|
Most people—mistakenly—believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a “pivot-and-attack.”
Two Common Ways Attackers Use “Pivot-and-Attack”
Phishing is a common avenue for attackers to gain an inside pivot point. Attackers often use two phishing techniques to enter a network in order to pivot and attack:
OR
A favorite next step for attackers is to migrate to an anti-virus process, because most anti-virus programs do not self scan, thereby making it even easier to avoid detection. Migrating to another process enables the hacker to maintain the connection to the user’s computer, even after the browser is closed. The hacker will then either attempt to elevate privileges and load a root kit or simply use that system to pivot and attack.
Where are the Vulnerabilities?
The most common cause behind the presence of vulnerable applications: failing to stay on top of security updates, either because of lack of time; an administrative policy failing to allow for frequent updates; or updates breaking custom programs/applications.
Why Should You Worry About Traffic Coming From Inside Your Network?
It is common for companies to think that no one inside the company would initiate an attack on the internal network. With a large amount of companies configuring their firewall rules to protect their internal assets only from external sources, attackers “on the inside” have an excellent vector from which to pivot and attack.
Keeping up to date on patches and security updates is a good start toward protecting your network. Installing an intrusion detection system (IDS) or intrusion prevention system (IPS) is a good way to catch some of the internal intrusions, but any security control needs to be re-assessed periodically to make sure it is catching everything. It is important, for example, to know that your IDS/IPS rules are capturing known exploit command executions and even common machine-level shell code that is being executed from within the exploit.
Network security is a balancing act between security and accessibility. There is no hard and fast way to achieve and/or maintain perfect security on any network. The goal of any security controls and countermeasures should be to defend your network while maintaining ease of use and accessibility. The most important idea to take away from this article is that you must maintain security from the inside just as you do from the outside.
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC