Hackers are now beginning to target critical infrastructures such as power grids, water networks, and manufacturing SCADA systems. These cyber attacks are being generated from numerous sources including individuals, rogue groups, and nation states. These attacks are increasing in intensity and sophistication and are capable of changing system settings or derailing systems that sustain our everyday lives.
Standard security systems may no longer be enough to cope with the higher degree of sophistication from hackers. Even next generation firewalls, sometimes referred to as Unified Threat Management (UTM) security systems, which are effective at protecting the network boundary from outside threats, are not quite equipped to handle threats generated from the inside. For this degree of protection, Network Intrusion Detection Systems (NIDS) may need to be considered. Although just one component in the overall security landscape, NIDS can help to minimize the damage from these types of situations by searching for anomalies and signatures on the network.
How can threats occur behind the firewall?
Several types of cyber security threats that target users inside of corporate networks fall under the domain of “social engineering”. Although only one of many categories of cyber attack, social engineering refers to any act involving a person who influences a second individual who is in possession of a computer (and who has internal access to particular networks and/or data bases) to follow their instructions under false pretenses. For example, a caller could pose as someone from IT support asking for credentials or other sensitive information.
In some cases, the user may believe that he or she is receiving an email from a recognized friend. The messages received from the hacker are designed to abuse the victim’s trust and to peak curiosity. Emails may contain a link that “you just have to check out!”. Since you think the link comes from a friend and you’re curious, you’ll trust the link and click. This leads to malware infection that allows the hacker to take over your machine, collect your contact information and deceive them just like you were deceived.
There are literally thousands of variations to social engineering attacks. Oftentimes, the attacker will target the weakest link in the computer security chain. Even an unplugged computer can serve as the conduit to an act of social engineering. If the attacker can persuade an unsuspecting individual to plug a computer in and switch it on, that “unplugged” computer could serve as a conduit to a breach.
Not only are the employees of a given firm subjected to these threats, but sometimes contractors and business partners can also be influenced to perform tasks that they think have been sanctioned by someone in the organization (but which, in reality, have not).
How NIDS works
NIDS are designed to monitor and alert when an unusual pattern or defined signature has been detected. When NIDS identifies an anomaly, an alert is forwarded to the analyst for review.
The analyst investigates and determines if the alert is a false positive or a potential attack against the network. Large organizations have analysts observing traffic from NIDS on a 24×7 hour basis. Some analysts have been trained and have developed the technique of writing custom signatures to capture more detail of network traffic analysis, and to reveal hidden sophisticated attacks launched by outside and inside entities. Some NIDS also have a defensive capability (prevention) where they can block an anomaly or signature before it can cause damage.
At Schneider Electric, security is not regarded as a product, but as a way of doing business. Schneider Electric partners can help end users by performing critical infrastructure systems security assessments and by identifying communication paths and potential external access points that present cyber security vulnerabilities. Access our free white paper, “Network Intrusion Detection Systems for Critical Infrastructure” to learn more.