Holiday!” – Paul
Blart
References
Gulshan
Kumar & Krishan Kumar (2014) Network security – an updated
perspective, Systems Science & Control Engineering, 2:1, 325-334, DOI: 10.1080/21642583.2014.895969
Li,
Y., Huang, G., Wang, C. et al. Analysis framework of network security situational
awareness and comparison of implementation methods. J Wireless Com Network 2019, 205 (2019).
https://doi.org/10.1186/s13638-019-1506-1
Vahid,
F. & Lysecky, S. (2017). Computing technology for all. Retrieved from
zybooks.zyante.com/
No comments:
Post a Comment