Compromising business networks using social engineering techniques
By Vlad Valceanu
17 Jun 2009
The end-user, God bless him, is the most vulnerable spot in a system. Even so, you can't live without him. What would a corporation do without the average Joe to type in numbers and letters of items and values sold or purchased? Probably run out of business.
So an average Joe is necessary. However, network security is necessary as well. But the average Joe doesn't know jack about network security. And he works on computers connected to your local file or mail server, having access to sensitive information which he works with day in, day out.
How does our average Joe do it?
Anyone interested in putting their hands on that information will certainly not start attacking the main servers, since IT specialists do their best in securing them. They will target our friend Joe, making use of his curiosity, arousal or economic state. Securing hundreds of workstations is a pain without a centralised management infrastructure and is likely to be disregarded in small and medium business networks.
And this is the point where problems emerge. Joe delights in opening links and attachments of spam e-mail. If he finds a USB stick lying around, he will certainly take it. Guess where he will use it first? The computer at work. Sometimes Joe also likes to post comments on the most recent photos added by his friends to their albums on Facebook or MySpace. Maybe he likes a small game that much that he will burn it on a CD and bring it to work from home. I bet Joe is not using any security suite at home and is not frequently updating his system.
So Joe, our curious individual, will open that, through mail spreading worm thinking it's another breathtaking power point presentation about cute kittens, sea mammals or friends that love him so much. If the place is not too crowded, he will certainly open links to websites that are supposed to show adult-rated materials about various celebrities. What Joe doesn't know is that the special codec requested by the fake Web player is in fact a Trojan.
If Joe happens to find a USB stick on his way to work or during a coffee break, he will happily use it with the first computer he has access to (obviously the workstation in his office). Let's say Joe is a bank employee. Let’s presume the bank wanted a security assessment of its network. The hired company would ‘loose’ about 20 USB devices around the parking lot of the bank. Out of those 20, 15 get picked up by the bank employees and all of them are plugged into work computers. The devices are prepared beforehand with a Trojan horse that send vital information about the computer and the network back to the assessing company. Based on that info, further penetration of the network was possible and access to sensitive information was granted.
If this scenario seems highly unlikely, think again. It has been performed by Steve Stasiukonis, vice president and founder of Secure Network Technologies in a network security assessment requested by a credit union.
How to prevent Joe from doing it?
Every network administrator has the option to limit the freedom of the workstation users by disabling certain Windows features using a registry editor. Completing the job takes several hours on one computer and a lot of technical know-how. Not to mention the fact that if something goes wrong, the whole registry might get corrupted which results in a reinstallation of the whole system. This, however, still doesn't restrict the user to open websites or attachments.
An easier and more time-efficient solution is business solutions that are comprised of several applications designed for any network architecture offering a multi-layered security infrastructure. All of them managed by a centralised server in order to save time and effort.
1. Mail servers
Any large network probably has a mail server. It is best to filter out all the spam before it gets to the workstations to reduce mail traffic and save network resources.
2. Gateways
Second of all, the main gateway should filter malicious HTTP and FTP traffic, offering proactive protections against zero-day threats, a white-list filter and browser comforting among other useful features needed to offer a secure Web experience.
3. File Servers
File servers are products that cover any business' need for a file sharing server. Be it Windows or Unix- based, the applications integrate perfectly with the infrastructure and offer optimised, multi-threaded scanning for faster file access.
4. Workstations
The workstation protection is increased by security solutions bundling an anti-virus, anti-spyware, anti-phishing, firewall, user and privacy control, backup and an hourly update system together, integrating them to work flawlessly on a various range of Windows systems. Policy-based management, automatic detection and deployment as well as integration with Active Directory make the life of network administrators easy and reduces costs of network management.
All suites mentioned above can be managed from a separate Management Server improving security compliance and efficiency.
Vlad Valceanu is the head of Antispam Research at BitDefender. With experience in anti-spam research for more than six years, Vlad’s main focus is to keep BitDefender’s technologies up-to-date, and to maintain a leadership position in the Internet security industry.
