A recent issue in my home country has surface this month regarding an information leak. Our “highly” trained officers says it managed to caught and apprehend the actual hacker but never give any resolution as to what they will do to ensure that it will never happen again.
Much like what they usually do, this doesn’t surprise me at all. A lot of catastrophes had come and go and they (and so as the majority of our people) only manages to react. Yes, just react – nobody seems to want to be pro-active, no one wants to stand up, everyone is just good at reacting and blaming.
I won’t dive in into the details of the past but I’d like to put a stamp of myself on the current issue since this is closer to my profession. I am a Software Application Developer with extensive experience in the field, I do have a background in IT systems, infrastructure and services. I believe at the very least, I am qualified to give a say and propose a solution.
Let’s dive into the details (details that I know)
Obviously, the information leak is the issue but that would be the cause of the actual problem. The actual problem is the non-secured systems that makes it vulnerable and easily penetrable by highly intelligent malware.
SSL (Secure Socket Layers) and SSH (Secure Socket Shell)
In the context of someone who is not familiar with the tech, SSL is a technology that encrypts a clients data over the web. When a user tries to log on to a website, an SSL secures what you entered by encrypting it. The encrypted data will then pass through layers of network until it reaches the actual host. Only the host can decrypt this data (which is what we wanted). What this ultimately means is that your data is like “compressed” in a secured way and passed over the wire. Only the host (the owner of the site or application) can “decompressed” it.
This approach ensures that no one in between will copy your information and even if they got hold of your information over the wire and transfer, they won’t be able to read it since it’s encrypted.
For administrators, this is a simple installation on the host. Sure an additional cost, but it won’t be as much as the cost of someone’s privacy. With today’s tools for developers, installation of SSL is not that complicated. Sure you need to study and still comprehend, but if you know the fundamentals of networking, it’s not impossible to understand.
SSH – Secure Socket Shell is a way for any person (usually the admin) to access the server via a secure port and protocol. The concept is like a key and a padlock. A padlock (public key) is installed on your server and a counterpart key (private key) is the only way to access it. This key will be the sole access key to that padlock.
Data Server, DNS gateway, Site Selector / Gateway
This leak could’ve been avoided if they isolated the data sensitive services to a more secured environment. They would’ve invested on a RAID server (RAID3) and control the incoming and outgoing connects to be constantly via SSL. This ensures that whomever goes in and also goes out goes through a secured socket virtual layers.
In addition, the company could’ve invested on a DNS technology that can filter out and redirect request to any of their sites. This will allow them to evaluate all of the clients that tries to access their site. A good technology would be a Cisco Global Site Selector. This is one of the most globally used routing hardware that allows filtering of wire request. You can also disallow multiple and concurrent request to the server using this device.
Competent IT personnel
No questions on this one, get someone who is knowledgable. Get someone who can set up everything and is competent enough to do the maintenance and monitoring. Don’t just get someone who knows to setup a Web Server. Infrastructure security is far more complex than just decompressing a standalone source/binary to create a virtual web server.
The personnel should take care of managing the infrastructure, creating smurf/notification if there are warning treats to the server, potential DDOS attacks or brute force attacks. Enable security features such as SSL, Ip deny, traffic routing, filtering and identification.
There are a lot of ways to monitor the network for potential intrusion.
Quick take aways
A few take aways. Hackers have a million ways to hack. In all honesty, nothing is 100% secured over the wire. Virtually, everything is hackable, but we can minimize the probability of being a victim if we practice and apply even the most fundamental way of security practice. Secure the infrastructure, secure the protocols your services uses, secure incoming and outgoing and always be cautious of threats – understand how hackers can hack and you can get ahead of them.
For the non-tech savvy individual, you can always do the following the protect yourself
- First line of defence is yourself. Don’t put too much of your details on social media. 60 to 70% of hacks comes from Social Engineering. Hackers uses any details it can find from you and they’ll try to get as much gains from that information as possible. Minimize your details in Social Media.
- Install and Invest on Anti-virus/Malware programs. Always update your Virus Dictionary. There are millions and millions of malware, spywares and virus programs that can penetrate one’s computer. Installing an anti-virus,malware and spyware minimize the risk of penetration and even more important is updating them to keep it up to date with the newest treat available.
- Be cautious on emails and the websites you visit. A single CLICK to a link can cost you. Hackers only need you to click a specific button or link to get information from you.
I’ll be tackling more on IT security approach on the next couple of blog posts.