Using Software Protection
Guarding against breaches in security should be a priority for all organisations and individuals. Using anti-mal(icious) software to help lower the risk of successful attack through viruses, Trojans etc is one precaution that everyone can take.
However, because organisations have multiple employees accessing large quantities of data on a frequent basis, they need to take additional precautions by using specialist software.
Firewalls are special filtering pieces of software that sit between the computer and the outside world. All data and communication between the user and the outside world (in and out) has to pass through the firewall.
Users can set filtering controls or permissions to allow only particular programs to communicate through specific access points (ports) with the outside world. Through effective firewall settings, users can restrict data from particular programs from leaking to the outside.
This involves using a piece of software that turns data through a number of steps into gibberish. The gibberish can only be turned back into useful data if the user has the 'key' to reverse the process.
It follows that the greater the number of steps involved in the transformation of data into gibberish, the more complex the 'key' and the longer it would take to crack the code.
So good protection involves having sophisticated encryption software and rules or a policy that describes what data should be encrypted and always sticking to it. Without encryption on such things as account passwords or credit card data, hackers would always be able to read it in 'plain text'.
3. Intrusion Detection & Prevention
This is an additional piece of specialist software that actively detects users logging onto protected systems recording the time, date of entry and what they did while logged into the system. The same system actively 'locks' users out of the system after a limited number of attempts.
4. Restrict Privileges
User accounts are associated with sets of privileges which determine what each user can or cannot do and groups of users can be associated with sets of privileges. So for example certain privileges can allow particular groups to view certain data and not others. Or edit or not edit records, to send data or not send data and so on.
Through a tiered access privilege policy, organisations can exert quite a tight control over who can do what with the data.
5. Content Filtering
Similar to the Restriction of Privileges, content filtering uses a series of software controls to limit web sites users can visit and what they can do on the internet, for example download and install software.
The main purpose of content filtering is to stop what's called 'drive-by downloads' where users come across something that sounds interesting and casually downloads it, only to discover later it contains hidden malware.
6. Vulnerability Assessment
Organisations use specialist software to scan their systems for vulnerabilities or weaknesses that might be exploited by hackers. These are often the same hacking tools that hackers use to find possible access points.
In sensitive systems, organisations should perform vulnerability testing on a weekly basis on all internal and external systems in their networks.
7. System Monitoring
Use a system monitoring program which records the behaviour of all users. It tries to spot patterns in user behaviour about where they go, what they do and when they do it. The monitoring program generate alerts, if it spots some unusual user behaviour when compared to what they've done before.
The insider behaviour monitoring can help anticipate breaches by disgruntled employees or hackers working as an employee. The ability the program gives to enable user behaviour to be replayed is of invaluable assistance in investigating security breaches.