Hi Richard, In addition to Kim's answer large franchise companies should be aware that botnets, Man in the middle attack, spoofing, back door trogans, DOS and DDOS attacks, randsomware and worm intrustions if the server is not properly secured.
Some common threats explained below and how to mitigate potential attacks on company & enterprize networks.
DOS attack- Causes flooding of a server with an abundance of request from the attacking server to the point where the lagitamate server is no longer able to respond to lagitamate requests, and this causes a legitamate client machine to shut down. This is a denial of service attack that causes damage to one single machine to the network.
To prevent a DOS attack please use the following methods used for a DDoS.
DDoS Attack- A DDoS attack is simular to a DOS attack. The only difference is that the Distributed Denial of Service attack will attack multiple servers and cause multiple machines to shut down, rather than just one single server on the network.
To prevent DDoS, it helps to first get a baseline of the normal traffic that passes through your computer or network. Once you have established the baseline, you will be able to set alarms and notifications to let you know when there is an abnormal amount of traffic — signifying a possible DDoS attack.
Another tactic is to have diversion techniques to send traffic that you suspect is from a DDoS attack. You can even automate this process. Blocking most TCP ports on the firewall configeration accept TCP ports 80 and 443 to maintain an internet connection. It is especially important to block or disable RDP port 3389 when not in use to prevent unauthorized access to a server or machines connected to a hyperviser. FTP port 21 and 23 should be blocked when not in use to prevent unauthorized access to files and data transports.
Randsomeware- Randsomeware gets installed on the employee's workstation and encrypts all data making files and data inaccessable and demands a randsom pay from the employee to unlock the data. Once the employee pays the randsom files and data become accessable. The attackker gets away with stolen monetary.
To mitigate randsomware instruct employees not to use admin accounts for browsing the web or to check emails. Admin accounts can give the attacker more leverage because they have the highest level of privilages.
Botnet - takes control of multiple computers without the user's knowlage and turns them all into a network full of (What is known as zombies or zombie-net) and attacks systems.
To prevent a botnet attacck, please folow the same methods used to prevent a DDoS attack.
Man in the Middle Attack- Types of man in the middle attack includes IP, DNS Spoofing, HTTPS Spoofing, SSL highjacking, Email Highjacking, WIFI evesdropping and Stealing browser cookies. A man in the middle is a type of session highjacking. Conversations on both sides are impersonated by the attacker. The attacker gains access to any transactions that occur for the purpose of stealing monatary from client's who make purchases for services and goods.
To prevent a man in the middle attack, use a good quality VPN service such as Norton for enterprise. Norton will provide companies with support and tips to keep your company's network secure. Norton will implement the best mitigation practices in conjunction with support and tips to keep hackers out of your company's network and your assets safe.
To protect the WIFI from unauthorized access switch off the SSID, use the latest encryption WPA3 with AES if possable to make your network invisible and difffacult for atttackers to accesss. Upgrade to the latest WIFI technology if you haven't already done so. Most newer WIFI's are firewall intergrated.
One more important aspect to consider is to use two factor athentication methods for user logins if you own an ecommerce site or any website that contains sensitive information and include a CAPTCHA to ensure the user is human and not a malicious bot.
Educate employees and clients about the best security practices and configure the passwords in group policy to enforce strong passwords of atleast 12 or more charactors mixed with upper and lower case letters, numbers and symbols. Set the threshhold duration for locked out accounts to atleast 30 minutes before trying again. Force users to change their passwords at login and set the account to allow atleast three failed attempts before the user is locked out of their acount. I normally use five failed attempts because people have off days. We all experience them.
