The Data Breach: Part II (Strengthening your Infrastructure)

September 22, 2014 by Brad Garnett

In Part I, I discussed an overview of a data breach. I am going to give you some ideas in strengthening your network infrastructure.  The retail sector has been hit very hard this past year with data breaches. Target had an estimated 40 million credit card numbers stolen during the 2013 holiday season.  Recently, Home Depot’s data breach appears to have compromised an estimated 56 million credit card numbers, which surpasses the Target data breach.

While the digital forensic investigation still appears to be ongoing with the Home Depot data breach, we do know that malware was the mechanism used in both breaches to steal the credit card track data.  In the Target data breach, the attacker utilized stolen vendor credentials to access Target’s network, which enabled the attackers to then deploy the malware to the POS systems.  Home Depot released this statement on September 8th regarding the data breach.  Home Depot has reported that the malware used against in POS systems was “custom-built”.  If you want to find out more information regarding these breaches, a simple keyword search using your favorite search engine will provide further reading.  If you own or manage a small business, I am sure that you are aware of the risks when it comes to payment card information, especially in the retail, restaurant, and hospitality industries. The Home Depot data breach and Apple’s Apple Pay announcement, has generated a lot of recent buzz regarding chip and pin technology. While the technology isn’t bulletproof, it is a solid step in the right direction to get away from the antiquated magnetic strip credit cards that are part of everyday business and consumer transactions. According to this article, Visa and MasterCard are already issuing chip cards when a customer’s credit card expires. Visa also announced its partnership with Apple in transforming the mobile device payment industry.

Now, some good news and items you can review right now to ensure you are safeguarding your business. Below is a non-inclusive list of five (5) things you can do to review your own business when it comes to safeguarding and monitoring your data.

Note. Contact your Kemper Technology IT Consultant for issues related to your specific computer network environment.

 

  1. Inventory of Authorized/Unauthorized Users, Devices, and Software on Your Network
    • Devices
      • Wireless
        • Filtering?
        • Necessary and monitoring?
      • Wired
        • Filtering?
        • Necessary and monitoring?
    • Users
      • Active versus Inactive Accounts
      • Correct Administrative Privileges
      • Monitoring?
    • Software
      • Required versus non-required business software
      • Controlled access?
  2. Servers, Desktops, Laptops, and Mobile Devices Properly Configured
    • Proper configuration management should include managing, tracking, and correcting issues related to basic controls
      • Ports
      • Accounts and Passwords
      • Protocols
      • Services
      • Security Patches and Updates
      • Etc.
    • Installing and/or running only required applications/services
  3. Firewalls, Routers, and Switches Properly Configured
    • Patch management
    • Protocol management
    • Logging
    • Monitoring
    • Etc.
  4. Data Protection
    • Physical/ Device security
      • Physical access to building/server room?
      • Monitoring USB devices?
    • Authentication
    • Encryption
    • DLP (Data Loss Prevention) Techniques
    • Monitoring all ingress/egress network traffic?
  5. Network Boundary and Malware Defense
    • Anti-malware solution/defense
      • Users
      • Devices (including removable device)
      • E-mail
      • Web browsing
    • IDS (Intrusion Detection System)
    • IPS (Intrusion Prevention System)
    • Whitelisting/Blacklisting
      • Protocols
      • E-mail/IP addresses
      • Applications

As I mentioned earlier this list is non-inclusive, nor will it definitively prevent a data breach.  These are just five items for you and your IT professional to review in order to strengthen your computer network infrastructure defenses. It is important to mention that there isn’t a “security silver bullet”.  Spending money on hardware and software will not fix security.  Training and education of employees is also vital to strengthening your overall organization’s computer infrastructure.  Securing and strengthenng a computer network is an on-going and continuous process.

Brad Garnett, CCE®, GCFA is a Digital Forensic Consultant with Kemper Technology Consulting, a division of Kemper CPA Group LLP.  Prior to joining the Kemper team, Garnett spent the last decade in law enforcement, where he specialized in digital forensics. Mr. Garnett works with clients from various industries, including health care, law firms, local governments, and small businesses, where forensic technology is needed to answer a legal question or make a tough business decision. If you have a business need or legal matter where forensic technology can help answer your question, please contact Brad at 812-421-8000.
Kemper CPA Group LLP publications should not be construed as legal advice or legal opinion on any specific facts or circumstances. The content is intended for general informational purposes only. You are urged to consult your own advisor on any specific legal questions concerning your situation.

Reference List:
SANS: http://www.sans.org/critical-security-controls

Feeds

Questions?

Have a question or need more information? Talk to us today about what we can do for your business.

Contact Us »

E-news

Join our mailing list to keep up with the latest technology services and trends.