Check yoru security

[Techman]

Check your network security.
For those who feel they have nothing to lose if a hacker gets into your system.
The opinion that many of us keep nothing of real value to a hacker on our systems is mistaken.

Hackers are using internal computer networks as a vector to invade other systems.
They will use your machine to garner log in info and passwords into your websites and your ftp's and your offsite storage systems.
From there they will travel into any other link to which you have access.

The recent Target stores invasion is proof enough.
Hackers supposedly used a HVAC maintenance company's credentials to gain access to Target's internal networks.

 

[SignManiac]

They're saying that in Russia it's not even safe to use your devices at the olympics. They hack into your stuff in 30 minutes.

 

[cajun312]

They're saying that in Russia it's not even safe to use your devices at the olympics. They hack into your stuff in 30 minutes.

Only takes the NSA half that time

 

[SightLine]

I agree..... unfortunately network security is one thing the overwhelming majority of small and even medium businesses pay little to no attention to relying on a consumer grade routers "firewall" or the one provided by their internet service provider. The firewall in the majority of the off the shelf consumer and even many "small business" advertised router/firewall devices is at best security through obscurity. A true commercial class firewall is a dedicated device that goes beyond simple packet inspection. A good firewall does stateful packet inspection but that along is far from enough. You need a device that has a true full IPS (intrusion protection system), SPI, antivirus, antibot, application control, and more. Not the highest end thing in the world but I just upgraded our older Cisco PIX to a Checkpoint 1140. That in addition to strong internal security practices at least leaves me feeling semi-secure in that I'm doing something more than relying just on a cheapo firewall in a Linksys router and Windows Firewall.

 

[phototec]

Only takes the NSA half that time

Yea, just don't use any key work like BO_B, or TIM_R, or the NSA will out you on a list wit a higher level of snooping.

 

[JoeBoomer]

We had some group from Russia (go figure....) hack our server last year and encrypt the entire thing (and the backup drives connected to the server). They then hit us up for $5k ransom to give us the password to decrypt it. We were talking with the FBI for a while and they knew who it was. But, because they were in Russia we were screwed. So, we lost pretty much all of our data. (Financial records, artwork, CAD drawings, pictures, etc.)

 

[player]

I agree..... unfortunately network security is one thing the overwhelming majority of small and even medium businesses pay little to no attention to relying on a consumer grade routers "firewall" or the one provided by their internet service provider. The firewall in the majority of the off the shelf consumer and even many "small business" advertised router/firewall devices is at best security through obscurity. A true commercial class firewall is a dedicated device that goes beyond simple packet inspection. A good firewall does stateful packet inspection but that along is far from enough. You need a device that has a true full IPS (intrusion protection system), SPI, antivirus, antibot, application control, and more. Not the highest end thing in the world but I just upgraded our older Cisco PIX to a Checkpoint 1140. That in addition to strong internal security practices at least leaves me feeling semi-secure in that I'm doing something more than relying just on a cheapo firewall in a Linksys router and Windows Firewall.

Is there something that you know of that would be better than "a cheapo firewall in a Linksys router and Windows Firewall" ?

The unit you bought is about $1,200!

 

[SightLine]

There are a few others out there that are far better but any commercial grade firewall is not going to be cheap. From Check Point they also have their 600 series for small business which are still excellent devices and essentially the exact same hardware as the 1100 series. I did a lot of looking and research when I recently upgraded ours and for the features I wanted the Check Point was the best bang for the buck. The cheapest I found it was through http://www.checkfirewalls.com/600-Appliances.asp which is who I bought ours from. They also have a competitive upgrade program which will drive the price even lower. You can pick up an older commercial grade firewall for next to nothing on eBay that will qualify for the discount. They do have to approve it - once you buy on their site, if you get the discounted upgrade one they will email you for the brand, model and serial number of what you want to use as the upgrade. The 1140 wireless model with the upgrade was $641, the equivalent 640 wireless is just under $500. Still pricey but worth it for what you get. To continue the additional features (spam filtering, url filtering, etc) after the first year you do have to pay an annual fee ($150 a year) to keep the updates coming though. Still worth it since you get so much. We have 2 businesses with over 40 employees so I wanted URL filtering (block them from going to certain categories of websites like porn, hacking, etc), spam filtering (very big plus), antivirus, etc. Having all of that at the gateway itself is a big plus since it eliminates things before they even touch your computers.

Is there something that you know of that would be better than "a cheapo firewall in a Linksys router and Windows Firewall" ?

The unit you bought is about $1,200!

 

[peavey123]

Just like someone said. Most small or medium businesses don't even think about their security. I know we as a small company haven't put much thought into it until this week.

My bosses main e-mail address is with Bell Canada. Bell was hacked by some hackers by the name of NullCrew. I guess as a protest to Bell Keeping information they shouldn't? Anyways, I'm not sure of all the details, but our bank account was then frozen by the bank because of suspicious activity.

I knwo this is a bit different as to what you guys are discussing but I would have thought an ISP's e-mail server would be the ultimate secure server, but obviously not. Internet security hurts my brain but I guess this thread is a good place to start.

 

[binki]

I can tell you from experience that someone got into our 1 and 1 hosting account and started emailing 10s of thousands of emails from our site and we were getting about 100 bouncebacks every few minutes. Every day I had 20,000 email bouncebacks coming in. It got so bad 1 and 1 shut my site down and it took a week to get it going again.

Never trust that you are safe with electrocrap.

 

[player]

OK so 40 employees and 2 business I can see it is a great investment...How about a firewall for a home shop operation? Am I OK to use the D-Link Firewall with Windows in that situation? I have 4 computers and an eGenius 3Km wireless to my other shop.

 

[njshorts]

Consider a layered approach- there are a few risks mentioned here that need to be handled in different ways.

Website- Backup frequently to an offsite location and ensure the backup method can't be directly accessed by the web hosting server (eg- use a "pull" method rather than a "push"), update scripts and programs (such as wordpress, joomla, drupal) often, enable anti-virus/anti-spam options and keep an eye on heavy traffic from suspicious sources.

Local- Use strong gateway protection with a good firewall policy, intrusion protection, disabled uPNP (free examples- smoothwall.org, pfsense.org; paid examples- Cisco ASA, Sonicwall TZ, WatchGuard, Juniper SSG), load antimalware software on all machines (such as Vipre or Kaspersky) and update frequently, separate production machines from the internet-accessible LAN (consider using a vLAN on a managed switch or another switch altogether), educate employees on the risks of technology misuse and company policy, block risky websites at the firewall/proxy.

This should be a decent start, but there's always more- security can be as complex or as simple as you'd like. Keep in mind, education is key. You can buy all of the flashing lights and annoyance that comes with control, but nothing will stop a user from opening a 0-day trojan in a zip file from a fake UPS e-mail other than guarded user practices.