Pre-Attack Techniques: Prevention of “Hacking Attacks”
According to Ms. Litan (2010), “Hacking is the fastest growing crime, along with ATM skimming”. To prevent hacking attacks into an organization system, first, the organization can deny access to systems by undefined users or anonymous accounts by the introduction of system passwords. This password can be further designed in a way that after specific number of unsuccessful logons, it is suspended or delayed.
Also, the company can monitor the use of the administrator and other powerful accounts. This can be done by installation of CCTV cameras in the respective rooms, and an observer employed to monitor them at all times.
Obsolete user accounts should also be removed soon as the user leaves the company and inactive accounts suspended after 30 -60 days. Strict access, need-to-know and the least-privilege practices should be enforced. Also, unneeded system features, services and ports should be removed and default password settings replaced.
More is to ensure that logon IDs are non-descriptive of job function and global access is limited. Also, redundant user IDs, accounts and non-based accounts should be removed from resource access lists and the redundant resource rules from accounts and group memberships. Password rotation and password requirements (length, contents, lifetime, distribution and transmission) should be enforced.
Reasons why some organizations have not implemented these defensive tactics
Most companies lack the enabling technology and resources. For instance, the installation of CCTV cameras, require money and resources, which these companies may not be in a position to provide.
Other than installation, extra employees who monitor the organization and service the equipment are needed. This requires an extra budget. Death of an expert personnel, on the other hand may result to delays if the password was not shared and has to be traced or a code must be crushed. The company may tend to fear such situations.
Pre-attack techniques are controllable from the organizations perspectives. According to Joshua Brustein (2013), “One tactic would be the use of software that would lock down a computer if it were used to open restricted files”. Other pre-attack techniques may involve, frequently changing passwords in case the workers are working with someone inside the company, giving different passwords to different individuals incase there is intra-company disputes, and many more “hacking attack” prevention techniques discussed earlier. Most of these methods are controllable and can be used to prevent pre-attacks into the company’s systems.
References
Brustein J (2013), Gallery Reports Menu: Letting Companies Hack the Hackers: What could go
wrong?
Hackers Back, Retrieved from http://blog.radware.com/security/2013/01/mitigating-attacks-in 2013/
Konig R., (2013), Radware Blog: Mitigating Attacks in 2013: The Year Companies Push
McQueen M. P., (2010), Wall Street Journal: Preventing A Hack Attack Retrieved from
http://online.wsj.com/article/.
