Disaster prevention: keeping critical assets protected: which is more dangerous? Trojan Horses? Viruses? DDOs? Worms? Don't take chances with any of them. Be certain you protect your company from unwanted intrusions. (FW focus: technology).Disaster can strike anywhere at any time. Whether the threat takes the form of an earthquake in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden or the recent terrorist attacks in New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. and Washington D.C., organizations must take a proactive approach to ensure that critical assets are protected and backed up. Today, acceptable downtime is no longer measured in weeks and days, but in minutes and seconds. Goods and services In economics, economic output is divided into physical goods and intangible services. Consumption of goods and services is assumed to produce utility (unless the "good" is a "bad"). It is often used when referring to a Goods and Services Tax. must be exchanged no matter what. If your business is not available, customers will go elsewhere. Unfortunately, most companies grossly underestimate what it takes to be prepared when disaster strikes. The September terrorist attacks, coupled with the multi-million-dollar losses inflicted by computer viruses recently, are prompting many businesses to re-assess their plans for protecting corporate information. There are many issues that businesses must address to ensure that their companies are up and running immediately if disaster strikes. There are two very important areas that all organizations must address on an ongoing basis: security vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. and data backup and storage. Security vulnerability assessment An important part of any business's security strategy is to identify the level of exposure and risk. To identify the security vulnerabilities that may exist within a corporate infrastructure, a vulnerability assessment should be conducted on a regular basis. There are multiple steps involved in the implementation of a security vulnerability assessment plan: The first step is reconnaissance information research. This means reviewing your Web site, partner sites, press releases, discussion groups, and other key areas to identify any information that might open the door to an attack or hack. Next, review the placement of all firewalls, routers, intrusion detection See IDS and IPS. sensors, and all related items. Make sure that all the money spent on these security solutions is not going down the drain because they are set up incorrectly. Turn to your security systems engineer or to an organization that offers end-to-end security services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the to ensure your organization has correctly implemented an industrial-strength security solution. Next, have a security policy in place and in force. This is an important step, since policies only work if they are enforced. Review physical access. Make sure that an intruder can't walk into the computer room just by being well dressed and carrying a computer case. Finally, when evaluating your security framework, it is critical to consider the following threats, common to most businesses: * Viruses--With more than 60,000 known strains, computer viruses are perhaps the most prolific threat to an enterprise. A computer virus is a self-replicating piece of software written to secretly enter a computer system and files. Some viruses are benign and won't harm the host computer system, while others can destroy a computer in a matter of seconds. * Trojan Horses--Just as in the Greek myth, the Trojan Horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse disguises itself as a harmless piece of software. But it's not. It can contain a variety of viruses or worms and can stay hidden in another seemingly harmless piece of software until some condition triggers it. Trojan Horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
* Distributed Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DDoS)--In a DDoS attack, a hacker embeds his software in thousands of computers. Then, at a designated time or on command, these thousands of embedded software Instructions that permanently reside in a ROM or flash memory chip. Embedded software may be immediately available to the CPU or, for faster execution, may be transferred to RAM first and then executed. programs send bogus messages to the targeted site. This massive volume of electronic traffic quickly overloads even the most robust Web server and essentially shuts it down, making the site unavailable to normal Internet traffic Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks. . * Worms--A worm is a program that replicates but doesn't necessarily infect programs. Worms can replicate by e-mail, making use of Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see . Microsoft Outlook or Outlook (full name Microsoft Office Outlook address books for example, and infiltrate regular data processing data processing or information processing, operations (e.g., handling, merging, sorting, and computing) performed upon data in accordance with strictly defined procedures, such as recording and summarizing the financial transactions of a programs to alter or destroy the data. For instance, a worm might penetrate a bank's customer accounts and destroy them or transfer account information to the hacker. * Backdoor See trapdoor. Threats--Most organizations and individuals sending confidential data over the Internet use some kind of encryption or authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. to protect the information. What most don't realize, however, is that even though the application and transaction may be secure, a clever hacker can slip through a computer's "back door" while it's connected to the Internet and plant a Trojan through an e-mail or virus. Once inside the host PC, the hacker takes control and remotely executes commands to access, delete or modify files, including password files, financial records, and sensitive corporate data or shut down the system, capture keystroke key·stroke n. A stroke of a key, as on a word processor. key  stroke logs, and even
take control of video cameras attached to the system.
Data backup and storage In addition to security, another critical disaster prevention issue that businesses must address is data backup and storage. In any organization, written backup procedures and recovery policies must exist. These policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental should be documented formally and documentation standards should exist in order to keep policies and procedures current and up to date. Backup policies and procedures should be read by all appropriate parties, and reviewed and updated on a periodic basis. Information residing on individual PCs, especially sensitive, critical information, should be backed up on a regular basis. Full daily backups or online disk storage may not be as necessary per se mission critical systems or application, but should be backed up incrementally, either daily or weekly, as is appropriate for business needs. Backup tapes should always be rotated to an off-site location for storage. In the event of a disaster, the unavailability of backup tapes may significantly affect restoration activities. Redundancy such as this is what saved many of the businesses affected by the September 11 terrorist attacks. Internet "Top 10" Security Checklist The following "Top 10 Security Checklist," which Interliant's Security group provides to its customers, will help you start the process of looking at your current approach to a secure environment and provide insight into the areas that you may need to address as you move towards an Enterprise Security Solution. 1. Protect your e-mail systems: Use an e-mail content filtering See Web filtering and parental control software. solution to protect your mail systems from malicious activity. It's preferable that this be a separate system located in a DMZ (DeMilitarized Zone) A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet. Also called a "perimeter network," the DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a (demilitarized zone See DMZ. ) network. This solution should, at a minimum, allow filtering based on text strings within messages as well as the ability to monitor and restrict attachments. This system should integrate with an anti-virus product so that all attachments are virus checked. 2. Triple check your firewall configuration: Your firewall is a critical component of your security strategy. Its configuration and rule-base should be closely guarded. On a regular basis, multiple security administrators or a security consultant should perform a reality check. Verify that your rule-base includes a "Stealth Rule." This is a rule that prevents anyone from talking with your firewall directly. This is usually placed as early in the rule-base as possible. For example, a Stealth Rule for Check Point Firewall-1 would look like this: SOURCE DESTINATION SERVICES ACTION Any Firewall Any Drop TRACK TIME INSTALL COMMENTS Long Any Firewall Stealth Rule 3. Test for vulnerabilities: Perform frequent vulnerability assessments or penetration tests to identify vulnerabilities that may exist on your systems. Tests should be performed with multiple assessment tools from the Internet as well as from inside the network. As part of this test, run a password-cracking tool to test the strength of user passwords. 4. Educate your users: Employees expect that the company will keep their personal information secure. It's your company's duty to exercise diligence to make sure that social security numbers, health information, and other personnel information is kept private. You should expect the same level of security from your employees when it comes to corporate data. Regular Security Awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. training provides the opportunity to make users aware of best practices, corporate policies, and to review some "do" and "don't" rules. In addition, the training serves as a forum to allow your employees to ask questions. 5. Keep the operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. (OS) and applications current: Be sure all OS and application revision levels are up-to-date. Not only does this usually provide a more stable system, it also makes it easier to deal with hot-fixes and security patches later. Have you ever tried to quickly install a security patch, only to find that you needed to install an Operating System Service Pack first? 6. Monitor your network: Review router, firewall, and host logs on a regular basis. If this task takes too much of your time, then consider an integrated log management and reporting tool. If you have a central SYSLOG (SYStem LOG) See log and syslog protocol. logging server, be sure that it's kept up-to-date and secure. An Intrusion Detection System This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. will let you see and correlate activities that will go unnoticed when using simple logging only. If you have an IDS system, be sure to keep signatures current. If there is no IDS in place, you should immediately start looking into something that will meet your requirements. 7. Put Internet accessible hosts on a Demilitarized Zone (DMZ): Any host that can be directly accessed from the Internet should be in a DMZ network, not your internal local area network (LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. ). For example, Web, mail, and ftp (file transfer protocol A communications protocol used to transmit files without loss of data. A file transfer protocol can handle all types of files including binary files and ASCII text files. See Kermit, Zmodem and FTP. ) servers should be on a separate network segment that is connected to the firewall only. Firewall rules are then created to allow access to these systems from the Internet, and to allow these servers to communicate with systems on your LAN. 8. Apply those security patches: Lately this seems to be a daunting daunt tr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin task. Whatever it takes to keep up with vendor provided security patches and hot-fixes, it must be done. There are some tools available to help manage this process for large numbers of servers. Some OS vendors are in discussion with anti-virus companies to map out a strategy for simplifying patch dissemination and application. For now, it's primarily a manual process. You should be keeping current with security-specific patches for all hosts, firewalls, routers, and appliances on your network. Monitor security and vendor Web sites and mailing lists for the latest news on security patches. 9. Anti-virus everywhere: All systems, from notebooks and desktops to mission-critical servers need to be protected from viruses. If you have anti-virus software anti-virus software n → Antivirensoftware f running everywhere, make sure it is configured to properly protect your systems. It should be against corporate security policy for users to disable anti-virus protection, unless authorized to do so. Virus signatures should be updated often. In light of the recent barrage of worms (Code Red, Code Red 2, Nimda, etc.) it's a good idea to check for signature updates on a daily basis. 10. Get working on those security Policies: If you have written policies that relate to corporate information systems, they probably need to be updated. Many things have changed in a short period of time. If your company has no written policies, first create an Information Security Roadmap that outlines the current risks and how they can be addressed. From this, security policies can be developed for the topics that are pertinent to the environment. Bob Mellinger is vice president of association, partner, and strategic account sales at Interliant, Inc. He can be reached via e-mail at bmellinger@interliant.com or by telephone at 703-762-1833. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion