Home > Articles > Security > Software Security

Donald Pipkin's Security Tips for the Week of December 23rd

  • Print
  • + Share This
Take a tip from Don Pipkin, writer of "Halting the Hacker," as he shares a daily nugget of his knowledge of information security. Invest a minute of your day to learn something new about protecting your information assets.
From the author of

Security Tip for Friday, December 27th, 2002

Security Just Has to be Good Enough

Security is a "good enough" proposition, based on the financial value of the assets being protected and the risk that a financial loss will occur. Keeping this in mind can help keep you from overbuilding your security solution. An appropriate security solution requires that you have a thorough understanding of the value the information and the processing has on the business, and the impact its loss can cause. Understanding the business is equally as important as understanding the technology in the creation of a security architecture.

Security Tip for Thursday, December 26th, 2002

Evaluate Insurance for Loss Avoidance

Cyber crime insurance is starting to become available from a number of insurance companies. These policies offer financial protection from specific losses. Currently, most of them are focused on electronic commerce sites and losses from external denial of service attacks. Where these policies address a segment of your business, they should be carefully examined and evaluated to determine if the coverage and the associated risk reduction that they provide are economical, based on the premiums. Insurance should not be forgotten as a very viable part of your complete security solution.

Security Tip for Wednesday, December 25th, 2002

Monitor for Unknown Systems Connected to the Network

The appearance of unknown systems connected to the network can indicate that an unauthorized person has attached a system to the network for malicious reasons, or it can be that someone has upgraded a system or replaced a network card. With employee turnover and the common use of contractors, intruders can gain unchallenged access to company offices where they can attach systems to gather information or from which to launch attacks. A strong asset management system and policies that require registration of systems attached to the company network can help manage the corporate resources and reduce physical system intrusions.

Security Tip for Tuesday, December 24th, 2002

Perform a Security Drill

Schedule the next disaster recovery drill to be based on an electronic attack instead of a natural disaster. Test your response procedures when your network is flooded and critical systems have been breached causing you to be uncertain of the integrity of your online information. Can you fall back to offline procedures for critical processes while systems are restored? Can you disinfect all the PCs in the corporation while the network is flooded? Are there out-of-band procedures? Today, these soft disasters have to be evaluated, planned for and tested.

Security Tip for Monday, December 23rd, 2002

Implement Base-line Security Everywhere

A minimum base-line security standard should be established and enforced on all systems. It should define the minimum file permissions and the restrictions applied to privileged users in accordance with defined policies. Bastille can be used on Unix systems to create and implement this base-line standard. It can be run in a non-interactive mode to set a pre-defined set of security policies on a system. Systems should be reviewed to ensure that they remain in compliance with the security base line.

Check back here every weekday for another security tip!

  • + Share This
  • 🔖 Save To Your Account