The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [153]
The network or security administrator may choose to set up a virtual LAN in a switch, if available, to control access from these locations.
7-16 Dial-in modems
Policy: Modems used for dial-in calls shall be set to answer no earlier than the fourth ring.
Explanation/Notes: As depicted in the movie WarGames, hackers use a technique known as war-dialing to locate telephone lines that have modems connected to them. The process begins with the attacker identifying the telephone prefixes used in the area where the target company is located. A scanning program is then used to try every telephone number in those prefixes, to locate those that answer with a modem. To speed up the process, these programs are configured to wait for one or two rings for a modem response before going on to try the next number. When a company sets the auto answer on modem lines to at least four rings, scanning programs will fail to recognize the line as a modem line.
7-17 Antivirus software
Policy: Every computer system shall have current versions of antivirus software installed and activated.
Explanation/Notes: For those businesses that do not automatically push down antivirus software and pattern files (programs that recognize patterns common to virus software to recognize new viruses) to user desktops or workstations, individual users must take the responsibility for installing and maintaining the software on their own systems, including any computer systems used for accessing the corporate network remotely.
If feasible, this software must be set for automatic update of virus signatures nightly. When pattern or signature files are not pushed down to user desktops, computer users shall have the responsibility to update pattern files at least on a weekly basis.
These provisions apply to all desktop machines and laptops used to access company computer systems, and apply whether the computer is company property or personally owned.
7-18 Incoming email attachments (high security requirements)
Policy: In an organization with high security requirements, the corporate firewall shall be configured to filter out all email attachments.
Explanation/Notes: This policy applies only to businesses with high security requirements, or to those that have no business need to receive attachments through electronic mail.
7-19 Authentication of software
Policy: All new software or software fixes or upgrades, whether on physical media or obtained over the Internet, must be verified as authentic prior to installation. This policy is especially relevant to the information technology department when installing any software that requires system privileges.
Explanation/Notes: Computer software referred to in this policy includes operating system components, application software, hot fixes, patches, or any software updates. Many software manufacturers have implemented methods whereby customers can check the integrity of any distribution, usually by a digital signature. In any case where the integrity cannot be verified, the manufacturer must be consulted to verify that the software is authentic.
Computer attackers have been known to send software to a victim, packaged to appear as if the software manufacturer had produced it and shipped it to the company. It is essential that you verify any software you receive as authentic, especially if unsolicited, before installing it on company systems.
Note that a sophisticated attacker might find out that your organization has ordered software from a manufacturer. With that information in hand, the attacker can cancel the order with the real manufacturer, and order the software himself. The software is then modified to perform some malicious function, and is shipped or delivered