FINAL WORD
“
A WORRYING ASPECT
OF THE GROWTH OF INTERNET-
CONNECTED DEVICES IS THE ABSENCE
OF BASIC SECURITY PRECAUTIONS.
organisation firewall offers advanced
sandboxing that can identify suspicious
web or email files and activate them in a
safe environment
• Effective web and email protection can
prevent malware from getting onto
the network. Ensure the firewall has
behavioral-based web protection that can
simulate JavaScript code in web content
to determine behaviour before it reaches
the browser
• Ensure the firewall has top-shelf anti-
spam and antivirus technology to detect
malware in email attachments
• Web Application Firewall can protect
servers, devices and business applications
from being hacked. Ensure the firewall
offers WAF protection for any system that
requires remote access
Best-practices
Harish Chib, Vice
President, Middle East
and Africa, Sophos
Inside the network
Malicious software designed to exploit IoT
devices are usually not sophisticated. They
operate by scanning network ports, looking
for access opportunities and gaining access
through default credentials, or brute-force
hacking to gain access. This software is
much easier to defend against, as it merely
requires configuring the network firewall
protection devices.
Like other malware, Botnets can enter an
organisation through multiple points of
entry. This includes email attachments,
hacked web sites, connected sensors and
other IoT devices, and USB sticks.
Once a malicious software has entered an
organisation, it will call home – the hackers
command and control server – to register
its success in gaining entry and to request
further instructions. It may be told to lie low
and wait or be instructed to move laterally
on the network to infect other devices, or to
participate in an attack. This attempt by the
malicious software to call home represents
an opportunity to detect infected systems
on the network that are becoming part of
a Botnet.
96
INTELLIGENTCIO
Once an attack is underway, it can be
difficult to detect. From a network traffic
point of view, the device will simply be
sending emails out as spam, transferring
data or mining bitcoins, or performing DNS
lookups and a variety of other requests,
usually seen in large scale attacks. In
isolation, none of these types of activities
are noteworthy.
Building protection
The most important ingredient for effective
protection from Botnets is the organisation's
network firewall. The following can help to
get best protection from the firewall.
• Advanced Threat Protection can identify
Botnets already operating on the network.
Ensure the firewall has malicious traffic
detection, Botnet detection and command
and control call home traffic detection
• Intrusion prevention can detect hackers
attempting to penetrate and take over the
network. Ensure the firewall has a next-
gen intrusion prevention system that can
identify attack patterns inside the network
• Sandboxing can pick up the latest
malicious software before it reaches the
organisation's computers. Ensure the
• Change the password for all your
network devices to a unique complex
password and use a password manager
if necessary
• Minimise use of IoT devices and update
all essential connected devices. Also
disconnect unnecessary devices from the
network and upgrade older devices to
newer models
• Avoid using IoT devices that require
ports to opened in the network firewall
or router to provide remote access.
Instead, use cloud-based devices
that connect only to the cloud
provider’s servers and do not offer
direct remote access
• Do not enable UPnP on your firewall or
router. This protocol enables devices to
open ports on the firewall on demand
without your knowledge increasing the
surface area of attack
• Use secure VPN technologies to manage
your connected devices remotely
Botnets have a massive slowdown effect
on the global Internet traffic. They can
also have a devastating impact on an
organisation, if the objective of the attack
is to steal sensitive information. Even if the
Botnet operating on the organisation's
network is not after its data, it could be using
devices and network resources to cause
devastating harm to another organisation.
Do not let your network become part of the
next global Botnet attack. n
www.intelligentcio.com