How Small Companies Can Overcome the Security Risks of Broadband

Written By: Simon Heron

More and more small and medium companies are switching from dial-up Internet connections to broadband, particularly ADSL. While the benefits of broadband are valuable, companies must ensure they understand the risks, particularly security issues. With some simple steps, these threats can be minimized.

The most fundamental danger is simply that with broadband, a small company will be online for longer. This gives more time for hackers and automated programs, or “bots”, to find and abuse the company. Automated bots don’t care who they attack — it isn’t personal, but an SME is likely to get attacked at some point. Gartner estimate that 1 in 5 companies will suffer an intrusion attack (above and beyond a virus attack) in the next 2 years (http://vnunet.com/News/1142933).

A survey carried out in May 2003 by the Yankee Group estimated that SMEs with dial-up were online an average of 2 hours a day, whereas with broadband this went up to 8 hours or more, and might well be 24 hours a day, 7 days a week. The Yankee Group research estimated that a DSL connection increased the chance of an attack by a factor of five, purely due to the increased time online.

If a connection is left on 24/7, attacks can happen at night when nobody is there to notice. An example was the Blaster worm which was able to access unprotected machines, it will have installed itself on many networks overnight. People will only know they are infected because the machine operates slowly and crashes; behaviour which often difficult to detect with certain operating systems. After an attack like this, the IT manager will have to install the necessary patches and then go looking for the worm on each of the vulnerable machine.

Beyond the simple risk of being online for longer, there are other issues with broadband. Spam can be a problem: if a mail server is not adequately protected, our experience has shown that it will probably be in use by a spammer to forward their messages within only 12 hours. As well as using bandwidth, this can mean that the innocent SME is branded as a spammer and blacklisted by its ISP or by Realtime Black Lists (RBLs).

With some ISPs, the IP address is dynamically assigned when the connection is made and not changed until the connection is dropped. This is effectively like a static IP address because broadband connections tend to stay up longer than dial-up accounts. This means that a spammer or hacker can find a company again, once it has identified it as a soft target.

Another risk is peer-to-peer applications like Kazaa. These can be abused by others outside the company to store all sorts of undesirable files. While best known as a means of sharing MP3s and other music files, Kazaa can also be used to transfer other types of less desirable data.

One of our customers reported a problem when their email system ground to a halt – we discovered this was due to a Kazaa programme on their network, which had been hijacked by an external user to store porn on their server. As well as being unpleasant to deal with, this kind of problem could lead to legal action, and is not that easy to block unless a company is willing to spend time chasing down the problem or has a remotely-managed security service that can monitor activity.

So what can SMEs do to protect themselves?

– get the basics in place: A firewall is best accompanied by Intrusion Detection and prevention (IDP) if there are any services running on your network; anti-Virus, anti-Spam, IDP and content filtering need to be updated regularly: Companies should be sure to do so;

– if they notice that the system seems to have ground to a halt or be very slow, investigate; this can often be a sign of an intrusion, a virus or spyware;

– have a security policy; for instance you might ban the use of peer-to-peer software such as Kazaa;

– consider a remotely-managed security service: this will ensure that problems are spotted and blocked overnight, will maintain and update security patches and virus signatures, and is affordable for SMEs these days.
About the Author

Simon Heron, Technical Director, Network Box UK (www.network-box.co.uk).

Previous post:

Next post: