Q

Hardware nor software firewalls stopped a breach in my network. What more should I be doing?

I had a security breach when hackers hacked into my network. I had a similar problem before but was able to manage it by putting a hardware firewall and removing the software firewall. Unfortunately, the problem persists. What can I do?
From the information provided by you, it's hard to find the exact cause of the problem. Also, you have not mentioned the techniques you tried. It takes more than a firewall to secure a network infrastructure.

The very first step in preventing network security incidents is to identify the threats and put controls in place to prevent them from happening. Some of the important factors you should consider are:

  • At a very basic level, scan your network for potential entry points. Remove or disable any unneeded devices.
  • Check for any newly added network devices and verify configuration.
  • Check your router/firewall configurations, most importantly the routing information. Check to see if any modifications have been made since your last good configuration.
  • Make sure your firewall/router is blocking ICMP pings originating externally. It's a known fact that most of the attacks tunnel through in the protocol's echo reply. Also, block outgoing ICMP pings, lest your network be an accessory in a distributed denial-of-service attack.
  • Logs are your best friends. Turn on logging on potential network points. They provide a good amount of information in detecting problems.
  • Use tools like port scanners and network monitors to monitor network traffic and ports. Make sure only required ports are open and listening to trusted addresses.
  • Search for activities that are hallmarks of attacks. For example: a malicious script can scan the network logs on machine and then block any randomly chosen network addresses.
  • Intrusion detection system: Make sure it conforms to expected parameters and aren't hiding distributed denial-of-service attacks.
  • Watch for evidence of port scanning in your logs.
  • Web servers are one of the areas of concern. Studies have shown that many a times it's the web server that acts as door for hacker's entry inside the network. I would advise you to visit the W3C site for updated information on securing a web server.
    http://www.w3.org/Security/Faq/
  • The rising numbers of virtual private networks, extra-nets and intranets have created more access points for hackers. The concept of a single point of entry into your network is long gone. An exposed vulnerability in any of these can wreck havoc.
  • Make sure that the application code is reviewed before its put on the website. Eliminate any vulnerability that hacker can exploit.
  • I would also advise you to get network penetration and auditing done by some professional security group.

Hope the above helps you in finding some answers to your problem. If you can send me some more information on your current network setup, I might be able to help you better.

This was first published in February 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close