Managed Security

Ok so this isn’t actually a step by step guide but I did recently read a great post on the Sentelist.net blog and it inspired me to try and explain a little more about how it’s still possible to carry out such attacks despite modern security systems being in place.

There have been a number of high profile bank hacks through the years even as recent as last year when the Federal Reserve Bank of Cleveland was hacked, but how does someone hack such an important and well-guarded deposit of highly sensitive information. The simplest way is to remotely seize control of a bank employee’s computer, often through some of the weaknesses in pre-installed software.

These attempts to take control of a system are often made through direct emails with attachments which contain Trojan Horse programs which collate data and connect the user’s system to a remote command server or malicious websites which attack the web browsers and force a download of code.

There are a number of Trojan programs available that have been designed specifically for such a hack and are widely available for purchase for as little as a few hundred pounds. These Trojan programmes are able to carry out a variety of tasks including logging bank account activities, taking screenshots, stealing money from accounts and hiding fraudulent transactions.

These Trojans operate by remaining dormant until the web browser accesses a bank account when it copies the users password and username details and sends an error message back to users telling them the service is unavailable while the hacker empties the bank account immediately. Other hackers use malware to change the values and account details of original transactions and display false details to a user when asked to authorise a transaction. These are just some of a variety of the methods used.

Online fraud is becoming more sophisticated every day but there are a number of ways banks can improve their managed security services by adding server-based fraud detection, out-of-band verification for transaction requests and out-of-band communication protocols to prevent call forwarding from numbers not authorized by the user.

I recently read a great post on the Symantec.com blog which reminded me of when I first started in this business. In the early days the largest threat to asset security was the Hacker but security providers and solutions have come a long way since then and so too have the threats and technology.

With most security systems setup to detect intrusions to networks a whole host of IDS technologies were developed, due to the low quality of many of these it soon became quite complex to determine a real threat from an alert. In the wake of so much confusion was born the Managed Security Service Provider, companies and consultants that specialised not only in determining threats but also providing automated processes and software to help clients detect them themselves.

Modern threats now come more from infected hosts within networks which may try to send communications to a command server. A simple result from this was the increases use and improvement of technologies such as firewalls which are now faced with detecting and preventing threats both from inside and outside a network.

Clearly placing an incident in context is now essential both for protection from future threats but also in analysing past threats and preventing them from reoccurring due to issues such as infected hosts.

Just a quick post to give you a background to the exciting field of Managed Security Services, what the industry is all about and it protects users like you.

MSS providers offer their services to companies in order to protect their data from theft and damage through a wide range of methods. MSSPs offer a variety of services including; on site consulting to setup preventative security procedures for handling and securing data, perimeter management to install software and firewalls which prevent intrusions, monitoring services to record and react any threat and vulnerability testing to look for potential flaws in security.

These services can be outsourced to specialised companies or brought in-house depending on the size and structure of the company and its assets. For MSSPs small to medium sized businesses provide the most lucrative area of opportunity as they often have insufficient capital and experience to support their own Managed Security Services.

If your looking for a more detailed explanation of the ins and outs checkout the Wikipedia entry on the subject.