IT security is a deep and wide subject. It's complex. Threats abound. The scope is sometimes frightening and often misunderstood. It's easy to tune out that which you don't understand and that makes you even more vulnerable.
Education is the first step towards peace of mind.
Getting familiar with IT security jargon will help you better understand security-related news and information bulletins. You'll be able to make better and more confident decisions for your business.
In this first article, we'll begin a plain language explanation of some of the terms, acronyms, definitions, and other knowledge to take you to the next level in understanding. We're starting with networking. This is meant to be high-level and isn't always a full explanation. It's meant to be just enough to help you get it.
Whether wired, wireless, or a combination of the two, the network is the means by which your different computing devices talk with one another to find and exchange information such as email, files, and web pages. Devices may include workstations, servers, databases, tablets, smart phones, printers, and more. Devices are typically connected through a piece of hardware called a network switch. The switch is probably found in your network/phone closet. It likely has lots of blinky lights and lots of network cables hanging from it.
Any information you request or send from one device to another device traverses the wires/air and your switch as bits of electronic signals. For example, if you send an email to someone else in your office, your computer converts the email into electronic bits and sends it over the network to the intended person. That person's computer receives the electronic bits and converts it back into a the human-readable email in their inbox.
SECURITY ALERT: From the above explanation of what happens on a network, can you see that if a person could somehow get in the middle of that exchange of electronic bits, that person could actually copy, change, or divert the information? This is what's known generically as a man-in-the-middle attack or MITM and it's a very common type of security breach. In practice, a MITM attack could occur between you/your device and anywhere you go within your network or over the Internet.
Most routers are one of those pieces of flat hardware sitting in your network/phone closet. It's got some blinky lights. Your Internet service line is probably plugged into one side and the other side is plugged into your business network. When first invented, the router's primary purpose was to send information, such as email and files, from one network to another network. The router knows about other networks and how to reach them as necessary to deliver your information.
For example, when you send an email to a customer, it leaves your network through your router and it goes onto the Internet. Then your email makes it's way through the Internet to your customer's router where it enters their network and arrives in their inbox.
The first routers had little to no security in that they didn't do much to block or control what was sent through them. In fact, many networks were simply wide open. As security needs changed, routers evolved with more sophisticated features including the ability to block and allow certain types of network information. Those more advanced routers became the first firewalls.
At it's heart, a firewall is a router. In fact, many people use their firewall as their router in one single hardware package (the one with the blinky lights). A firewall does everything a router does and often it's configured in the same manner. In addition to transmitting and receiving information between networks, the firewall can inspect that information, also known as network traffic. You may sometimes hear a firewall referred to as the traffic cop for your network.
The traffic cop is programmed by defining rules. Those rules determine what kinds of traffic can come and go through the firewall. Advanced firewall capabilities include looking deeply at the traffic and the patterns of traffic. By doing this, a firewall may be able to determine if it's under attack and alert or even block the attacks. It may also be able to block undesirable traffic such as a virus, streaming videos and music, or a naughty website.
SECURITY ALERT: From the above explanations of a router/firewall, can you see that if its rules are misconfigured or tampered with, your private network might be exposed to anyone on the Internet? Also, can you see that since the firewall/router sits between your network and the Internet, it is also an ideal spot to execute a man-in-the-middle (MITM) attack?
SECURITY ALERT: Since the firewall/router is what sits between your network and the Internet, you are vulnerable to something called a denial-of-service (DOS) or distributed-denial-of-service (DDOS). In one form of a DOS or DDOS attack scenario, one more more remote devices outside of your network are compromised and controlled by a malicious party and those compromised devices can send massive volumes of network traffic to your firewall. This can overwhelm the firewall to the point where it can no longer process your emails, files, and web pages. Technically, this isn't a breach of your information but it may still have the effect of shutting down your business. If your own devices are compromised and being controlled to send a DOS/DDOS attack, it can also overwhelm your firewall.
As we continue our education in the technologies you use, how they work, and where security problems can occur, an obvious question will be "how do we prevent this!?"
The following guide will generally apply (work with our IT provider as necessary):
- Get educated on the basics of the tools and technologies you need
- Create written security policies that meet your business and compliance needs
- Create a security incident plan
- Regularly Educate your team on IT security threats and best practices
- Prepare for a security incident - have a disaster recovery plan and business continuation plan
- Implement the tools and technologies necessary to enforce your policies and plans
- Keep your security tools and technologies up to date. Monitor them. Review reports.
- Immediately report anything suspicious and be vigilant
- Audit and test your security systems and disaster recovery plans regularly
- Maintain appropriate cyber-security insurance
- Rinse and repeat!
We hope you've learned something new and valuable. Please look for further blog posts so you'll be able to make better and more confident decisions.
-Jeremy and Team Tobin!