Table of Contents?Scenario 2Table of Contents 3Physical sites 4Social engineering 4WiFi networks: 4Avoiding Man in the middle Attacks (MITM) 5VPN 5Proxy Server with Data Encryption 5Secure Shell Tunneling 5About DDOS attacks 5To counter this threat 5DMZ 6Internal File and Database servers 6Nano Servers and containers (Cloud Services) 6Insecure APIs (Application Programming Interface) 7Malware Injection 7Social Media 7The legal, social, ethical and professional issues associated with active measures against threats. 8Contractual duties that cannot be avoided are 8In most countries there are laws that apply to IT professionals 8Ethical decision making 8Measured Response 8Conclusion 9Ref 10Appendix 10?Physical sites Afford a number of attack surfaces. There’s the building itself, it needs to be secure. Strong doors, walls, secure access/entry control, security guards, cameras. Backup power supplies. Secure backup locations. Fire and Flood. Secure terminal access reduces random access attempts.Compartmentalised system to prevent “side stepping” or “key to the kingdom” vulnerabilities.Two stage authentication.No BYOD, reduces the chances of infection by being able to control software and antivirus.Enforced policies in regard to internet use and accessLock down the use of removable/portable drives (avoids the possibility of infection, disgruntled employee/maid attacks)Social engineering This must also be considered. Both as something that needs to be guarded against and as a potential attack surface. This can be as simple as hanging around local bars and cafes in the general area and attempting to befriend employees in an effort to groom them into disclosing information in an informal manner and setting. These situations are also suitable opportunities to access security passes and mobile devices handled by the unwary. You can also Sniff local WiFi access points hoping to gather information from badly setup and insecure mobile devices. Another common ploy is to don a simple outfit with an ID badge and a clipboard it’s amazing how often people fail to question people who look official and have an air of authority. With this in mind you could walk into some properties without hindrance. If you look like you have the right to be there, you must by extension be ok.Either direct access by showing up and expecting the door staff to let you in or by following someone through a door close enough to prevent it closing all the way are simple ways to get physical access to a property. Another more elaborate manner is to impersonate a member of a Utilities supplier ie: Gas, Electric or Water Board. WiFi networks: Public ones don’t usually have any security resulting in the chances that hackers can eavesdrop. Avoid unsecured public WiFi hotspotsAvoiding Man in the middle Attacks (MITM) VPN VPN’s are used to extend a private network out across a public network, therefore allowing recognised users to send and receive data across shared or public networks just like their devices were directly connected within their private network. If you are going to use one you must use strong end to end encryption otherwise it’s pointless. As there always lies the possibility of interception, but not much point in information you can’t decipher.Proxy Server with Data EncryptionAnother technique is making use of a proxy server and encrypt the transmission between you and the proxy.Making use of the SSL Protocol, means your data traffic to the sites you are visiting will be always encrypted, like a https connection. It works as an intermediate step that takes in your information or request and sends it out as if it was from a server. It then also takes the resulting answer and transfers that response through itself, preventing any direct communication.Secure Shell TunnelingMakes use of the SSH network protocol which creates a remote secure tunneling for UNIX based systems. Typically used to allow remote access to a machine to execute commands whilst also supporting tunneling and TCP Port forwarding. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user.Allowing the transfer of unencrypted traffic over a network through an encrypted channel.About DDOS attacksThere are two basic forms there are the DDOS Attack Scripts and the DDOS Toolkits.The attack scripts are the usual choice for the amater attacker but widely available for download and simple to use. Whereas the Toolkits offer a wider range of options for the more accomplished user and are harder to counter because of the greater likelihood of a multi source attack.A couple of well known examples of the available Attack scripts are:Low Orbit Ion Cannon (LOIC) and HTTP Unbearable Load King (HULK)Because they can be easily downloaded, they are used as copy and paste attacks written by experienced hackers, although will usually result only in an attack from a single source.To counter this threatRouters.Firewalls.Aggressive timeouts.Lower UDP (User Datagram Protocol) flood drop threshold.DMZA lot of people are under the impression that a DMZ is the answer when it comes to allowing access to services within a network in a safe and secure fashion. This is incorrect. It can be used as a first line of defence but should never be relied upon completely but rather as one piece of a larger puzzle. DMZ functions as an isolated network positioned between the Internet and your private network. A DMZ opens all ports and routes them to one machine. If an attacker gets control of the DMZ’d PC or server using an exploit, they are now inside your network. The Exposed Host is not separated from the rest of the network. It still sits within the same broadcast domain. Resulting in the attacker having total access to the local network. In addition to that, all internal services running on your compromised machine then become visible to Internet traffic.You can counter this issue to some degree by only opening and forwarding certain ports to a specific machine, you then need only worry about security on those particular ports. Internal File and Database serversThe usual threats against file and database servers are:Password CrackingNetwork eavesdroppingSQL InjectionUnauthorised Access Internalised firewalls between your servers should also help to slow down or stop “key to the kingdom” and external breaches should they occur.Nano Servers and containers (Cloud Services)Nano servers are a lightweight stripped down system specifically designed to run cloud applications and containers. They’re available in both Unix and Windows based systems so you choose your particular favourite. They run headless and without many server core components resulting in a faster more stable and higher security service with a lot less resource requirements. Resulting in a higher density more efficient OS resource utilizationThis allows you to split your application/s into multiple containers and quickly scale on demand. The stripped down approach allows you to use the bare minimum of features required to run your chosen application. Less overheads, less maintenance, fewer problems as there’s nothing superfluous to worry about. Resulting in less patching and restarts. There are also less ports open so smaller attack surface compared to a traditional serverYou should also use System Logs and ETW (Event Tracing) Logs, in the event of a problem they can be useful in helping to locate the time and source of a potential security breach.Insecure APIs (Application Programming Interface)The vulnerability of an API lies in the communication that takes place between applications. While this can help programmers and businesses, they also leave exploitable security risks. If the coding in not setup to robustly deter penetration attempts this will soon lead to vulnerabilities coming to light. Malware InjectionMalware injection is the insertion of scripts or code into embedded services resulting in Malicious Code being seen as part of the original service or software. Therefore being able to carry out it’s nefarious objectives un-molested. This sort of attack depends on exploiting input validation and data access vulnerabilities.You can counter these attacks by improving input validation, strengthening permissions therefore restricting access to the database and closing nonessential ports. Whilst for those that do require access to the database use authentication certificates and pre-authorized machines only.Social MediaCreate and enforce a Social Media Policy. Include information on how to create a secure Password.Monitor and deal with any Company Branding mentions.Only allow sharing of pre-approved content on the company site.Attempt to avoid Malicious software by disabling downloads.Designate a staff member to moderate the site aiming to avoid phishing attacks, spam and human errors.Should a breach of any kind occur inform users of any potential infections so they can make their own corrective counter measures.Lock down and deny the use of personal social media use whilst using company equipment to avoid opening up potential attack surfaces including: GroomingBeware of malicious software and apps, phishing attacks. Email attachments, embedded malware in correspondence and jpegs.Social Engineering.Data Mining.Unconfirmed identities for users.Human errorTwitter and Facebook, both have security vulnerabilities. I’m not saying don’t use them. They are the two of the most popular social media sites. Just to be aware of the potential threats that could occur through their use and how to minimise them.The legal, social, ethical and professional issues associated with active measures against threats.Contractual duties that cannot be avoided are• Truthfulness– dealing honestly and openly with people.• Allegiance – how you treat the confidences given to you.• Accountability – you could be taken to court if you are negligent or over step your boundaries. In most countries there are laws that apply to IT professionals• Computer misuse law.• Contract law.• Intellectual property law.• Data protection law.• Computer evidence. Ethical decision making• It is not just about deciding what you think is right and wrong.• Moral systems and principles should be laid out in advance and used as a framework for all decision making.Measured ResponseA natural human response when faced with violation of personal space or property is to fight back, to lash out. This however is unacceptable behaviour for a business or by any representative of one.Legally we are allowed to defend against such intrusions but not to actively fight back. We can lock out and shut down their activities where possible, we are not allowed Legally to go on the offensive. 1 Just because they did it to you doesn’t give you the right to do it back.Every company of any size should be aware of the various legal and ethical implications of their actions in all their dealings. All actions taken to reduce potential threats to the electronic security of a business must be reviewed to make sure that they are on the right side of the Law (in the Country where the Company resides and in any foreign countries that they deal with in a professional manner). As well as making sure that the rules and practices do not in any way harmfully impact on the lives of their employees and customers without prior consent (signed waivers as part of a written contract and terms of service) full and open disclosure with documentation available upon request is conducive to remaining on the right side of the Law.ConclusionYou are never going to catch all threats and you are never going to be 100% secure as the dangers change on a daily basis. Although it doesn’t hurt to be prepared for such eventualities with the ability to recover from problems in as short a period as possible (Backups, Backups, Backups). Whilst always maintaining vigilant for the next threat to come.