This topic - which used to be called plain 'hacking' - is much in the news these days and, from personal experience, I can see why.
Two of my clients have recently come under sustained and organised attacks,with one, a multi-national, now having the dubious record of being the victim of the biggest 'hack' to date, having lost around 40,000 PCs and servers.
The other client is a defence contractor and is almost always being probed and undergoes periodic sustained attacks, mainly emanating from Russia and China, but - so far - has remained secure.
Leon Panetta - ex head of the CIA and currently (2012) US Secretary of State for Defense recently revealed details of the attack on Aramco...
Panetta cited a series of “disruptive” attacks against U.S. companies, and detailed the far more serious so-called “Shamoon” virus attack on the Saudi Arabian state oil company, Aramco. That August strike wiped out 30,000 of the companies computers. It created the image of a U.S. flag in flames on the infected computers and “it basically burned [the computers] up,” Panetta said. It marked, he said, a significant escalation in cyber warfare.
see http://www.cnas.org/blogs/naturalsecurity/2012/10/photo-week-because-no-one-should-read-too-much-fridays.html for more details.
So what lessons can we learn from such a wide scale and successful attack?
- First of all - defence in depth. Do not have single 'superuser' accounts with God like privileges for a global network.
- Do not standardise on a single security vendor for an entire global network. Yes, it makes purchasing and support easy but once it fail, it all fails.
- Encourage diversity - use products from different vendors on different machines and sites so if one is compromised only that site or class of server/PC etc is vulnerable.
- Isolate segments of LANS and WANs to stop hackers gaining total access.
- Trust your users [within reason..] - if you impose too onerous rules on them they will find ways around them which compromise security - such as passwords on sticky notes if they get too complex or change too frequently!
- Watch what is going out of your LAN/WAN as much as what is coming in.. outbound traffic is often an early warning clue to trouble ahead.
Oh, and if you are interested, the London office of Aramco was untouched by the recent hacking...