A zero-day vulnerability known as “Hydraq”, “Aurora”, “Google Attacks”, and “Microsoft IE Vulnerability” has allowed cyber attacks on a number of large enterprises. This is the reason to have a good firewall in place (especially with inside AND outside access lists), Web Filtering, good patching levels, and a business class Anti-Virus application.
In this exploit the hacker opens up a program using Linux and assigns the program to accept or “Listen” for incoming traffic on port 4446, then sets the payload. The corporate/home user using XP with IE6 opens up a website (that could be a link that was provided in an email or a normally visited website that was hacked/redirected to the malicious program). Once the site is accessed, a specially crafted packet is used to gain access to the corporate/home user’s pc by the vulnerability that has not yet been patched. This attack gives the hacker full access to the user’s machine.
Here are some of the different managed IT services that would help in an effective defenses against these types of attacks or malicious events.
- Firewall: This is usually the first line of defense. If rules are properly configured it would usually block these ports that allow a hacker to gain access to the internal network/workstations by using INSIDE and OUTSIDE access lists. Reminder: 99% of all firewalls allow internet traffic out or in).
- Websense/Internet Filtering: A properly configured internet filtering appliance would help as a secondary defense and in most cases would not allow the port to be opened or the website that had the exploit would have been (again in most cases) unauthorized to visit.
- Microsoft Critical Patches: Keeping these up-to-date assist in “Plugging the holes” that not only keeps the system stable, but also helps in keeping the system secured.
- Spam Filtering: A decent spam filtering product like IronPort properly configured, would in most cases keep e-mail out of a system that would normally be delivered to an end user. As an example a company without an adequate spam filtering product might receive emails with hyperlink attachments that an untrained end user could expose these types of vulnerabilities by simply just “clicking” on the link.
- Antivirus: Last line of defense usually would be the anti-virus software application. A decent/properly configured anti-virus application would help defend against an attempt to install malicious software/applications on the server/machine.
Conclusion: Although nothing is 100%, having these types of hardware/appliances and software in place, properly configured, and with regular scheduled maintenance you can greatly reduce your risk.