Cyber Attacks: Can they be prevented?

Discussion in 'other security issues & news' started by Rmus, Feb 24, 2013.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Recently, I thought about the targeted attack vector, aka "spear-fishing."

    Some background:

    Hydraq - An Attack of Mythical Proportions
    19 Jan 2010
    http://www.symantec.com/connect/blogs/hydraq-attack-mythical-proportions

    Cyber attack during the Paris G20 Summit
    February 2011
    http://en.wikipedia.org/wiki/Cyber_attack_during_the_Paris_G20_Summit

    Exclusive: potential China link to cyberattacks on gas pipeline companies
    2012/05/10
    http://www.csmonitor.com/USA/2012/0...ink-to-cyberattacks-on-gas-pipeline-companies

    Chinese cyber attacks on West are widespread, experts say
    http://www.cnn.com/2013/02/01/tech/china-cyber-attacks
    2013.02.01

    So, is there no way this "malicious software," "Trojans," can be prevented from installing if an office worker is victimized by such an attack?

    Many articles go into complicated, technical discussions of different types of prevention that can be utilized in organizations. Many of these are bloated advertisements for their particular product.

    But, at least two mention "policies":

    Cyber Attacks: Prevention and Proactive Responses [PDF]

    20 ideas for cyber attack prevention
    http://www.thenonprofittimes.com/article/detail/20-ideas-for-cyber-attack-prevention-4188

    What a novel idea!

    Of the many ways of instituting policies, one has been available for almost 12 years:

    http://msdn.microsoft.com/en-us/library/ms974604.aspx
    October 8, 2001

    An Administrator can control what the workstations on the network can install.

    Discussions in the past with some Administrators revealed to me that locking down individual workstations in this way would probably create an unhappy workforce.

    Translation: workers have become accustomed to treating the workplace computer as their personal computer, being able to install anything they want.

    But that doesn't negate the fact that there are solutions available. I know of two organizations in my area that use such solutions.

    As the saying goes,

    "there's them that do, and them that don't."


    ----
    rich
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    It is the unhappy senior management that complains that then makes the admins relax the policy for them and as we can all guess infiltrating those can be a gold mine for bad folks. Ordinary workforce toes the line
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Maybe in the beginning, but over time they get used to it, and if they don't, they can always seek employment elsewhere. A business that deploys group policy enforcement on their computer network just has to say: "you don't like it, tough luck, deal with it".
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Enterprise environments are easy, because your IT staff owns the computers, and they can **** on the users all they like with whatever restrictive policies.

    The problem is that they often focus on the wrong things, still expecting users to manage updates, and strong passwords. Password policies are easiest to look at - so many companies will enforce a password length, but then they'll throw in some idiotic policy like "change it every month" for no reason.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    My employer, who handles several thousand client machines, handles all updates remotely administered and enforces only weak passwords, 6-8 characters, with only a mix of uppercase/lowercase and numbers, locked out after three wrong attempts, requiring change every 3 months. All network traffic outside the perimeter is monitored and filtered and all machines locked down, most everyone running SUA on a COE, so no way to install anything. Policies are unequivocal, there in writing for everyone to access, read and understand, with consequences rather dire for anyone who breeches them, although they do allow a strike or two before bringing down the hammer.
     
Loading...
Thread Status:
Not open for further replies.