Prevent cyber intrusion and espionage. Four tips by Terry Zink

Yesterday I read that NASDAQ’s systems were hacked, today that the Canadian government was hacked. This news as such is nothing new. Read R. Clarke and R. Knake’s book ‘Cyber war’ and you know that this has been going on for more than a decade. What surprises me more is that it is still newsworthy and people are (or act?) so surprised. On CircleId Terry Zink, a program manager at Microsoft, gives four tips for security officers whether public or private. As they sound sensible, I repeat them here for those interested:

Terry Zink’s tips

1.At the start of it, the government needs a good spam filter to keep phishing messages out of the inbox. It is very difficult to do this, and reputation technologies like SPF and DKIM don’t do much to prevent spoofing (there are workarounds). However, a filter that is up-to-date with the latest blocklists, URL blocklists, and even some more clever technologies is a good place to start.

2.Once the original accounts are compromised, the game is almost over. However, as a basic line of defense (or shall I say, defence), internally organizations should be scanning all email attachments even on internal mail with 2 or 3 pieces of A/V software. Yes, there are plenty of zero-day attacks but make things difficult for malware authors.

3.Make sure software is all up-to-date. If phishing messages were not the original source of these credential thefts, then applying the latest patches (OS, web browsers, 3rd party plug ins like Flash) is crucial.

4.One thing that isn’t in email security but has been implemented by companies like Comcast is network inspection technology. By analyzing where URLs are resolving to (i.e., bad IP space), organizations can block people from browsing to malicious sites at the network layer. Comcast does it by maintaining a list of known bad IPs where domains point to bad A-records and quarantine people that way. The government could do the same. Bad A-record IP space is one thing, maintaining a database of known bad registrars and/or name servers is yet another step forward. If where the user is trying to navigate to is hosted in a bad neighborhood, then don’t let them do it. Users have to click links that go somewhere; if that somewhere can be short circuited then it throws a wrench in the attackers plans. The one exception to this is a legitimate web site that has been compromised (and there are lots). That’s tougher to mitigate.

I hope with these tips your IT environment can become a little safer, but it appears that the human factor remains the weakest link. Even smartest at the top.

Here’s the link to the whole article.

Wout de Natris

Haarlem, 19 February 2011

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber espionage, News flash and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s