Protect Yourself against Hackers
How do you protect your computers against hackers? New
vulnerabilities are found practically every day. It easy to get disillusioned
about the prospect of protecting your computer network against intrusion. If you
want hands-on tips, you can skip ahead to our
step-by-step guide to hardening
your Windows NT system. However, I would encourage you to read on.
It is essential to have a basic understanding about how
hackers operate before attempting to stop them. Have a look at our
Anatomy of a Hacker Attack piece. It includes
six phases that a typical hacker attack will pass through. In most cases, the
security policy of a company will try to address issues in each of the different
phases. For example, in most cases, an effort is used to hide as much
information about the corporate network as possible from the outside world, in
order to make phase one (collecting information) harder for the hacker.
Firewalls, as well as most other security equipment are typically used to stop
the hacker to communicate with the computers in the corporate network. Other types of
protective systems are aimed at a later phase. Equipment to stop the hacker from
hiding his tracks in phase six is relatively commonplace (unfortunately, at that
point, most of the damage will already have been done).
A common mistake is to spread the efforts too much in the
different phases. It is a little bit like building six different walls around
your castle, but never completing any one of them. Generally, it would be better to
concentrate on getting one of the walls ready and then defend that wall against
intruders at all cost.
In our opinion, the most important thing that you want to
achieve is to stop the hacker at some point before he does any damage. Most
current security strategies are aimed at stopping the hackers at phase two.
Firewalls, proxies and demilitarized zones are all used to separate the private
network from the Internet. Virus control software often try to stop malicious
code at the border of the network as well.
Another strategy that is used is to stop the hacker in the
initial information gathering phase by being as invisible as possible.
Ultimately, the potential hacker shouldn't even know that your company exists. He should
definitely not be able to back-track your steps on the Internet. Some variation
of this strategy has been used for years, more or less unintentionally, by many
smaller companies. Unfortunately, this strategy is not feasible in most cases.
Companies want to tell the world how great their products are, and they can't do
that and stay secret at the same time.
The strategy we believe in is to stop the hacker at phase
three - when he is trying to execute malicious code on your computer system.
More or less every hacker attack will have to pass through this phase at some
point or another. Stopping the hacker from executing software that he has
downloaded to the target will give him a much harder time.
One of the good side effects of defending at phase three is
that it also protects you somewhat against corporate insiders. It is often
stated that a big majority of hacker attacks are made by employees of the
company being attacked. To some extent it depends on how you define hacker
attack, of course. The inside jobs often have quite a different characteristic
than the more typical hacker attacks. However, it is possible to use the same
kind of security to protect from malicious code executed by employees as well as
Once you have decided on a phase where you want to concentrate
your defenses, it pays to defend the other phases a bit as well. For example,
you should never go without a firewall. Our Anatomy of a Hacker Attack is a bit
simplified, as you may well have reckoned. There are attacks that depend on
combinations of weaknesses being available at different points.
Security is much more about good policies and security routines than about
fancy tools and access control lists. If everyone knows the administrator
password and you leave the door unlocked when you leave the office in the
evening, all the security programs in the world will not help you. That said,
there are security tools that you should never go without. Have a look at the
step-by-step guide for more details.