Whether you call them hackers, crackers or cyber criminals doesn’t matter. What does matter is whatever you call them – they’re looking for a way into your network!
You may not realize it but hackers are scanning your Internet connection looking for an opening.
What will they do if they find one? They’ll launch an attack against that opening to see if they can exploit a vulnerability that will allow them to remotely execute some commands thereby giving them access to your network.
But it all starts with scanning your network.
Automated Tools Are a Wonderful Thing
Cyber criminals don’t scan each individual network on the Internet one by one. They have automated tools that randomly scan every IP address on the Internet.
Hackers aren’t lazy people – just very efficient. And very intelligent. The tools they use can be preloaded with a range of Internet addresses to scan. As this tool finds an Internet address with certain openings it produces a list of the address and the opening. This list is then fed into another tool that actively tries to exploit that opening with various programs. If no exploit works, the hacker’s program moves on to the next potential victim.
When you see the scanning activity in your firewall logs, you’ll know where you’re being scanned from and what they’re trying to target. Armed with that data you should check to see if you’re running software that uses that port and if it has any newly discovered openings. If you are using software listening on that scanned port and there is a patch available, you should have that patch applied immediately – because the hackers may know something you don’t.
NOTE: It’s been our experience that many businesses patch their Microsoft Windows software but rarely do they check for patches for all the other software used in the business.
As stated, you’ll see this activity in your firewall logs – that is, if someone is actually reviewing your firewall logs.
Oh, my firewall has logs?
However, when most business owners are asked about their firewall logs, the typical response is usually something how to find a hacker, “Oh, my firewall has logs?” Yes, all firewalls produce log files. Most of them only show what’s been blocked, which is like showing pictures of all the thieves that are in prison, while the bank down the street is being robbed.
Wouldn’t you want to see all traffic? This produces more work, but if your firewall only logs activity it knows about, you’re security is totally dependent on the ability of your firewall and the way it’s configured.
Many firewall companies want to reduce their number of tech support calls. Their business model revolves around having tech support available, but in the process they’re also seeking ways of reducing the number of times people call in. This isn’t necessarily a bad thing, but when their products have fewer features, thus fewer benefits as a result – that is a bad thing.
Most firewalls designed for the small business market lack features that most small businesses would benefit from. Many of them have all the technical buzzwords like “deep packet inspection”, “spyware prevention”, “intrusion detection” and many others, however they don’t go into the level of detail needed to be effective.