“With broadband usage quickly becoming a standard in the business world and network security hazards on the rise,Small Business Network Security 101 Articles small businesses without a dedicated IT team are faced with the great challenge of protecting their networks from threats. However, in order to meet this challenge, small businesses must first face a greater challenge: understanding and acknowledging the threats.
The purpose of this document is to provide small business owners and network administrators with a better understanding of security needs and to outline the actions that can be taken to ensure the safety of networks and their data.
Why Are Small Businesses Vulnerable?Perhaps the greatest threat to small business networks is the owners’ false sense of security and their lack of proficiency in protecting their networks. Very often, small business owners push network security issues down the priority list in favor of more pressing matters, and in many cases, network security is not a concern at all.
To better understand the severity of this phenomenon, consider the following research results:
According a survey conveyed by the National Cyber Security Alliance, “More than 30% of those polled by the National Cyber Security Alliance (NCSA) think they’ll take a bolt of lightning through the chest before they see their computers violated in an Internet attack.”
The SANS/Internet Storm Center publishes a statistic reporting the average time a “clean” (un-patched and undefended) system can be connected to the Internet before being attacked or scanned. Recent data indicated an average of 20-30 minutes. New threats continue to emerge every day, and “lightning” can strike, whether in the form of lowered productivity due to spam, or priceless information such as customer credit card numbers that end up in the wrong hands.
Many small business owners wave off network security concerns, claiming that the size of the company and its insignificance in the market will deter hackers from targeting the network. This is a very misguided approach. Strict regulations such as the Sarbanes-Oxley Act require enterprises to invest more in information security. Enterprises are aware of various security threats and often employ in-house specialists to defend their networks from various threats. Companies with large networks own complex firewall and intrusion prevention systems that are regularly updated and maintained. Small businesses cannot be expected to have manpower, money, or time to invest in maintaining an enterprise-scale network security system. However, this does not mean they should ignore security threats.
A good example of the vulnerability of small networks in comparison to enterprises is the effect of the My.
Doom worm (released in January 2004). According to the Internet Security Alliance data, one out of three small businesses was affected, while only one out of six enterprises was affected. It is not always personal. As you will learn later, most attacks and security threats are aimed at the general public and not directed at any specific company or network. A hacker can run a software program that scans networks and IP ranges, looking for potential weaknesses. When such weaknesses are found, the hacker can take over the machines or infect them, in order to use them as a “zombie army” in larger scale attacks.
What Happens If I Do Get Hacked?According to a Gartner study , 40% of small businesses that use the Internet for more than email will be successfully attacked by the end of 2005. More than half of the businesses attacked will not even know it. Could you be one of those businesses? Are you aware of the damage a severe attack could inflict on your business? Think of what would happen if a computer containing important business data was physically stolen, and the data was not backed up. · How much would a new machine cost?· How much irreplaceable data would be lost?· How much would this data loss cost your company?· Can you afford the financial costs, downtime, and hassle?Each business is different in both vulnerability and risk. The questions above can assist you in beginning to assess the potential damage of an attack on your network. However, there are other threats beyond hacker attacks and loss of information. Know them, and protect yourself.
What Are the Threats?Like any technology, Internet security threats are changing and evolving at all times. Hackers adjust their methods and develop them to take advantage of both technological vulnerabilities and psychological weaknesses of employees. Some current threats are:
Security Holes or Vulnerabilities. These are “bugs” in operating systems and software that can be exploited by hackers. When a vulnerability is discovered, the race begins: hackers hurry to develop exploits, which are pieces of code that use the vulnerability to penetrate or disable a program or a whole network, before the software developer releases a patch to close the hole. · Direct Attack. Though less common in the small business world, direct attacks do exist. A disgruntled worker, a very unhappy customer, or a competitor with network knowledge can try to hack into the network with different intentions. From simple curiosity to data theft, many reasons can cause a hacker to come knocking on your office network door.
Viruses. Though less common nowadays and often confused with worms, viruses are pieces of executable code that can do damage 업소 사이트 순위 to a computer system. Viruses often spread over email and recently over instant messaging networks, by disguising themselves as legitimate attachments. The user activates the code unknowingly, thus infecting their system with the virus. Viruses often use the victim’s address book to email themselves to other mailboxes. Viruses can range from merely annoying to dangerously destructive.
Worms. Similar to viruses and much more common are computer worms. Unlike viruses, which infect programs and files, worms do not attach themselves to any other software and are self-sustained. Worms often propagate themselves using an infected system’s file transmission capabilities, and may increase network traffic dramatically in the process. Other possible effects of a worm include deletion of files, emailing of files from the infected computer, and so on. More recently, hackers have designed worms to be multi-headed, so that their payload includes other executables. The most infamous worm is My.
Doom, which, along with its variants, caused several billion dollars worth of damage to businesses, ISPs, and home users.