Physical network security key to fighting low-tech threats

By Michael Morisy, News Writer 11 Feb 2009 | SearchNetworking.com

Network security news, advice and technical information Digg This!     StumbleUpon     Del.icio.us

Physical network security standards should be applied to everything from how old servers are treated at end-of-life to how the new voicemail system operates, because anything could prove a potential security hole. Companies must develop best practices in-house for recognizing and mitigating these threats.

"There's really no way I can write a document to protect you from risk," said Anton Chuvakin, a security author and blogger who's covered standards like the Payment Card Industry (PCI) Data Security Standard extensively. "I might not think about mandating locking your office, for example, because I live in New York City so I would never consider not locking my office."

While no "definitive" guide to risks can be written, it is possible to determine the risk areas for your enterprise -- any place where sensitive data is stored -- and then begin securing, or eliminating, those.

More on securing your network New PCI compliance rules ban WEP, tighten wireless LAN security When it comes to data loss prevention, networking should be part of the conversation

Getting started with physical security

A good source of inspiration might be a common standard, like PCI.

"The PCI standard is fairly comprehensive, with a 60-page document," said Charles Wu, president of CTI, a vendor of networking and telecom services and equipment. Many of the pages of that security standard cover best practices for physical security, ranging from restricting physical access to wireless access points (APs) to keeping security camera footage of sensitive locations logged for three months.

"It's like you're reading the traffic laws," Wu said. "For a network guy, when you really look into it, it's like having a firewall. It's really not that hard to do."

More complete security really requires going back, however, and evaluating sources of risk, looking at where sensitive data is coming in, and where it is being stored.

The PCI standard, for example, does not cover voicemails, where customers might leave their credit card information, Chuvakin said.

"It's such a side angle," he said. "But the threats are very real."

One often-overlooked way of reducing these threats, Chuvakin suggested, is to tweak business processes slightly to reduce possible avenues of attack or misadventure.

For example, if a company still takes some orders via fax, network security managers should push to eliminate the practice. Faxed orders can leave sensitive data sitting out exposed in a mailroom.

"Maybe you can adjust your processes just a little bit and the data is no longer stored there, so instead of 10 places you only have to protect in five places," Chuvakin said. "That really halves your efforts and expenses."

It's also important to stay on top of new business processes, like the aforementioned voicemail example. Many systems now send voicemails straight to email, opening up potential new avenues for risk.

"In PCI, that's not missed, it's just out of scope," Chuvakin said. "But if you're doing your own risk assessment, you have to think about it."

Tags: Network Security Best Practices and Products,  Network Hardware,  Working With Servers and Desktops,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Best Practices and Products Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices Network security threats solved by risk management: John Pironti explains Network Hardware 802.11n wireless APs bring IP video to sprawling Illinois high school 802.11n upgrade: College ditches legacy network for new vendor Network device management overload: Engineers managing too many boxes What is network infrastructure and what is a hybrid network? What preventative maintenance procedures for network devices exist? Can wireless adapters operate as client access points to make SoftAPs? Is there VLAN software recommend for Realtek NICs? IBM data center networking strategy: Battle HP with partnerships Intelligent edge switches: Complexity is driving a smarter LAN What will Avaya do with Nortel's data networking business? Network Hardware Research Working With Servers and Desktops What network loss testing tools/methods calculate dropped packets from a PC? Do I have to disable DHCP on my router to create a DHCP server? How can I replicate the services of Active Directory (AD) in ADC? Top 10 reasons why computers do not have network access to each other Troubleshooting -- 'Network Know-How' Chapter 17 Windows Server 2008 IP routing configuration: Static and dynamic RIPv2 Understand Windows tracert output to troubleshoot network connectivity Test your TCP/IP protocol stack to troubleshoot network connectivity Checking IP configuration to troubleshoot Windows network connectivity Using ping command for troubleshooting Windows network connectivity

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com) HELLO packet  (SearchNetworking.com) packet filtering  (SearchNetworking.com) rule base  (SearchNetworking.com) stateful inspection  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary