Private networks are under constant threat of attack, even when steps have been taken to "secure" them. The large volume of malicious codes, and their ability to evolve and adapt, requires security professionals and common computer/internet users alike to be mindful of their actions and constantly play defense. This white paper focuses on 10 common ways that malicious code can penetrate a network. Knowledge of these methods and the ability to recognize them are the first steps in preventing them from succeeding in harming your network.
As of 2010, there are nearly three million unique forms of known malicious code, and thousands of new ones are discovered daily. The risk of being infected is greater than ever. The damage caused by an infection can range from a minor annoyance to a catastrophic disaster. The old wisdom continues to ring true: an ounce of prevention is worth a pound of cure.
Most computer users are aware of the importance of security to reduce the threats that could potentially harm a computer or network. For example, anti-virus and anti-spyware are essential defenses in the war against malicious code. However, technology cannot compensate for poor and risky behavior. Thus, proper training and understanding, along with behavior changes, are needed to facilitate a reduction of malicious code infections.
The methods, vectors, or paths that malicious code can use to gain access to your system are increasing as new services or types of communications are developed. In fact, every single possible communication method that exists for legitimate data can be used to transmit malicious data as well. Thus, we all need to be vigilant in keeping our protections current as well as avoiding risky activities. The following are 10 common ways malicious code reach your private network that you need to be aware of.
1. E-Mail Attachments
Attachments to e-mails are a common method of distribution of malicious code. E-mail is inherently insecure due to its use of SMTP, a plain text-forwarding protocol, and its lack of strong authentication of message senders. The source of an e-mail address can be easily spoofed or falsified as someone that you trust. Often, this alone is enough to trick a recipient into opening an attachment.
Generally, avoid using attachments as a means to exchange files. Instead, use a third-party file exchange system (such as DropBox, Box.net, Drop.io, MediaFire, Windows Live SkyDrive, Foldershare, RapidShare, MegaUpload, Dropload, YouSendIt, SendThisFile, etc.). Thus, when an attachment does arrive, it is suspicious for being abnormal and not the standard method by which common communications take place.
If you receive an attachment and need to determine if it is legitimate, you still need to verify it before opening it. Create a new e-mail (do not reply to the message with the attachment) to the sender and ask for confirmation that they sent the file. Maybe even ask the filename, size, and hash value if you are really concerned. Or, call the person and ask if they sent you an attachment on purpose. If the sender does not confirm the attachment, delete it.
2. Portable Media
Portable media includes any device that can store information. This includes optical discs (CD, DVD, HD-DVD, Blu-Ray, etc.), tapes, external hard drives, USB drives, and memory cards. Any storage device can support both benign and malicious content. The less you know about or trust the source of a device, the more you should be cautious about accepting the device and connecting it to your system. Any media from outside the organization should be highly scrutinized, especially if obtained from a questionable or unknown source.
A possible defense is to use a dedicated scanning system. Every new-to-you media can be scanned at this standalone system before it is used on any production system. Assuming the stand-alone scanner system is updated regularly, it will greatly reduce the risk of malware distribution via media. Another option would be to limit data exchanges to file sharing services that do not involve portable media.
3. Visiting Malicious Web Sites
The Web browser is the primary tool used to interact with the Internet, which is a dangerous place. Thus, many threats breach our organizations' defenses through this seemingly innocent client software. Popular and wellknown sites are generally not a significant threat; however, any site can be the victim of an attack, which in turn could leave you at risk.
Following hyperlinks sent to you by e-mail or chat could lead to malicious locations. Additionally, some search results might not lead to legitimate locations. Always be cautious about following Web links to domain names you don't generally recognize.
It is difficult to always be aware of the reputation of a Web site are visiting, but you can reduce the risk by using an updated browser, limiting auto-execute features of mobile code, and running anti-malware scanners.
4. Downloading Files from Web Sites
Even when visiting generally trustworthy Web sites, there may be additional risk if you elect to download content to your local system. Take ever greater caution when choosing to download material from any site. Seek out only those locations that are known to be safe and trustworthy. For example, download.com, managed by CNet, is a safe location to download software, because they test and verify every file available through their service.