Browse All Articles > Precautions for Network Attacks/Hacking/unauthorized access
There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level.
Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway level internet security device at every access point to your network. If you are in a small or medium-sized organization, where management is not willing to invest in IT (IT is a support system to their business, not their bread and butter) you need to give them a small presentation. If they have invested in security cameras and guards to prevent any unauthorized person from entering their premises, why would they will give unauthorized access to anyone to enter their network?
Explore the Internet, but don't expose yourself
Now you have your own firewall/UTM, so now you can prevent unauthorized to your network. While purchasing the firewall your procurement team has negotiated a lot and purchased the lowest quoted firewall and presented it to you. The vendor who has won this bid may have not-that-much-educated engineers, or the engineer sent to configure it is too much clever and configures the firewall in a very short span of time without asking you all the details of your network. So, it is your duty to know your network thoroughly and carefully.
The engineer came, asked you the public IP of ISP, asked you what you want to restrict, created some group, set up some group policies, showed you the bandwidth management, failover, blocking on sites and some good reporting to your mail on daily basis. So, now you are happy, you have shown your management all the reports and your management is also happy.
But in one fine morning, you found that your company website has been hacked. Your application server is not working, your production server is down and management is shouting on you and asking why this happened, after implementing a firewall on your request.
Why did this happen?
The engineer came to configure the firewall has created rules where all the ports are open, so there is no pain for any application, and every application is running successfully. You were also happy at the time of implementation, because everything was running successfully without any hazard. But the person never asked what are applications you are running, or what are ports need to be open for specific services or applications.
PORTS:
Ports are numbered from 1 to 65535, and for customization generally 1024 is the lowest. Browsing the Internet is usually done through port 80 for http and port 443 for https. By default the Remote Desktop port is 3389, the TELNET port is 23, and you can define your ports based on the requirements of applications running in your network. You need to know what are the applications and services running in your network and which ports they are using. You need to open those ports only, not all the ports.
PEER TO PEER DOWNLOAD:
Suppose you need to download something from a P2P site. Generally P2P applications can run on any random port. So, you do not need to open all the ports for P2P downloading. Just create one host id, assign ip against that id, and assign that ip to whoever needs it. Create your own ports for P2P downloading. Assign those ports only for P2P downloading. Or you can create your own service through the help of those ports and allow them for P2P downloading. But change those ports after some time interval for better security.
Keep your intrustion prevention and detection services on in your firewall.
TRY to HIDE your Server from internet. Suppose you have a server in network that needs to be access from outside. My suggestion is that you don't give a public IP address to the server directly and assign port for accessing that application, like www.abctech.com:8089, for example. If possible implement a VPN client to access those applications remotely. They will access your public IP and will be able log in to the server with their individual user id and password.
Users are cleverer than we think. Suppose they have downloaded some third party application which can bypass your firewall/UTM easily. They are free and readily available in the internet. User can download, use this application, set their own proxy and bypass your firewall. Whatever rules you have applied for them for site blocking will not work.
The application will get routed to a particular website and from there userscan access any sites. This can be happen if unknown ports are open by mistakes. From your seat you may feel comfortable that no one can access unauthorized sites from your network, but from where user sits they will also feel comfortable that they can access easily.
So if we all care a little bit and maintain the above points we can protect our network from hacking / attacks up to certain level. Again I am telling the above points are not everything but a liitle precaution.
Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway level internet security device at every access point to your network. If you are in a small or medium-sized organization, where management is not willing to invest in IT (IT is a support system to their business, not their bread and butter) you need to give them a small presentation. If they have invested in security cameras and guards to prevent any unauthorized person from entering their premises, why would they will give unauthorized access to anyone to enter their network?
Explore the Internet, but don't expose yourself
Now you have your own firewall/UTM, so now you can prevent unauthorized to your network. While purchasing the firewall your procurement team has negotiated a lot and purchased the lowest quoted firewall and presented it to you. The vendor who has won this bid may have not-that-much-educated engineers, or the engineer sent to configure it is too much clever and configures the firewall in a very short span of time without asking you all the details of your network. So, it is your duty to know your network thoroughly and carefully.
The engineer came, asked you the public IP of ISP, asked you what you want to restrict, created some group, set up some group policies, showed you the bandwidth management, failover, blocking on sites and some good reporting to your mail on daily basis. So, now you are happy, you have shown your management all the reports and your management is also happy.
But in one fine morning, you found that your company website has been hacked. Your application server is not working, your production server is down and management is shouting on you and asking why this happened, after implementing a firewall on your request.
Why did this happen?
The engineer came to configure the firewall has created rules where all the ports are open, so there is no pain for any application, and every application is running successfully. You were also happy at the time of implementation, because everything was running successfully without any hazard. But the person never asked what are applications you are running, or what are ports need to be open for specific services or applications.
PORTS:
Ports are numbered from 1 to 65535, and for customization generally 1024 is the lowest. Browsing the Internet is usually done through port 80 for http and port 443 for https. By default the Remote Desktop port is 3389, the TELNET port is 23, and you can define your ports based on the requirements of applications running in your network. You need to know what are the applications and services running in your network and which ports they are using. You need to open those ports only, not all the ports.
PEER TO PEER DOWNLOAD:
Suppose you need to download something from a P2P site. Generally P2P applications can run on any random port. So, you do not need to open all the ports for P2P downloading. Just create one host id, assign ip against that id, and assign that ip to whoever needs it. Create your own ports for P2P downloading. Assign those ports only for P2P downloading. Or you can create your own service through the help of those ports and allow them for P2P downloading. But change those ports after some time interval for better security.
Keep your intrustion prevention and detection services on in your firewall.
TRY to HIDE your Server from internet. Suppose you have a server in network that needs to be access from outside. My suggestion is that you don't give a public IP address to the server directly and assign port for accessing that application, like www.abctech.com:8089, for example. If possible implement a VPN client to access those applications remotely. They will access your public IP and will be able log in to the server with their individual user id and password.
Users are cleverer than we think. Suppose they have downloaded some third party application which can bypass your firewall/UTM easily. They are free and readily available in the internet. User can download, use this application, set their own proxy and bypass your firewall. Whatever rules you have applied for them for site blocking will not work.
The application will get routed to a particular website and from there userscan access any sites. This can be happen if unknown ports are open by mistakes. From your seat you may feel comfortable that no one can access unauthorized sites from your network, but from where user sits they will also feel comfortable that they can access easily.
So if we all care a little bit and maintain the above points we can protect our network from hacking / attacks up to certain level. Again I am telling the above points are not everything but a liitle precaution.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (3)
Commented:
Commented:
Commented: