Donald Pipkin's Security Tips for the Week of November 25th
Security Tip for Friday, November 29th, 2002Implement System Firewalls
A system firewall is a software package that isolates a single system from specific communications, just as a firewall isolates a network from specific communications. These are available for both Unix and Windows systems. You can define "firewall rules" to allow or deny specific packets. The packets can be specified by address, port, network interface, and many other packet attributes. This allows you to isolate a system from communications that it has no reason to need (e.g. FTP from the Internet) and continue to allow appropriate connections from appropriate sources (e.g. SNMP from network management stations).
Security Tip for Thursday, November 28th, 2002Eliminate Clear-text Protocols
Network sniffing has been a major security issue in which user IDs and passwords are stolen and corporate information is disclosed. Sniffing occurs on both corporate intranets and public networks like the Internet. Today, there is really no reason to still be using clear-text protocols. Telnet and FTP are the two main culprits and they can both be replaced with secure shell (SSH). If other clear-text protocols cannot be replaced, then it can be tunneled through a secure protocol like SSL.
Security Tip for Wednesday, November 27th, 2002Take a Day to Be a Hacker
Take a day to examine your organization from the hacker's point of view. Look at your computer resources and data to see what there is that would be of interest to a hacker. Is there data that could be converted into money, or unique resources that a hacker would want to use, or access that could be utilized to stage attacks against other sites? Examine the points of entry into your systems. Scan firewalls, webservers, and e-mail gateways for vulnerabilities. You can war-dial for modems or "sniff the air" for wireless access points. These are the doors that an outside attacker will use.
Security Tip for Tuesday, November 26th, 2002Make Time for Patching
Overwhelmingly, security incidents are the result of the exploitation of known vulnerabilities that usually have already had a patch issued by the time the incident occurs. Keeping security patches current on a system may well be the best protection effort an administrator can take. Today, most vendors have a mailing list specifically for security patches; some are providing tools to monitor for new security patches and notify the administrator when a security patch that is applicable to their system is posted. Read the patch information carefully; security patches often require some reconfiguration, in addition to applying the patch, to make them effective.
Security Tip for Monday, November 25th, 2002Awareness Provides the Best Security ROI
Employee awareness is one of the most effective security precautions available. When the user community understands the importance of security and the implications of not operating securely, they are very willing to participate in the security process. They need to know their part in the process -- how they are to use the security features that are available to them and where to report abuses. Awareness increases compliance and reduces complaints. It gives you more people thinking about security offering suggestions and reporting failures. Everyone needs to be part of your information security team.