Issues in Computer Security: What is an External Threat and What Can I Do about Them?
What is an External Threat?
An external threat is any vulnerability which can be exploited to gain access to an environment from outside that environment. Unlike their internal counterpart, external threats will not rely on a client running a malicious file or leaving their terminal unlocked while unattended, however clients are still a weakness to keep in mind within the context of external threats. The other side of the coin will be your software and infrastructure: unpatched software, weak passwords, and unattended log files can all allow an external threat to become an outright attack.
External Threats and Social Engineering
The oldest external threat to computer security has always been the possibility of a malicious individual relying on social engineering to gain access to sensitive information. Unfortunately there is no easy fix for this vulnerability as you must rely on educating your environment’s clients to know which information is sensitive and how to verify the identity of a person requesting such information. Remember that an external threat may not be after information, but also access to your environment’ Regular unannounced security testing can reveal if the existing security policies are effective and being enforced.
Network and Remote External Threats
Beyond the physical layer, a vast number of external threats exist which use vulnerabilities within your network. The first step in preventing these threats is to ensure that you have an appropriate password policy which emphasizes complexity over frequency of change. This means that rather than having users change their password every week, you require the password be 12 characters long and include a symbol. This is more effective than the latter, as when required to frequently update passwords, most clients include a numeric component in their password which changes predictably (e.g: password1, password2, password3 ).
A harder threat to tackle is the possibility of a zero day attack. If you find yourself on the receiving end of a zero day attack you may not notice unless you happen to be running an Intrusion Detection System (IDS) and keep a vigilant eye on your network’s log files. Monitoring log files is one of the least practiced computer security measures but perhaps one of the most effective in detecting all sorts of external attacks.
Monitoring log files will also help you detect brute force and dictionary attacks. Unless an external attacker already knows the password of a user, all attacks will have a number of failed access attempts. By configuring your credential validation services to lock out an account after a number of failed attempts you can defuse this external threat.
Don’t forget Internal Threats
Finally, it is important to not become over-focused with external threats to the point of neglecting internal threats. Most experts estimate that because clients are the weakest point in computer security, most attacks begin through uneducated clients. Educating your clients will help you negate several internal and external security threats.