Network monitoring white paper


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Network monitoring white paper

  1. 1. REMOTE NETWORK MONITORING SOFTWAREFOR SMALL- TO MID-SIZED COMPANIES Latest Software Trends in Protecting ROI, Client Data, and Revenues
  2. 2. Tricks of the Data Trade: Remote Monitoring to Safeguard SecurityIn December 2008, the US Dept. of Defense began banning flash drives and other portable devices –iPODs, etc – from DOD computing facilities. For fear of data loss or damage, and difficulty inmonitoring employee data theft. After one embarrassing incident in US-Asian battlefield plans wentmissing. DOD has gone back and forth on the use of flash sticks and other portable devices, foralmost two years now, and may be relaxing this specific ban – it is very difficult to enforce, andcontroversial – but not its focus on overall network monitoring, for data security and lossprevention.If DOD has issues keeping its data safe … imagine how much more difficult this task, for the averagesmall- to mid-sized business. And while most small businesses are not stowing remote battlefieldplans or weapons arming codes on their servers, they may have information almost as critical, totheir clients: years of client tax records, scanned dental x-rays or dental records (invaluable, inforensic inquiries), medical histories, or manufacturing data, etc.While most banks and financial institutions have prohibited employee usage of flash drives or otherexternal devices for some time – not just for fear of intentional data theft, or sensitive client recordtheft (data outflow), but also for fear of introduction of malware or virus damage (data input) – thistrend is only recently catching on in government facilities. Most government entities lagging farbehind the financial sector, in terms of data protection. Or database integration.(Where there is no database integration, there are no checks and balances on data integrity: datacan go missing, or be corrupted, or altered, without alarm or other back-up notification.)So, how can companies safeguard their in-house data stores? Their confidential and private companyand client data, the invaluable backbone of any business? Both from loss / theft / compromise, aswell as an increased risk of malware, spyware, registry corruption, and other illegal softwaredamage being introduced into the company network, through unsupervised employee devices?Security Monitoring in an Era of Fraud Imaging Network Technology N-able Monitoring Software
  3. 3. The proliferation of consumer devices such as iPods, flash sticks, flash drives, iPhones, Droids, etc.,has dramatically increased the risk of intentional and unintentional leaks, theft, and othermalicious activity. While most companies have anti-virus software, firewalls, email and web contentsecurity to protect against external threats, few realize how easy it is for an employee to simplywalk in and copy large amounts of sensitive data onto an iPod or USB stick. It takes roughly 1minute, to easily copy several years of sensitive client or company data – financials, bank records,technical plans, battlefield arena scenarios, code – onto an 8 or 10mg flash stick.It takes roughly 5 seconds to scan a screen full of sensitive material, from PC screen to smartphone. In such cases, there is no external device or USB port alert possible, and security monitoringmust rely on keystroke capture, or time on screen alerts. Most small businesses lack the ITsophistication and staff, to even even aware of such dangers, let alone, to successfully monitor forthem. And to monitor for such threats in a manner which does not jeopardize or violate employee orcontractor rights, in the worksite, or from remote locations. As telecommuting rises in popularity, sohas the opportunity for corporate security and network breaches.Whereas companies used to have to monitor just on-site usage of company computers, operating on1-2 dedicated lans, in just a few building sites; today they are called on to monitor remote dial-upor citrix client sessions from literally, around the world. That poses a huge challenge, for most ITdepartments.What if you are a small company – an elite architectural or engineering firm, with jobs andconsultants around the globe, frequently traveling – without a dedicated IT staff? Or a smallmanufacturing firm, with parts of your production line outsourced to India, or Asia, as is increasinglycommon? How then, to ensure server and network security?One is certainly not going to put cameras in all airports, to ensure that contractors tapping into acompany session do not download data onto a private flash stick.One solution would be for the companys IT administrator to lock down all ports – a difficult, time-consuming and expensive solution. Another would be to use remote monitoring, operated either byan in-house IT staff, or a remote IT contractor – a Managed Service Provider (MSP) specializing in ITserver and network monitoring and maintenance.Remote monitoring software is becoming more and more saavy, in terms of security andperformance monitoring capabilities. Risky or questionable user sessions may be flagged by usingscreenshot capabilities that unobtrusively capture user activities, keyed either for random or timeinterval capture; or remote monitoring may be keyed to activate with the use of certain key wordsor phrases, capturing both user activity and screen activity – as when a user types in a search word,or utilizes a key data sequence in desktop activity, or attempts to copy key data – to help controldata leaks, and protect sensitive company and client data.It is not enough to capture potential risks or breaches, however: these screen captures or othersecurity risks, by either internal (personnel, authorized users) or external actors, must becorrelated into patterned reports, and flagged immediately to senior management.Top Network Security RisksIn December 2010, Cisco listed the following as the top computing security risks (if this list doesnthave you scrambling for the nearest MSP to sign an immediate contract...) :Malware: Malware is short for ―malicious software.‖ Wikipedia describes malware as a term used
  4. 4. to mean a ―variety of forms of hostile, intrusive, or annoying software or program code.‖ Malwarecould be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits—all ofwhich are defined below.Computer virus: A computer virus is a small piece of software that can spread from one infectedcomputer to another. The virus could corrupt, steal, or delete data on your computer—even erasingeverything on your hard drive. A virus could also use other programs like your email program tospread itself to other computers.Rogue security software: Have you ever seen a pop-up window that advertises a security update oralert? It appears legitimate and asks you to click on a link to install the ―update‖ or ―remove‖unwanted malicious software that it has apparently detected. This could be rogue security softwaredesigned to lure people into clicking and downloading malicious software. Microsoft has a usefulwebpage that describes rogue security software and how you can protect yourself.Trojan horse: Users can infect their computers with Trojan horse software simply by downloadingan application they thought was legitimate but was in fact malicious. Once inside your computer, aTrojan horse can do anything from record your passwords by logging keystrokes (known as akeystroke logger) to hijacking your webcam to watch and record your every move. Cisco further noted that, ―In February 2010, a Guardian Analytics and Ponemon Institute study of 500 small businesses in the U.S. found that 55 percent of respondents experienced a fraud attack in the last 12 months. The study reports that ―…[w]ell-funded cyber criminals executed a full-scale assault on authentication, leveraging widespread infection of end-user computers with banking Trojans to sneak into online banking accounts completely undetected.‖Malicious spyware: Malicious spyware is used to describe the Trojan application that was created bycybercriminals to spy on their victims. An example would be keylogger software that records avictim’s every keystroke on his or her keyboard. The recorded information is periodically sent backto the originating cybercriminal over the Internet. Keylogging software is widely available and ismarketed to parents or businesses that want to monitor their kids’ or employees’ Internet usage.Computer worm: A computer worm is a software program that can copy itself from one computerto another, without human interaction. Worms can replicate in great volume and with great speed.For example, a worm can send copies of itself to every contact in your email address book and thensend itself to all the contacts in your contacts’ address books. Because of their speed of infection, worms often gain notoriety overnight infecting computers across the globe as quickly as victims around the world switch them on and open their email. This happened with the Conficker worm (also known as Downadup), which, in just four days, had more than tripled the number of computers it infected to 8.9 million.Botnet: A botnet is a group of computers connected to the Internet that have been compromisedby a hacker using a computer virus or Trojan horse. An individual computer in the group is known asa ―zombie― computer. The botnet is under the command of a ―bot herder‖ or a ―bot master,‖ usually to perform nefarious activities. This could include distributing spam to the email contact addresses on each zombie computer, for example. If the botnet is sufficiently big in number, it could be used to access a targeted website simultaneously in what’s known as a denial-of-service (DoS) attack. The goal of a DoS attack is to bring down a web server by overloading it with access requests. Popular websites such as Google and Twitter have been victims of DoS attacks.Spam: Spam in the security context is primarily used to describe email spam —unwanted messagesin your email inbox. Spam, or electronic junk mail, is a nuisance as it can clutter your mailbox as
  5. 5. well as potentially take up space on your mail server. Unwanted junk mail advertising items youdon’t care for is harmless, relatively speaking. However, spam messages can contain links that whenclicked on could go to a website that installs malicious software onto your computer.Phishing: Phishing scams are fraudulent attempts by cybercriminals to obtain private information.Phishing scams often appear in the guise of email messages designed to appear as though they arefrom legitimate sources. For example, the message would try to lure you into giving your personalinformation by pretending that your bank or email service provider is updating its website and thatyou must click on the link in the email to verify your account information and password details.Rootkit: According to TechTarget, a rootkit is a collection of tools that are used to obtainadministrator-level access to a computer or a network of computers. A rootkit could be installed onyour computer by a cybercriminal exploiting a vulnerability or security hole in a legitimateapplication on your PC and may contain spyware that monitors and records keystrokes. Rootkits gained notoriety when, in 2005, a security blogger discovered that a copy-protection tool inside music CDs from Sony BMG Music Entertainment was secretly installing a rootkit when users copied the CD onto their computers. At the time, security expert Bruce Schneier warned that the rootkit could allow a hacker to ―gain and maintain access to your system and you wouldn’t know it.‖These are perhaps the most common security terms you’ll come across to describe the differentmethods cybercriminals use. You can find more useful information about security terms andexamples of security threats in the Cisco 3Q10 Global Threat Report.Managing Access & Risk Through Remote Network Monitoring
  6. 6. The key to managing portable devices in your business environment is to give your MSP directcontrol over what devices are in use on your network. With N-central Network & SystemsManagement Software™ you not only gain control over what is in use, but you also know what hasbeen used and by whom. And you gain in-depth knowledge of what data has been copied.N-central software is a quick and easy download – obtainable from our MSP website – that is loadedonto your company server(s) and network. Allowing the MSP to gain real-time insight and monitoringcontrol over all running applications, server and user sessions. Leaving the mission-critical and time-consuming details of real-time performance and security monitoring to the IT professionals, freeingsenior management to focus instead on what it does best, running a business.Control Portable Device Access to Your NetworkGFI EndPointSecurity enables MSP administrators to actively manage user access and log the activityof:  Media players, including iPods, Creative Zen and others  USB drives, CompactFlash, memory cards, CDs, floppies & other portable storage devices  PDAs, iPhone, BlackBerry handhelds, mobile phones, smart phones and similar communication devices  Network cards, laptops and other network connections.Why Choose N-central Monitoring?  Prevents data leaks and theft by comprehensively controlling access to portable storage devices with minimal administrative effort  Prevents introduction of malicious and other unauthorized software to the network  Gives administrators greater control - you can block devices by class, file extensions, physical port or device ID from a single location  Allows administrators to grant temporary device or port access for a stipulated timeframe  Centrally monitors the network, detects connected devices and performs various tasks  Automatically protects newly detected computers by deploying an agent and a default blocking policy  Can automatically download and install SQL Express if a database server is not available  Supports 32 & 64-bit platforms, including Windows 7, Windows Vista and Windows Server 2008 R2.Price List and SpecsN-Central is a software purchased separately from, to run in conjunction with, basic MSP tierednetwork and systems support. The software is priced by IP node (client pc or network access point).Details may be found on our website, at further details or inquiries, or to sign up for Network Monitoring services, please contact our 24x 7 on-call Help Desk, at: 1-800-719-6545.