Identifying Potential Threats

As you prepare your overall security plan and de-militarized zone (DMZ), it is important to identify and evaluate the potential risks and threats to your network, systems, and data.You must evaluate your risks thoroughly during the identification process to assign some sort of value to the risks to determine priorities for protection and likelihood of loss resulting from those risks and threats if they materialize. You should be looking at and establishing a risk evaluation for anything that could potentially disrupt, slow, or damage your systems, data, or credibility. In this area, it is important to assign these values to potential threats such as:

- Outside hacker attacks

- Trojans, worms, and virus attacks

- DoS or Distributed Denial of Service (DDoS) attacks

- Compromise or loss of internal confidential information

- Network monitoring and data interception

- Internal attacks by employees

- Hardware failures

- Loss of critical systems

This identification process creates the basis for your security plan, policies, and implementation of your security environment.You should realize that this is an ongoing evaluation that is subject to change as conditions within your company and partners, and employee need for access, change and morph over time. Security is a process and is never truly “finished.” However, a good basic evaluation goes a long way toward creating the most secure system we can achieve.

Using VPNs in Today’s Enterprise

Ensuring that your data arrives safe and sound when it passes through a network is something everyone wants to have. In an ideal world, your data’s integrity and confidentiality would be guaranteed. If this sounds like a fantasy, you are wrong.These types of guarantees can be made when you use IPSec VPN technologies. When you use an IPSec connection between two networks or a client and a network, you can ensure that no one looked at the data and no one modified it. Almost every company today uses VPN technologies to secure its data as it passes through various networks. In fact, many regulations specify that a VPN connection must be used to pass specific types of data. IPSec provides integrity checking to ensure your data was not modified. It also provides encryption, ensuring no one has looked at the data. When two sides create a VPN connection, each side is authenticated to verify that each party is who they say they are. Combined with integrity checking and encryption, you have an almost unbeatable combination.

The Battle for the Secure Enterprise

This article covers the NetScreen firewall product line and focuses on that specific product and technology. A firewall is the core of securing your network, but other products should also be implemented in your network.These additional devices help ensure a network that has security covered from all angles.The following technologies are usually the minimum that companies should implement to provide security in the organization. A firewall can contain many different types of technology to increase its importance in your network. Many firewall products today can integrate several different technologies, and almost all provide VPN services.This allows secure streams of data to terminate to your firewall.This is usually over the Internet, but also over other unprotected networks. When the traffic gets to your secured network it no longer requires encryption.You can also force users to authenticate before accessing resources through the firewall.This commonly used practice denies access to systems until the user authenticates. When doing this, clients cannot see the resource until authentication has occurred. URL filtering is another requirement in many organizations, and provides a way to accept or reject access to specific Web sites.This allows companies to reduce liability by users accessing inappropriate Web content. Many firewalls can integrate with this type of scanning when used with another product. Anti-virus is a requirement for any organization today.With more viruses being written, the last thing you want in your network is a virus outbreak.The Windows operating system is built to provide so many different functions that there are many ways it can be exploited. In recent months, Microsoft has done a great job of coming out with security patches when or before an exploit is discovered.Typically, though, when vulnerability is discovered an anti-virus company has a way to stop it much faster than Microsoft. An outbreak on your network can mean disaster, data loss, or loss of your job. Data is a company’s most valuable asset today, and loss of that data or access to it can cost companies millions of dollars or more per day. Firewalls can be used to perform virus scanning.These devices are usually deployed in a central area on the network. A tiered anti-virus solution is a requirement for any organization.

You should have anti-virus scanning on all your desktops and servers to stop infections at the source.This will help prevent most virus outbreaks. In addition, you should have anti-virus scanning on your Simple Mail Transfer Protocol (SMTP) mail forwarder and should be resident directly on your mail server.Your chances for a virus outbreak should be small as long as you keep all of those devices up to date with the appropriate virus definitions. New technologies such as inline virus scanning in firewalls and other network appliances can provide extra protection from viruses. Patch management has become a Herculean effort with all of the software an organization needs to run today. Patching operating systems and applications as soon as a vulnerability occurs is a must.With limited staff and increased software deployed, this task is almost impossible to accomplish. However, by providing an anti-virus system, you can provide a first level of defense against the spreading of malicious software or malware. No matter what device or security you provide, everything usually comes down to some type of access token, usually a username and password. Using static usernames and passwords is not enough anymore. Even 15 to 30 days may be too long to keep the same password.Two-factor authentication, digital certificates, and personal entropy are leading the march to provide a stronger nonstatic type of authentication that is hard to break. Your network has millions of packets traversing it every day.

Do you know what they are all doing? This is where an intrusion detection or intrusion detection and prevention device comes into play.These devices detect application- and networkbased attacks. Intrusion detection devices sit on your network and watch traffic.They provide alerts for unusual traffic, and TCP resets to close TCP sessions.The newer technology of intrusion detection and prevention provides the ability to stop malicious traffic altogether and alert on it. However, heavy tuning of the products is required to make them effective. Access into your network should be encrypted whenever possible.This ensures that parties not authorized to see your data do not get access to it by any means. IPSec VPN clients are one of the most popular ways to do this.This type of client provides strong encryption of your data and access to your internal resources without having them publicly accessible.A new trend in VPN solutions is the Secure Sockets Layer (SSL) VPN.These products allow you to put more behind them and do not require predeployment of a VPN client.

External Communications (also see “Remote Access”)

- Modems are not disconnected The problem with unsecured modems is that they can be attacked by wardialers who simply look for modems connected to corporate networks.These can create significant security holes and are often overlooked in our quest to lock down the wired network.

- An ISP connection exists without written approval In most companies, this might be a difficult trick to achieve, but it certainly warrants examination to ensure the ISP connection(s) is managed by the IT department and not some errant user who managed to get the local ISP provider to run a cable into the office on a Saturday morning.

- Communications devices are not password protected This seems like a giant “Duh!” but you’d probably be surprised how often communication devices such as modems, routers, switches, and other “smart” devices are left unprotected by even a simple password, or use the default password that came with the device out of the box.

- No warning banner Failure to display the required login banner prior to logon attempts will limit the site’s capability to prosecute unauthorized access. It also presents the potential for criminal and civil liability for systems administrators and information systems managers. Not displaying the proper banner will also hamper the site’s capability to monitor device usage. Displaying a banner warning users of the consequences of unauthorized access helps ward off the bad guys and draws a line in the legal sand that you might need later.