Friday, April 22, 2011

Network Security Threats

Network Security Threats

Network Security

You absolutely must protect your internal corporate network and perimeter networks from intruders and malware using network firewalls (software and/or appliances), VPNs (virtual private networks), IDSs (intrusion detection systems), as well as web and content filtering for your enterprise. Network security is a constantly continuing and dynamic process.

Network security includes the following four steps:
  • Secure: Lock your networks with a combination of authentication, encryption, firewalls, and continuous patching of system vulnerabilities;
  • Examine: To maintain a secure network, you have to regularly monitor the state of security mechanisms, readiness, and incident handling procedures. Network vulnerability scanners from a number of reputable vendors will proactively locate areas of weakness, and IDSs can alert and respond to security events when they occur. Your organization can get high visibility of the network data stream and the security condition of the network using emerging security solutions;
  • Test: Equally as vital as network examination and assessment is testing. Without adequate testing of the security solutions, it's tough to know about new threats and attacks. The hacker community is an ever-changing continuum with menacing designs on your systems and data. You can perform this testing yourself or you can outsource it to a third party;
  • Enhance: Use the information gathered from the Examine and Test phases to constantly enhance and improve the corporate security implementation and modify the security policy as new vulnerabilities and risks are identified and the business model changes.
It's much more effective to address security with a sound proactive strategy as opposed to a reactive and uncoordinated approach. A strategic methodology allows you to control security at the business level and at every area of vulnerability. This layers of security implementation provides a technique for each area of security in your business. Your security team can pick and choose which layers to concentrate on for your particular business needs. You can effectively prioritize specific areas for immediate action, and then easily add security mechanisms at any layer at any time as your business changes and your security assessment dictates.

Physical Security

Physical access threats can be placed into four major categories:
  • Electrical: Electrical vulnerabilities are seen in things such as spikes in voltage to different devices and hardware systems, or brownouts due to an insufficient voltage supply. Electrical threats also come from the noise of unconditioned power and, in some extreme circumstances, total power loss;
  • Environmental: Not only do you need to secure your systems from human interference, but you also need to secure them from the interference of natural disasters such as fires, hurricanes, tornados, and flooding, which fall under the realm of environmental threat. Environmental issues also come from extreme temperature or humidity;
  • Hardware: Hardware threats are simply the threat of physical damage to corporate hardware or its theft;
  • Maintenance: Maintenance threats are due to poor handling of electronic components, which cause ESD (electrostatic discharge), the lack of spare parts, poor cabling, poor device labeling, etc.
Place your systems (servers, routers, switches, appliances, management stations, etc.) in a controlled environment whenever feasible. Mission-critical equipment must be confined to computer rooms, server rooms, or wiring closets. Here are some recommendations for equipment security:
  • Offer limited and locked (physical or electronic) access to authorized personnel only;
  • The area should not be accessible through dropped ceilings, raised floors, windows, or ductwork;
  • An official, secured access point must be the only point of entry;
  • Electronic access control should be implemented, if feasible, with all attempts to access logged by security systems and monitored by security personnel;
  • Trained security personnel should monitor security cameras with automatic log recording if possible.
In addition to the electrical threats mentioned earlier in this section, electrical supply problems should be limited with the following measures:
  • Install UPS (uninterruptible power supply) systems for mission-critical hardware;
  • Deploy backup generator systems for mission-critical disaster recovery if feasible;
  • Test and maintain UPS and/or generators based on the manufacturers' suggested preventative maintenance schedule;
  • Monitor and alarm power-related parameters at the supply and device level;
  • Use filtered power and install redundant power supplies on mission-critical devices.
The following guidelines should be used to mitigate against hardware and maintenance-related threats:
  • Always follow ESD procedures when replacing or working inside hardware devices;
  • Label and secure cabling to equipment racks to protect against accidental disconnection or damage. This also helps prevent hardware from walking away with the assistance of thieves;
  • Use cable runs and/or raceways to traverse rack-to-ceiling or rack-to-rack links;
  • Maintain critical spare parts and modules in case of emergencies;
  • Don't leave a console, workstation, or management station logged on with administrative access when you leave the area for any significant amount of time. Be sure these systems are locked down with cables and locks as well;
  • Maintain a regularly updated database of all hardware documentation and technical support information in case of emergencies.
One of the most significant reasons for placing physical security as the top security layer is that it can often be implemented with low cost, diligence, and common sense. Remember that an entire fleet of expensive security software tools can quickly be rendered impotent if a malicious user can gain physical access to your corporate servers, networking devices, and management workstations.

Data Security

The second layer of security is data security, which involves a variety of complex mechanisms. This area consists of components to guard against unauthorized access to data in storage as well as data that is transmitted over communications networks, both private and public. This layer involves components such as integrity controls, and authentication, plus additional access controls and/or encryption mechanisms.

Integrity controls are mechanisms that ensure that the data being electronically stored or transmitted is valid. One of the best open standards for implementing data security is IPSec (Internet Protocol Security). This can include additional support for message and user authentication. Message authentication is the process of ensuring that the sent message exactly matches the received message. User authentication makes sure that the sender of the message is genuinely who they are supposed to be. Businesses can also use these technologies to guarantee accountability and reliability when exchanging electronic documents, such as contracts and agreements.

System access controls involve controlling access to corporate information, system and documentation files, electronic records and assets, and even data about customers or clients. User access management prevents unauthorized access to business information systems and computers as well. These access controls can also involve monitoring and auditing. Network operating systems from a number of vendors provide secure directories and file systems with access security measures and hardening techniques -- Microsoft Windows 2003 with Active Directory is a prominent example.

Encryption is any process or technology that uses cryptography to translate plaintext into cipher text. This is used to keep someone other than the intended recipient from reading the data. Encryption is often provided by third-party components or integrated code on the actual system boards. Digital signatures, certificates, and PKI (Public Key Infrastructure) tools can be used to provide this service.

Application Security

Application security mechanisms include the usage of secure program code, regular updates, patching, and fixing, and security policy software solutions to guarantee secure business application processes. Some programs introduced into the environment can be Trojan horse programs that are actually snippets of nefarious code in disguise. You should use antivirus software and software firewalls in concert with your corporate collaboration and productivity applications to protect against attacks.

© 2007 Hewlett-Packard Development Company, LP
The HP Small Business Connection brings together products, services, and solutions designed with your business in mind.