What is malware (“malicious software”)? The term malware refers to a type of software that is developed with the intention of compromising a network or company. The goals behind these programs can be varied and include espionage, identity theft, the encryption of data, and the ransom demands that follow.
Infection with malware can arise from negligent use of the Internet and downloads, or by opening phishing e-mails. Further examples of malware include Trojans, spyware, adware, worms, viruses, ransomware, and keyloggers.
Advanced persistent threats
An advanced persistent threat is a complex attack on network security that lasts over an extended period of time. Significant amounts of effort are invested with the aim of compromising the targeted network. The intruder initially gains undetected access to the network and manipulates user rights to setup backdoors and other harmful structures.
The intent of the unauthorized persons behind this is generally data theft or industrial espionage at higher levels.
Distributed Denial-of-Service (DDoS) attacks
A DDoS attack manifests itself as a deliberate overloading of a system with a massive flood of inquiries. Using an IT system that has been infiltrated beforehand, unauthorized persons launch large numbers of coordinated requests at the targeted network from many distributed devices, until ultimately the system’s server collapses.
The aim of such an attack can be to harm a competitor or to demand a ransom to stop the attack. Launching a DDoS attack does not require any expertise as it can be purchased as a service on the Darknet.
„Cyberattacks are omnipresent and constitute a huge threat to the entire economy, regardless of size or industry. The rapid increase in mobile work and cloud services is also making companies even more vulnerable to cyberattacks. While greater flexibility is achieved through remote work and cloud services, the new structures, at the same time, create new attack vectors for cybercriminals which should sound the alarm bells with IT security experts.“ – techconsult study from 2022
Network security is a combination of strategies, policies and features that aim to protect your network from threats, for example by fending off attacks from the outside. Find out more about basic and advanced measures that build on one another to improve the security of your IT system.
- Classic firewall (port level): A firewall is a vital element of network security and the protection of the company network. Put simply, it keeps network segments separate from one another. It checks incoming and outgoing data packets, for example between a company network and the Internet. The ports are managed in line with previously defined rules and the data traffic is either allowed or blocked if suspicious activity is detected. Firewalls can be physical devices, virtual devices, or a combination of both.
- Next-generation firewall (application level): A next-generation firewall offers a greater range of features than a conventional firewall and ensures a higher level of security by filtering the data traffic within the network. For example, application management can be used to block specific applications or application groups, or to redirect data traffic. This prevents the use of risky applications and deliberately controls the data traffic. For example, this can prevent the egress of data via cloud-sharing services such as Dropbox. Also possible is a finer segmentation of the network to permit applications that are important for specific tasks.
- Unified Threat Management: UTM combines several security functions into a single device that takes up the position as a central component of network security. This allows a firewall to support additional features such as spam/content filters, application control (AM/AV), intrusion detection (IDS/IPS), and others. By centralizing these components, UTM improves the efficiency of the individual devices, not only because they are fully compatible, but also because they greatly simplify administration and maintenance.
- Network access control: NAC gives you a precise overview of the users and devices on your network. You can see precisely who is allowed to perform certain functions and who is not. Furthermore, an end device can only join the network if it authenticates in line with established policies. This helps to defend against malware and unauthorized access.
- Network segmentation and permissions management (including VPN): With segmented networks, the infrastructures and applications are divided into different areas. Each segment is subject to differentiated access permissions and rules, so that if one segment is compromised, this does not lead to serious impact on the other segments. The company network as a whole remains protected. Virtual private networks (VPN) can also be used to help implement permissions management. A VPN allows you to access a network (e.g. the company network) even though you are currently in a different environment (e.g. your home network). The software redirects the data traffic to the target server and, from the outside, the entire exchange appears to take place within the target network. The exchanged data is encrypted and the vulnerable network connection from the home network or public place is secured.
- Web application firewalls: A web application firewall monitors the HTTPS data traffic between company-network based web applications and the Internet, it filters the exchanged data packets, and it blocks suspicious interactions. This protects your own web server against attacks from the Internet, for example, by detecting incorrect entries in online forms.
- Sandboxing with machine learning: With sandboxing, any executable files are transferred to an isolated test environment – the “sandbox” – before being executed. They are then closely monitored for malware, but they remain fully isolated from the other network activity. Potential dangers are detected and eliminated, and your own data remains protected. In the context of network security, machine learning means that the security components are able to recognize patterns based on previously fed data and real-time analysis conducted by the sandbox: Even without previous knowledge of the specific type of attack, the system can tell the difference between attacks on the network and harmless activities. This type of classification can also prevent “zero-day attacks” that do not match any of the known rules.
That is why we are constantly working on additional informative topic pages on IT security and are focusing on transparency and explanation. Many LANCOM routers now give consumers the opportunity to better evaluate the security level of products with the IT Security Label of the German Federal Office for Information Security (BSI). By scanning a QR code, the security requirements of the BSI that the router meets become visible. This increases awareness and appreciation of what 'secure' means in network technology – and gives IT security the status it deserves.