How to Secure Your Organization’s Network
Securing your organization’s network − devices connected to the internet − is imperative as being connected to the internet today increases the risk of cybersecurity issues.
Many small businesses today leave their network unsecured as they believe that a) their business network is small enough for cyberattackers to bother, and b) devices right off the box are secure enough.
“Most attacks are not personal in nature and can occur on any type of network − big or small, home or business,” the United States Computer Emergency Readiness Team (US-CERT)said. “If a network connects to the internet, it is inherently more vulnerable and susceptible to outside threats.”
One of the ways that your organization’s network may be vulnerable to outside threats is through the newly discovered malicious software (malware) called “VPNFilter”.
Researchers at Ciscorecently disclosed that at least 500,000 small office and home office routers and network-attached storage devices in at least 54 countries have been infected by the VPNFilter malware. Cisco researchers said that small office and home office routers of Linksys, MikroTik, NETGEAR, TP-Link and QNAP network-attached storage devices are affected.
According to Cisco researchers, VPNFilter is a malware that operates in 3 stages.
Stage 1of VPNFilter discovers the IP address of the server. The main purpose of stage 1 is to gain a foothold for the deployment of stage 2 and stage 3 malware.
Stage 2of VPNFilter enables cyberattackers to collect files via unauthorized transfer of data from infected computers or servers. Some versions of stage 2 of VPNFilter have a self-destruct capability, overwriting a critical portion of the device’s firmware and reboots the device, causing it to become unusable.
Stage 3of VPNFilter, meanwhile, provides additional functionalities such as collecting traffic that passes through the device, including stealing of website credentials.
According to Cisco researchers, rebooting the devices blocks the stage 2 and stage 3 processes of VPNFilter malware. Rebooting, however, doesn’t eliminate the stage 1 process as the malware maintains its presence on an infected device. The continuing presence of stage 1 in the device means that stage 2 and stage 3 can be reinstalled by the attackers.
To successfully eliminate even stage 1 of this malware, perform a hard reset of the device. This restores the device to its factory settings, wiping out stage 1 of the VPNFilter malware.
In addition to rebooting and performing a hard reset, it’s also recommended to owners of devices to disable remote management settings on the devices, secure the devices with strong passwords and encrypt when enabled and install the latest available security updates of the devices.
Rinse and Repeat: Steps in Securing Your Organization’s Network
Researchers aren’t sure how VPNFilter malware infects hundreds of thousands of devices in different parts of the world. Most of the devices infected by the malware, however, have known security vulnerabilities in the past: most infected devices didn’t change the factory or default login details.
In 2017, attackers exploited the failure of thousands of router owners’ failure to change the factory or default login details of their devices. Thousands of routers worldwide in 2017 were infected with the Mirai malware, using the infected routers for the criminal activity distributed denial-of-service (DDoS) attacks. The DDoS attack on DNS provider Dyn in October 2017 using the Mirai malware and thousands of infected devices managed to disrupt some of the internet’s biggest websites, including Spotify, Twitter and PayPal.
VPNFilter and Mirai are just 2 examples of malware that threaten your organization’s network. Connecting your organization’s network to the internet exposes it to outside threats like VPNFilter and Mirai. While some cyberattackers target specific organizations, many cyberattackers simply scan the internet and indiscriminately attempt to infect every vulnerable device around the world.
Here are general steps that’ll help in securing your organization’s network:
1. Change factory-default configurations on software and hardware.
Many out of the box software and hardware products, including office routers and network-attached storage devices, come with overly permissive factory-default configurations to make these products consumer-friendly. For instance, some hardware products enable remote management settings by default on the devices. Remote management allows you to access and manage a device like router from a remote location, through the internet. Attackers could exploit this permissive setting to their advantages. It’s important then to disable remote management settings on your organization’s devices.
As learning from the Mirai malware, it’s also important to change the factory or default login details.
2. Update all your organization’s software regularly.
Regularly updating your organization’s software is one of the effective means of securing your organization’s network. Software updates don’t just add new features and functionalities, they also provide the latest fixes to the latest security vulnerabilities.
3. Use up-to-date antivirus software.
An up-to-date antivirus software from a reputable antivirus vendor is one of your organization’s defenses against outside threats. Antivirus automatically detects, quarantines and removes publicly known malware.
4. Install firewalls on your organization’s network devices.
A firewall monitors and filters a computer’s inbound and outbound network traffic based on a set of rules or predetermined policy. Firewall, for instance, can block malicious websites. It’s a best practice to install firewall on all computers connected to your organization’s network.
5. Backup your organization’s critical data.
So long as your organization’s devices are connected to the internet, your organization will forever be at risk of outside threats. Aside from outside threats, your organization also has to deal with insider threats. Your organization’s backup data is your best option in case data is infected, corrupted, stolen or lost. When backing up your organization’s data, make sure to encrypt it so that if attackers gain access to this, they’ll have no use of it as the data is useless to them without an encryption key.
No matter the challenge you have, at GenX we will also find the best fit solution. Call us today to access your risks (416) 920-3000