<

Precautions for Network Attacks/Hacking/unauthorized access

Published on
5,473 Points
1,973 Views
5 Endorsements
Last Modified:
There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level.

Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway level internet security device at every access point to your network. If you are in a small or medium-sized organization, where management is not willing to invest in IT (IT is a support system to their business, not their bread and butter) you need to give them a small presentation. If they have invested in security cameras and guards to prevent any unauthorized person from entering their premises, why would they will give unauthorized access to anyone to enter their network?

Explore the Internet, but don't expose yourself

Now you have your own firewall/UTM, so now you can prevent unauthorized to your network. While purchasing the firewall your procurement team has negotiated a lot and purchased the lowest quoted firewall and presented it to you. The vendor who has won this bid may have not-that-much-educated engineers, or the engineer sent to configure it is too much clever and configures the firewall in a very short span of time without asking you all the details of your network. So, it is your duty to know your network thoroughly and carefully.

The engineer came, asked you the public IP of ISP, asked you what you want to restrict, created some group, set up some group policies, showed you the bandwidth management, failover, blocking on sites and some good reporting to your mail on daily basis. So, now you are happy, you have shown your management all the reports and your management is also happy.

But in one fine morning, you found that your company website has been hacked. Your application server is not working, your production server is down and management is shouting on you and asking why this happened, after implementing a firewall on your request.

Why did this happen?

The engineer came to configure the firewall has created rules where all the ports are open, so there is no pain for any application, and every application is running successfully. You were also happy at the time of implementation, because everything was running successfully without any hazard. But the person never asked what are applications you are running, or what are ports need to be open for specific services or applications.

PORTS:
Ports are numbered from 1 to 65535, and for customization generally 1024 is the lowest. Browsing the Internet is usually done through  port 80 for http and port 443 for https. By default the Remote Desktop port is 3389, the TELNET port is 23, and you can define your ports based on the requirements of applications running in your network. You need to know what are the applications and services running in your network and which ports they are using. You need to open those ports only, not all the ports.

PEER TO PEER DOWNLOAD:
Suppose you need to download something from a P2P site. Generally P2P applications can run on any random port. So, you do not need to open all the ports for P2P downloading. Just create one host id, assign ip against that id, and assign that ip to whoever needs it. Create your own ports for P2P downloading. Assign those ports only for P2P downloading. Or you can create your own service through the help of those ports and allow them for P2P downloading. But change those ports after some time interval for better security.

Keep your intrustion prevention and detection services on in your firewall.

TRY to HIDE your Server from internet. Suppose you have a server in network that needs to be access from outside. My suggestion is that you don't give a public IP address to the server directly and assign port for accessing that application, like www.abctech.com:8089, for example. If possible implement a VPN client to access those applications remotely. They will access your public IP and will be able log in to the server with their individual user id and password.

Users are cleverer than we think. Suppose they have downloaded some third party application which can bypass your firewall/UTM easily. They are free and readily available in the internet. User can download, use this application, set their own proxy and bypass your firewall. Whatever rules you have applied for them for site blocking will not work.

The application will get routed to a particular website and from there userscan access any sites. This can be happen if unknown ports are open by mistakes. From your seat you may feel comfortable that no one can access unauthorized sites from your network, but from where user sits they will also feel comfortable that they can access easily.

So if we  all care a little bit and maintain the above points we can protect our network from hacking / attacks up to certain level. Again I am telling the above points are not everything but a liitle precaution.
5
Comment
Author:DIPRAJ
4 Comments
 
 

Administrative Comment

by:Eric AKA Netminder
diprajbasu,

Your article has been published.

ericpete
Page Editor
0
 
LVL 5

Expert Comment

by:Mitchell Milligan
I think it is a great article.  One thing I would like to note is that unless you are a business that is running localized services, opening ports is not a secure practice.  One better way of accessing remote services that reside in your office or home is to utilize a VPN connection.  This is a software and protocol that uses a secure method of communication to allow you to operate on a secured network when you are away from your home or office.  By using this method and not opening ports, it protects your network resources from intruders taking advantage of open ports.
0
 
LVL 1

Expert Comment

by:Li HUANG
Thank you     diprajbasu for the summary guild.   To restrict open port (s) ,  example only :80 to your remote ddns updater , how allow the router.map and ldap id you entirely  when as , the primary domain configure invalid at the router.format limited ? ( For a privacy : domain.com  format just input able as xxx.domain.com that of node.domain.com node default to where ? )   Can it be taken away by a device somewhere to be the domain.group ?   Hope to feedback Please .
0
 
LVL 1

Expert Comment

by:Rahul Sam
Really great idea, There is one more precaution should be taken for network security by doing  penetration testing. As it is the best and most convenient way to find the vulnerabilities in network or websites.
0

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Join & Write a Comment

If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month