I am a network administrator. Recently, a number of local companies have been hacked, some from the Internet and some by physical break-ins. I need to address these possibilities for my company. What security tools and procedures can anyone recommend to deploy and use in a situation like this? For the network? What vulnerabilities would these monitor or correct? With these in place, what would the network still be vulnerable to? All info is appreciated.. thanks ♥
Network Security?
You can reduce the risk by applying good business judgement and procedures. Someone mentioned SANS and INSECURE.ORG as a start. You will also need to implement good governance and risk management programs at the company to...again...reduce the risk from these things to happen.
For IT Governance you can use COBIT 4 and GAIT (ITGeneral Controls Scope Based on Risk (GAIT).) from ISACA and The IIA respectively. Their links are:
http://www.isaca.org
http://www.theiia.org
You can use also the European version of COBIT if you search for ISO17799 and also ITL.
All these are control objectives of the IT Environment that serves as the guide to best practices.
For Internet break-in you need to watch your entry points and their vulnerabilities. This inclues the settings on the firewall, VPN, Remote Access, and Web Services (IIS, FTP, Email) for example. On each you would like to harden their configuration to prevent misconfigurations that a hacker can use to break into your systems. The Center For Internet Security (cisecurity.org) has develop benchmarks for OS and some appliances that you can test the configuration and apply best practices design by experts.
This is just one step, you can do your own checks with nessus to verity you don't have holes in your network. Be careful running this tool. There is an option to run scans that are very intrusive and can perform denial of service attacks (DOS) on your machines. If you decide to run these scans you should coordinate them to make sure you can recover if something goes wrong.
Next, you should have Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) depending on your taste and budget. A good free IDS that runs on LINUX is Snort (snort.org). There is a lot of add ons for Snort that are GPL and can be found at sourceforge.net. If you don't want to mess around the configuration of LINUX and the Snort application you can download a virtual appliance from VMWare already pre-configured (www.vmware.com). The server version that runs on LINUX or Windows Servers is free of charge. I would be surprise if you are not using VMWare or MS Virtual PC. However, VMWare is the leader on virtual technology.
Now that you have preventive and detective controls is time to look at each individual vulnerabilities of the services you provide or the devices you are trying to protect.
For email you would want to have an appliance that can filter spam and that can block individuals from browsing places that can get infected with internet scripts. This can still be achieved centrally on the network.
On the desktop you would want to have good antivirus software installed and periodically scanning for viruses. The leaders are Symantec and McAffee. Each one has its pro/cons.
You would want to establish a periodic review to check what software gets installed all computers including the servers. Look for P2P, IRC, FTP Servers, and anything that can create a conversation with the exterior.
Establish a periodic review to check rouge devices, wireless, with netstumbler (netstumbler.org) and confiscate any that is physically connected to the network ASAP (extends your network and your security risks)
For physical security I can send you an audit program that covers some basic and standard things us IT Auditors look for. For example things we look at like security guards, cameras, the position doors open, ornamental barriers that serve as physical security, signs that can give the location of the data center, barriers to prevent cars crashing into the building, access configurations, etc...
Also, you should implement a security awareness program if you have not done so. This will educate the end-user on thing to watch for and things not to do while using email, internet, and other treats like social engineering attempts.
If you need more information security info just send me an email to mpg_2@yahoo.com.
By the way, what companies were recently broken into? I believe you live in Puerto Rico and I used to live there until 2000.
Cheers!
Reply:Network security all depends on how serious you want to get, there are almost not limits to how far one can go. A good place to start though would be insecure.org there you can links to security scanners (to help find holes in your network security). Also search for the "sans reading room" here you can find great articles abou securing networks as well.
Make sure that your wireless access points are using WPA at least with a long password.
Make sure that all users passwords are at least 8 characters long and have letters and numbers (at least). If possible make them contain special characters (!@#$%, etc) and be case sensitive. (alot of this depends on you supporting hardware, software).
if you don't have a firewall, get one. You can buy some easy to configure ones at best buy. If your really low on budget build one (search for monowall project or ipcop, both free firewalls, you just need an extra computer and some spare time).
Make sure that all your client computers have antivirus running and firewall software as well
Reply:It is hard to control passwords so I would make user names cryptic. I do that at home on my linux machines. I counted about 6000 ssh attempts in the first couple of days after setting it up.
Do not allow root access from out side. This way they need to crack a user account first. Disallow login to accounts like mysql and any other default accounts. Some people move ports too.
dental bridge
No comments:
Post a Comment