What does the information security market offer against daily invasion
In addition to highly motivated malefactors - hackers, there are a number of automated tools that extract confidential information and earn on it.
The increased commercial profit from the actions of attackers has led to the fact that if earlier malicious code was written by individuals with the goal of self-assertion, now the time has come for highly qualified professionals who purposefully make money. An internal market for cybercriminals has emerged - professionals who purposefully earn money by selling services related to malware.
What does the information security market offer against daily invasion?
Antivirus software. Every minute 4 new viruses appear in the world, and the frequency of occurrence increases every year: a third of all existing viruses were created in 2010. Antivirus products do not keep up with the release of new viruses, having a rather long reaction cycle to them and very weak heuristic analyzers.
Antivirus products cope well with the most common and well-known virus threats, but they are not able to protect against the spread of new malicious code. site security Nevertheless, antivirus tools cannot be abandoned, as they cope well with the most common and known virus threats.
IPS / IDS systems - intrusion prevention systems - work by the method of detecting a code signature that exploits the vulnerability, but not everyone is calm - attackers can use dynamic bypass techniques (AET) to modify the used signature, and most IPS systems stop seeing the threat. According to the well-known independent laboratory NSS, 70% of the tested tools cease to recognize the threat of an invasion even with elementary actions to hide it.
The greatest role in protecting information is played by the competence of specialists ensuring its security. At the same time, the human factor is highly likely: non-compliance with established procedures, inconsistent actions of specialists and underestimation of risks can lead to information theft. linux server security An additional guarantee and external audit of the security of information systems are required .
One type of external audit is a penetration testing (pentest), the essence of which boils down to the following: auditors, thanks to special knowledge and tools, having authorized permission in their hands, follow the path of attackers in an attempt to steal information.
In penetration tests, 3 levels can be distinguished, depending on the threats to which the client’s information systems confront:
- Confronting simple, random attacks
- threats from automated malicious means
- amateur hackers.
In this case, testing of the entire external perimeter is performed by running scanning applications. Both commercial products and own developments are used. Using various scanning systems allows you to cover the largest number of possible vulnerabilities, use the heterogeneous approaches to search and identify vulnerabilities developed by manufacturers.
After receiving reports from each tool, a manual verification of the results is carried out with the identification of false-positive results.
Opposition to directed attacks - threats emanating from experienced hackers who have specific motives for conducting attacks.
Level 2 testing includes all the methods used at level 1, with the difference that should be supplemented by manual testing , during which the specifics of a particular customer and the IT infrastructure used by him will be taken into account. For this, professional auditors manually conduct an in-depth study of systems for vulnerabilities.
The main emphasis is placed on Web applications and the most relevant threats from the Top-10 OWASP list (an organization aware of the security of Web applications and representing a single source of all the most critical vulnerabilities of Web technologies).
After conducting manual testing, auditors correct the report of stage 1, introducing previously missed vulnerabilities and correcting false negative results (False Negative).
Having identified vulnerabilities, auditors will try to use them to penetrate information systems to steal confidential information or to bring the systems under test to a state of failure.
The final step is to study the operation of Web applications and network services under high loads: in this way, auditors will try to cause a denial of service for new connections (DOS attack).
Opposition to targeted attacks with knowledge of internal information about sysh - threats emanating from experienced hackers who are knowledgeable in detail about sysh, configurations and processes.
Level 3 testing is designed to verify the security of information resources against targeted attacks using internal (insider) information.
Such information includes account information, the architecture and configuration of information systems, internal regulations and procedures, authentication information for entering a Web site, source code, etc.
The presence of vulnerabilities identified at this testing level indicates potential risks on the part of cybercriminals with relevant information: their own
employees, customers, partners, etc. Level 3 testing also includes Level 1 and Level 2 methods.
Depending on the information received, level 3 testing may include:
- testing firewall settings
- testing web applications after authorization
- security check payment procedures
- Web code security testing.
The largest number of confidential information leaks does not occur intentionally, but by accident, when users unknowingly allow the distribution of confidential information. And if an attacker takes advantage of such indiscretion?
Imagine a situation when a user suddenly received a letter from one of the managers absent from the office asking them to urgently provide the latest version of the documents he had developed for the current project.
The letter came with the usual signature, from the corporate address. What will an employee do before answering, attaching and sending the required files? Most likely nothing. What did an attacker need to prepare a similar letter to obtain information on a project of interest to him?
Only open information and less than 1000 rubles. Yandex site security check The names of employees working in the organization are through the company’s website and public networks. E-mail addresses - from the company secretary.
Signature - from a response letter to the request of the attacker to the boss to do something that is not within his competence. To create a return corporate address, a domain with a similar spelling was registered (price with DNS support less than 1000 rubles) and a free gmail mail system was connected to it as a mailer.
Every year, people leave more and more traces and information about themselves on the Internet - in public networks, on sites, in blogs, on Twitter. The more information that is known about a person, the easier it is to manage and the easier it is to use social engineering methods in the extraction of confidential information.
Untrained people in the information security system often become a weak link. Therefore, due attention should be paid to the development of regulatory documents describing the actions of personnel to protect confidential information, to bring this information to their attention, to train people in the methods of identifying attackers and counteracting them, to conduct tests and selective non-documented attempts to penetrate using methods of social engineering.
The technical penetration test, actions that can lead to a halt or slowdown of the services, social engineering methods, auditors can use only with the permission of the customer’s management according to a previously agreed methodology and time.
After testing, the results of each stage described above are summarized and a final report is developed, which should document the test results and give the customer an understanding of the real state of information security of the tested systems.
The report should provide complete information about the identified vulnerabilities in information security, the level of criticality, and recommendations for their elimination. site check for hacking The document should be structured so that the customer can use the first section of the report to provide a description of the company's security level for management or auditor, and the second section for technical specialists.
As you could see when describing the actions and methods of a penetration test, this is a complex and time-consuming project that is carried out by high-class specialists. Pentests allow you to correctly assess the level of current protection of information assets of the company and, if necessary, adjust the actions and methods of protection, preventing the theft of confidential information.