|
Security
|
A firewall
acts as a barrier between security zones of an internal network and an outside
network. A firewall is commonly installed between the public Internet and the
corporate network. The firewall is configured to allow the types of network
traffic desired by an organization and to deny all others. This protects
valuable data assets like database servers from external attacks.
A
firewall may exist as a dedicated piece of equipment much like a router or
switch OR it may be firewall software installed on a computer that bridges the
two networks. In either case, it is the configuration of the traffic rules on
the firewall that determine the security level it offers.
A proxy
acts as a buffer between security zones of a network much like a firewall. The
difference is that instead of allowing traffic to flow through it, it makes
requests of networks on behalf of the connecting machines coming through it.
This helps to mask the identity of the machines coming through it and further
protect them. While a firewall may be deployed between security zones of an
organization's internal network, a proxy is almost always deployed exclusively
between corporate networks and the Internet.
Anti-virus
software, or scanners as they are sometimes referred to, attempt to
detect and block the presence and activity of malicious code. The majority of
anti-virus software attempts to do this by comparing code to a library of known
virus samples. This methodology of detecting a virus is called Signature
Based detection. As new viruses are being developed daily, (several hundred
per month according to anti-virus vendor labs) the maintenance and distribution
of the known virus library is a resource intensive undertaking. This is usually
accommodated with anti-virus software that regularly connects over the Internet
to a central site for downloading of the latest definitions. Anti-virus software
is available to scan electronic data at all entrance points to your system and
network including client computers, mail gateways, firewalls, and Personal
Digital Assistants (PDAs).
In
addition to Signature Based detection, Heuristic Based anti-virus scanners
are available. Heuristic scanners watch systems for signs of virus-like
activity that may include writing to executable files, reading the email
address book, or issuing destructive commands. Most modern anti-virus software
packages combine elements of both types of scanning.
When
anti-virus software detects a virus, the program can be set to delete or
quarantine the suspect code.
In
the past when organizations needed to extend their networks to business
partners or remote offices, the only way to do it was to lease lines from a
telecommunications company (telco). The leased lines formed the organization's
private network.
A
virtual private network works by using the public Internet while maintaining
privacy through security procedures and tunneling protocols such as the Layer
Two Tunneling Protocol (L2TP). As a result of the Internet's access to
worldwide locations, the VPN allows an organization to extend its network when
and where its needed without incurring a large investment. For example, an
employee could work from home or a traveling executive could connect in an
airport lounge through a secured VPN connection.
VPN
connections use encryption technology and firewalls to mitigate the risks that
allowing connections from the Internet entails.
Email
has become a de facto standard for all types of business communication from
purchase orders and contracts to the relaying of instructions and requests. It
is important to note that the majority of email installations have a large
number of security weaknesses. For example, email that is sent unencrypted on
the network makes it susceptible to interception by sniffers. As well, forging
the From: address on an email is a trivial task.
Even
when a computer system is secured (or hardened , in computer security
lingo) to a very high level, the data is still vulnerable to an attacker who
can gain physical access to the system. For this reason, computers with data
that needs to be secured must also be physically protected in the same way that
the data would require if the information existed in physical file folders.
Organizations protect their computing and data assets by storing them in locked
data centers with restricted access systems.
Software
where the source code is available to the users is called open source
software. Open source proponents argue that because the source code is open to
scrutiny by security experts around the world, mistakes in the code that could
be exploited by attackers are found. Vendors of closed source systems have a
valid point that the source code is available to the same attackers to study.
Several
popular information security tools are available as open source as well. These
tools generally break new ground in functionality before similar commercial
tools.
The
portability of computers makes them especially susceptible to physical theft.
This applies to laptops, Tablet PCs, Pocket PCs and Palm computers. The
computer replacement cost is only a small part of the overall costs when a
computer is stolen. The time lost by an employee while they await a replacement
as well as time spent restoring the lost data can greatly exceed the hardware
cost. To combat theft, cables and motion sensitive alarms can be affixed to
standard lock down points on most laptops. Encryption software specifically
designed to make data on laptops unreadable to others is also available.
An
intrusion detection system is a tool of information security and network
professionals that detects unauthorized access to computer systems. It
accomplishes this as a network device that analyzes network traffic looking for
known attack patterns. It can then terminate the network session, blocking out
the attacker. An IDS can also be installed on a web server or database server
to monitor network traffic for attacks specific to those environments.
A PKI
is a technology and policy infrastructure deployed by an organization that
enables the assigning of digital certificates to users and computers.
A digital
certificate is a special file that a user or server can use to authenticate
itself. It makes use of encryption keys and digital signatures to enable this.
Digital certificates are issued from a certificate authority server in a public
key infrastructure. By installing digital certificates in an email program, a
user gains the ability encrypt and sign email messages.
One
of the problems with the deployment of PKI and digital certificates is when
users need to use their digital certificates from several locations. One of the
solutions to this problem is storing the digital certificate on a smart card. A
smart card is a credit card sized piece of plastic with an integrated computer
chip. A user can then use their digital certificate anywhere a smart card
reader exists.
When
a company chooses to use e-commerce to take advantage of reduced process costs
in the buying and selling of goods, they must consider the risks in doing so.
Policies must be adopted and implemented that ensure authentication and
authorization are at levels the company requires to conduct business. The risks
of accepting electronic transactions must be mitigated to acceptable levels
with policy and technical controls.
Modern
computer systems and applications are capable of generating extensive logs of
all activity on the systems. This activity can include transaction records,
security modifications, and records of attempts to conduct unauthorized
activities. The security and audit departments of an organization should
undertake regular reviews of these important logs.
The
overall security posture of an organization largely depends on the investment
in information security education it makes. End users of computer systems must
be made aware of the value of the assets they work with daily. Management must
ensure that appropriate resources are made available to secure the
organization's assets. Information technology staff must be kept up to date on
the proper development and deployment of technology.
The
number of corporations using criminal record checks as part of their hiring
processes is increasing. Employees, and especially information technology
employees, are trusted with large amounts of data upon which the employer
depends for its existence. In addition, some employers use credit record
checks. The theory is that an employee in dire financial straits may be more
likely to commit theft or be susceptible to bribery.
One
of a corporation's most effective forms of protection is the use of policy
. A computer usage policy for their employees reduces liability for an
employee's actions. A security policy assists employees in ensuring that
security is considered in all decision-making processes.
Applications
that are deployed on Internet web sites require special security measures
compared to applications deployed within a corporation's network. On the
Internet, these computers are under constant attack from outsiders. A poorly
planned deployment of a web server on the Internet will only last a couple of
minutes before it is attacked and exploited.
Securing
a web server is not an easy job. The application that is deployed must have
been designed and developed by a team that has considered security throughout
the process. The host web site must have been installed and configured to a
high security state. Additional security measures such as firewalls and
intrusion detection systems should be properly deployed.
Using
radio frequency transmitters and receivers allows organizations to extend the
reach of their network infrastructure beyond the range of hard-wired cables. This
allows them to quickly and easily adapt to changes in their environment such as
the move to new office space. Wireless networks also allow for computers and
network technology to be applied in fields where it was not previously
practical. For example a doctor may carry a tablet computer around with him on
his rounds to make notes of patient conditions.
The
first setups of wireless networking equipment had poorly implemented security
standards and were susceptible to eavesdropping by outsiders. Since then, the
technology has matured to a point where a wireless infrastructure can be as
trusted as well as a wired one.
Encryption is the act of encoding or ciphering a
message or data into a format that is unreadable to unauthorized parties. Encryption
uses secret codes to allow authorized parties to read the data.
There
are a large number of encryption algorithms in use. The majority of them use
methodologies that are widely known. What makes their application secure is the
security of the keys used and not the secrecy of the algorithm themselves. The
US government standard for encryption is the Advanced Encryption Standard (AES)
algorithm. This algorithm replaces the aging Data Encryption Standard (DES).
The
science of cryptography relates to the development of new encoding algorithms
and uses for encryption. Current applications of encryption are capable of not
only hiding data, but also of using digital signatures which allow parties to
verify the source of email messages, program code and data.
A honeypot
computer system is installed on a network system to study attack activity. The
computer system would not contain any data of value, but may contain data that
appears to be of value. System administrators monitor these systems to find
indications of attack activity. Because the systems have no real business
purpose, any activity on the system is known to be unauthorized. This helps
them develop more effective defense systems for their production systems based
on the attacks they see.