Threat Response: How to Deal with Active Network Attacks

After 2016’s “year of big breaches” it’s pretty certain that cyber security is at the top of every network administrator’s priority list for 2017. The increasing exploitation of IoTs is of serious concern and large DDoS attacks are on the rise, along with major consumer data security breaches, and even governmental email hacks, all of which is pushing network managers for greater automation.

But if you really want to protect your network, you’ll need to be ready to respond to an active network attack with solid strategies based on a comprehensive incident response plan that allows you to effectively stop these attacks in their tracks.

Active Attack vs. Passive Attack

An active attack or what is more commonly referred to as “hacking” is an actual attempt to disrupt or take down your system.

During active attacks, intruders introduce foreign data or programming into your system, and/or potentially change data within the system. During these types of attacks, hackers are actively sending traffic that can be detected. A denial of service or DDoS attack is one such example.

Active attacks can often be prevented with the use of Firewalls and IPS (Intrusion Prevention Systems) protection.

A passive attack, on the other hand, involves an attacker stealthily monitoring and/or collecting information on your network activity. These attacks are much more difficult to detect, because they are not actively targeting anything for disruption and therefore may go undetected for quite some time. Implementing good network encryption can often eliminate these types of attacks

Other types of attacks

A Close-in attack is one where your attacker is in close physical proximity to the system being targeted. These kinds of attacks are less common and can be prevented with good onsite physical security measures.

An Insider attack is just like what it sounds like, someone from the inside, who has worked for your organization and has knowledge of your network and access credentials and is using them to attack. Use two-layer security and authentication measures and onsite, physical security to prevent these types of attacks.

Distribution attacks are those that gain backdoor entry to your system through hardware or software systems that have been compromised and once launched target your devices. To avoid this type of attack, be sure to use only trusted vendors and do regular integrity checks.

How to beat ’em to the punch

First, you should shift your mentality from perimeter-based to a more potent, flexible and comprehensive approach that incorporates a multi-layer defense, keen analytics, and active incident responsiveness.

But in order to create a plan that is both well prepared and elastic enough to adapt to the potential circumstances of any attack, you first need clarity. You need to ask these questions:

What are you protecting?
What is your most sensitive data and where does it reside?
How is it currently being guarded?
What are the biggest potential threats to its security?
What systems are currently in place for attack detection and response?
Are they adequate?
Where are your unseen vulnerabilities?

What to protect

In order to really understand your network’s biggest vulnerabilities, you’ll need to first understand those critical areas of your infrastructure that most need your attention. You’ll need to have a solid feel for the baseline behavior of your network in order to more easily spot abnormal activity patterns.

What does an attack look like if you’re the end target? What might an attack look like if you’re just a stop along the way to a connected partner and vice versa?

You’ll need to coordinate IT, security, and day-to-day business, taking a good hard look at your current business relationships, collaborations, and partnerships in order to assess any unnecessary exposure. Ask yourself:

What are the most valuable information assets?
Where are they located on the network?
When are they being accessed?
By whom?

Data priorities

You need to know the difference between which data on your network is the most valuable (and therefore most at risk) and that which is considered less so. By organizing your data into a well-planned data classification system, you can, not only optimize your system for user retrieval, but also determine what data is the most sensitive or mission critical and therefore needs the most protection.

These classification tools can help to improve treatment and handling of sensitive data, as well as allow you to determine which information is sensitive, and formulate a plan of attack as to how it should be protected.

Security Posture

Not only do you need to keep up-to-date on the current trending security threats and vulnerabilities but you should be carefully and continuously evaluating your organization’s security posture. Here are some recommendations:

Consider outside threats as well as those from insiders and partners.
Security program assessments can also help provide an objective view and aid you in evaluating your organization’s security risks.
Regular compromise assessments can help detect malicious activity that may already be taking place on your network.
Check to make sure that basic security protocols (proper password and authentication, patch-management procedures, firewall and IDS/IPS
configuration) are in place and being adhered to—including for your partners and contractors. Monitor for any changes and adjust as needed.
Optimize your existing tools and technology and then fill in the gaps.

Detection

Advanced security monitoring tools can really pump up your detection, working in conjunction with firewalls, IDS/IPS, antivirus, etc. The right staff, paired with the right tools can allow you to identify, divert, block, or even quarantine these threats when they occur. Be sure to see these and use these as opportunities to take note of how an attacker(s) may have gained access and make any necessary changes in your security posture in order to thwart future attacks.

Security awareness for all

It’s not just the IT department or network administrator who should be well versed in security risks and basic protection measures. Security awareness is important at all levels. As a critical component of your ongoing security strategy, basic security training should be given to all employees in an effort to sidestep well-known and oft-used vulnerabilities like malicious email links or attachments.

This security training and awareness also applies to having and sharing your own strong corporate security policies with your employees including those with regards to the use of their own devices, the downloading and installing of applications or software, and connection to their personal cloud.

Drill it

Prepare an incident response readiness assessment to help evaluate existing response plans, and test their effectiveness through simulated threat scenarios. Having run drills like these can help assist you in responding to each phase of a real future attack.

Remember, it’s those who are overconfident that put their networks most at risk, forgetting do the proper risk assessments, run the tools, monitor the traffic, drill the possibilities (and responses), and refusing to take the time to properly educate their staff.

Acknowledging that every system has its vulnerabilities and choosing to remain vigilantly alert and ready to mount an active and aggressive counter against an attack is your best defense. Recognizing that no system is foolproof and that your network may already have been infiltrated or compromised is really the first step to ensuring your network is as secure as possible.

If you aren’t sure the hardware you currently have in place is sufficient for your security needs contact us to talk with a security expert who can recommend solutions to keep your networks protected.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.