Each working day brings a lot of repetition. Your alarm clock will go off at much the same time, traffic will cause problems and some part of your computer will want you to install an update, and you will probably click cancel. Stop clicking cancel. Every week brings stories of major organisations being hacked because a piece of software wasn’t updated and it’s these updates that close the holes.
Penetration Testing is a service used by large companies to test for vulnerabilities in their networks. It’s based around the idea of ‘set a thief to catch a thief’; hackers, legitimate or reformed, use the same techniques as the criminals to attack a network in a controlled manner, monitoring which systems repel the attack and which ones let it through. The most common issue that comes up time and again during these tests relate to SSL certificates. SSL, or Secure Sockets Layer, is the gold standard security technology for connecting a web browser to the internet and allowing the data to pass between the two while remaining encrypted and private. The problem with being the gold standard is that it becomes the gold prize for attacks. Multiple weak points have been discovered and given names like BEAST and FREAK. Older and weaker SSL are obviously the more exploitable and it falls to the owners and operators to keep the security at a maximum.
Another issue is the catch 22 of old but vital software. Businesses that run in specialised or niche markets are often reliant on programs that haven’t been supported or even produced for years. These are usually the linchpin of the company running vital processes or machinery that without which there is no business. The issue is that once patching and support ends for the software it effectively becomes locked in time to that date and won’t receive any vital security protection against modern and up to date attacks. Ultimately the only solution to this is to rip off the plaster and make the transition. The functions of most archaic software out there is being reproduced in newer programs which have that vital support however it does require moving computers and staff over to a new system. A headache at best but a vital one. Even if there isn’t modern software to fill your needs any complicated program from 5 – 10 years ago can often be reproduced, for a nominal fee, by modern programmers in a way tailored to your business.
Lastly, but by no means the least, change your passwords, change them regularly and make them secure. There is an entire keyboard in front of you so don’t just stick to the letters when there are so many other characters like @ and % waiting to help you keep your company safe. Don’t give in to the urge to write them down either. Memorising the random string of characters for your password is important to keep it secure, and easier than you think- it’s effectively the same as remembering a phone number. Make up a little song if it helps- whatever you need to do to help it stick in your brain.
Posted to Network Security