'7 steps' for network security: being prepared and knowledgeable is the best defense against hackers and data thieves. (Local Area Networks).A wide variety of network devices and servers must be tested and audited to ensure network security. Attack codes and hacker methods are moving targets, as newer, more complex attacks seem to be on a fast-track development curve. So, what are the best-practice methods for assuring that a corporate network, from both an Internet-facing as well as an internal-networking perspective, is free from vulnerabilities? Here are seven best practices to follow: 1. Understand the security environment. Become familiar with the network security environment, at least enough for communication with vendors and those implementing your security. From a high-level perspective, there are three main categories of attacks: (A) those that attempt to disrupt service on your network; (B) those that attempt to destroy data on your network; and (C) the theft of data or corporate secrets from your company. The first type of attack (A) most commonly is denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS). While DoS attacks See denial of service attack. can be achieved in various ways, they always have the same effect: they slow down your network devices (routers, mail servers, Web servers), making access to your network by legitimate users difficult, if not impossible. The second type (B) destroys or changes data on your network. Viruses and worms fit into this category, typically ruining data on your servers and preventing legitimate users from doing business with you. The third type of attacker (C) wants to gain access to corporate information. These attackers sniff (copy) your traffic as it moves through public or private networks. Their attacks originate from either the outside or from within your organization. 2. Be familiar with security defense tools. Even if you never have to handle these devices directly, having a good understanding of what they do and how they fit into the big picture is essential. Category A problems are countered using network intrusion detection systems A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. (NIDS See IDS. ), firewalls, security information management systems (SIMS) and vulnerability assessments A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. (VA). A vulnerability assessment is one of the most important activities to perform on your infrastructure, giving you clear insight into your server, router and browser vulnerabilities. NIDS look for attack patterns and alert your security team to anything suspicious. NIDS observe packets as they whiz past on the wire, alerting you if malicious packets were seen. Using NIDS and VAs together provides a "defense-in-depth" strategy. Category B attacks are contained using desktop firewalls, antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. and host intrusion detection systems This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. . Vulnerability assessments play a role here because they can identify known configuration or server problems. Category C attacks are preventable using encryption techniques while the data is in transit. Because log files can generate volumes of data, the industry has seen the introduction of SIMS to gather, correlate and normalize normalize to convert a set of data by, for example, converting them to logarithms or reciprocals so that their previous non-normal distribution is converted to a normal one. this data. These tools use powerful consoles to identify and sort threats by severity, allowing a security officer to quickly see the big picture and take appropriate corrective action A corrective action is a change implemented to address a weakness identified in a management system. Normally corrective actions are instigated in response to a customer complaint, abnormal levels if internal nonconformity, nonconformities identified during an internal audit or . 3. Know your vulnerabilities. Vulnerability scanning is one of the most useful defense tactics in your security toolkit, identifying important weaknesses on NIDS, firewalls and routers, but especially on e-mail, Web, data and e-commerce servers. These scans determine a device's vulnerability to worms, viruses, attack code and malicious attackers, and whether effective countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. (reconfiguration, patches, service packs) have been applied correctly. 4. Develop and publish a security policy. Establishing a security policy is paramount to understanding your aversion a·ver·sion n. 1. A fixed, intense dislike; repugnance, as of crowds. 2. A feeling of extreme repugnance accompanied by avoidance or rejection. to risk. Your policy is based on how much risk you are willing to take; the tradeoff is between cost vs. protection. Your security policy is the result of your risk assessment. During the risk-assessment phase you should: * Identify your important assets (firewalls, e-mail and Web servers, as well as your data); * identify the threats they are exposed to; * perform a vulnerability assessment to understand current risk levels; * identify the costs of rectifying vulnerabilities vs. the cost to repair an attack should one successfully destroy/steal data, or otherwise render your network inoperable inoperable /in·op·er·a·ble/ (in-op´er-ah-b'l) not susceptible to treatment by surgery. in·op·er·a·ble adj. Unsuitable for a surgical procedure. ; and * take into consideration negligence lawsuits, due to the inadvertent exposure, theft or loss of client data. If a risk assessment is a way of conveying security issues to management so that they understand the cost/benefit relationships, then the resulting decision on how to rectify or strengthen your infrastructure is detailed in your security policy. That policy will guide your network-security team in its network configuration (or reconfiguring) efforts, ensuring effective countermeasures are in place. This may include the purchase of new defense tools, as well as training on those tools. Employees need to understand security policies in a clear and meaningful way, so that prior abuses (e.g., illegal IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. servers or P2P See peer-to-peer and point-to-point. programs) can be safely removed without the need to fire employees on a first-offense basis. Finally, identify company backup policies. A methodology based on frequent backups and off-site storage techniques is important because, following a serious attack, the company must be able to restore the business infrastructure quickly. Your security policy should identify a safe backup verification process. 5. Regularly retest re·test tr.v. re·test·ed, re·test·ing, re·tests To test again. n. A second or repeated test. and reassess reassess Verb to reconsider the value or importance of reassessment n Verb 1. reassess - revise or renew one's assessment reevaluate . Once your network security policy has been defined and you have implemented your countermeasures, do not assume that your security team's job is done. Auditing, analyzing and responding to threats are ongoing, full-time commitments. Security devices must be regularly tested for functionality, scanned for vulnerabilities and audited at regularly scheduled intervals. To keep on top of the latest attack codes and hacker methods, you must regularly update vulnerability files, including: NIDS signatures; antivirus signatures; and patches and service packs. Most vendors offer free file updates as part of annual subscription packages, so staying on top of the vulnerabilities takes only reasonable effort. 6. Have ready expertise on hand. The size of your company will dictate how much expertise you keep on staff. Large companies typically have dozens, sometimes hundreds of security analysts, and they can expect extensive help from vendors. Smaller companies, however, often lack full-time internal resources and may need outside expertise. 7. Understand the total cost of ownership. When looking at your security solution's total cost of ownership, consider these line items: equipment warranty or maintenance costs; ongoing upgrades to network equipment; annual subscriptions for perimeter scans; annual subscriptions for signature updates; salaries; training; analysis and audit tools; backup systems Noun 1. backup system - a computer system for making backups ADP system, ADPS, automatic data processing system, computer system, computing system - a system of one or more computers and associated software with common storage (hardware/software) and offsite storage fees; and insurance costs for coverage due to losses attributed to malicious attacks. For more information from EllisTalks: www.rsleads.com/302cn-253 Ellis is the president of training and consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a EllisTalks, Chapel hill, NC. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion