CAPstone Webcast Series: Network Security Recap
May 14, 2020
The COVID-19 pandemic has mandated remote working environments for many organizations. With this newly garnered comfort of working from home (WFH) comes additional security threats that were not as prevalent in the past.
In EisnerAmper’s inaugural Cyber Action Plan (CAP)Stone Series webcast titled “Network Security,” Rahul Mahna, managing director in EisnerAmper’s Process, Risk, and Technology Solutions (PRTS), sat down with Marc Laliberte, senior security analyst at Watchguard Technologies, to discuss some of these additional challenges as they pertain to network security; a key pillar being ‘layered security.’ Layered security is the concept of applying security in multiple ‘layers’ so if an attacker breaches one layer, they are confronted with additional security measures that prevent them from progressing further and causing harm. Below are a few takeaways that users and companies can consider to help secure their internet activities.
Focus on User Authentication and Credentials
“Authentication is the cornerstone of security,” Laliberte said. He emphasized authentication, using one’s network credentials, is how employees gain access to an organization’s network. They are the “keys to the front door,” he said. Therefore, it is logical that network credentials are one of the most pursued items by hackers. This is a large reason why the attack that has increased the most during the COVID-19 era has been ‘spear’ phishing.
Spear phishing is similar to a typical phishing campaign but differs as it is tailored to the individual receiving the malicious email. A user is much more likely to fall victim to a malicious email in their own home due to the lack of face time with peers and other added distractions faced at home. Employees should be trained on how to spot spear phishing and phishing emails. Some common things to look for are the “[External]” tag if configured by an employer, spelling mistakes in the email body and email address, and a tone of urgency.
Multi-factor authentication (MFA) should be utilized wherever possible. MFA leverages at least two inputs to limit the chances that an attacker has both inputs and can authenticate to the network. MFA inputs typically follow the ‘what you know,’ a password, and ‘what you have,’ a token or phone schema. MFA utilizing a random number-generating token is preferred over push SMS messages due to the ability for a phone to also be compromised.
Ensure Perimeter Protections and Monitoring Are in Place
Organizations should ensure that they have basic perimeter protection devices and monitoring tools in place in order to prevent malicious traffic. At a minimum, an organization should have a firewall in place to manage and restrict traffic to various network ports. Any unused ports should be locked down to minimize areas of exposure to external traffic and prevent misuse. Next generation firewalls, which provide an additional layer of network security, should also be used when possible as they allow for a more technical approach to monitoring network traffic. Next generation firewalls have the ability to inspect each packet of data on the network and determine if it is malicious or not. Additional network protection services such as intrusion detection and intrusion protection can be obtained through a unified threat management (UTM) system, which allows the scanning of signatures of known threat detectors, allows or denies the traffic, and alerts the organization when a malicious data packet is found.
Security Tips for the Employee Who Works from Home
Employees who WFH should be encouraged to take some simple steps to protect their home networks as well as these networks could provide an entry point to attackers if proper precautions are not taken. One of the easiest things employees can do is to simply change the name of their home wifi network and utilize a strong password. Laliberte also recommended home networks utilize WPA2 encryption along with an up-to-date antivirus software. There are additional options, such as personal firewalls, which end users can invest in as well. Users should also be encouraged to only log onto their organization's network utilizing a virtual private network (VPN), which “creates an encrypted tunnel from your machine to the network by ‘dropping’ your machine behind the firewall.” This will prevent any would be attackers from eavesdropping on what would otherwise be company business conducted on a personal network. Connecting to an unsecured public network should also be avoided at all costs due to potential eavesdroppers on these networks. ‘Man in the middle’ attacks remain a large threat on unsecured public networks, as it is impossible to gauge who is responding to the network traffic.
In summary, having a layered security protection system is crucial to ensure corporate data and networks are not compromised.
You can access a transcript from the event here.