Tip

How to protect your infrastructure against a computer network attack

Protecting your organization and its information technology infrastructure from an intentional computer network attack requires a combination of technology, good practices and vigilance. Attacks can occur

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

inside and outside your organization. Successful responses to attacks on your IT infrastructure and computer network require procedures that coordinate your staff and technology and quickly identify, analyze, and mitigate any threats.

Table 1 lists examples of internal and external computer network attacks, which differ from situations that may be considered accidental or natural disasters.

Internal attacks

External attacks

Theft of personal information via social engineering Hacking, spam
Theft of company data Denial of service
Theft of equipment Viruses, worms
Damage to fiber/copper wiring Zombie attacks
Arson Physical break-in
Altering critical information Vandalism
Disable internal security systems Arson
Disable internal access control systems Theft

Table 1 – Premeditated Attacks

According to the National Cyberspace Strategy, the mere installation of a network security device is not a substitute for maintaining and updating a network’s defenses. Ninety percent of the participants in a Computer Security Institute survey reported using antivirus software on their network systems, yet 85% of their systems had been damaged by computer viruses. In the same survey, 89% of the respondents had installed computer firewalls and 60% had intrusion detection systems. Nevertheless, 90% reported that security breaches had taken place and 40% of their systems had been penetrated from outside their network.

Best practices to prevent and respond to premeditated attacks

The following section provides guidance to help you secure your organization and its IT infrastructure from internal and external attacks on your computer network. While no single solution is likely to address all possible situations, a well-planned and regularly tested program of surveillance, intelligent detection systems, and staff diligence will be very helpful.

The following is a list of best practices for developing and operating threat assessment, response, and recovery activities.

Program development

  1. Develop and approve a formal policy regarding the protection of IT infrastructure assets from attacks
  2. Establish a methodology for identifying, assessing, and mitigating attacks
  3. Establish an awareness program to alert all employees about the need to protect their equipment, data, and other personal information
  4. Establish training for employees to help them identify and report an attack, as well as training for technicians to keep them current on security threats and how to respond to them
  5. Establish a method to brief senior IT and corporate leaders following an attack
  6. Strive for continuous improvement of threat management practices and procedures

Operations

  1. Continuously monitor and assess threats to and vulnerabilities of IT infrastructures
  2. Establish alert mechanisms for critical systems that will notify you when suspicious activity occurs
  3. Activate incident response and management activities to deal with the threat/attack
  4. Launch a warning to other parts of the organization advising of the threat/attack
  5. Activate procedures to recover/restore operations to normal
  6. Conduct a post-event analysis
  7. Update procedures and policies based on outcomes from an attack

Ongoing management

  1. Maintain awareness of known external attacks, such as viruses and spamming, through various information services and security software suppliers
  2. Increase security measures in areas such as outsourcing and procurement by communicating threat characteristics, how to identify a threat, and how to report it to IT security
  3. Identify and reduce software vulnerabilities by working with information security firms to use the most effective security tools and working with software vendors to share information about threats and remedies
  4. Understand infrastructure interdependencies as a way to improve the physical security of IT systems, voice/data networks, and cable/wiring infrastructures
  5. Link infrastructure security plans with disaster recovery and business continuity plans
  6. Train your internal facilities staff (or building management if you lease space) as they will help ensure that your physical infrastructure is secure and the operating environment is properly maintained
  7. Train your internal security staff (whether employees or provided by a third party) so they will be able to proactively identify and deter unauthorized individuals
  8. Regularly test your threat detection, assessment, response, mitigation and control activities to ensure that your team knows what to do when a threat appears
  9. Coordinate protective measures with public-sector organizations

About this author: Paul Kirvan, CISA, FBCVI, CBCP, has more than 20 years of experience in business continuity management as a consultant, author and educator. He has been directly involved with dozens of IT/telecom consulting and audit engagements ranging from governance program development, program exercising, execution and maintenance, and RFP preparation and response. Kirvan currently works as an independent business continuity consultant/auditor and is the secretary of the Business Continuity Institute USA chapter. He can be reached at pkirvan@msn.com.

This story was originally published on SearchDisasterRecovery.com.

This was first published in January 2012

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.