The need for a secure computing environment has never been greater. Right now, information security professionals are in great demand and the importance of the field is growing every day. All the industry leaders have been placing their bets on security in the last few years.
Just recently, Bill Gates and Steve Ballmer of Microsoft have been quoted as saying that secure computing is no longer an optional component, but is something that should be integrated into every system rather than being thrown in as an afterthought. Usually programmers would concentrate on getting a program working, and then (if there was time) try and weed out possible security holes.
Now, applications must be coded from the ground up with security in mind, as these applications will be used by people who expect the security and privacy of their data to be maintained. This series intends to serve as a very brief introduction to information security with an emphasis on networking.
For an understanding of what lies in this series, you should have decent knowledge of how the Internet works. You don't need to know the ins and outs of every protocol under the sun, but a basic understanding of network (and obviously computer) fundamentals is essential.
Hacker or cracker?There is a very well worn out argument against using the incorrect use of the word 'hacker' to denote a computer criminal -- the correct term is a 'cracker' or when referring to people who have automated tools and
While many feel that this distinction has been lost due to the media portraying hackers as computer criminals, we will stick to the original definitions through this series.
This series will cover the following topics:
Part one: The threat to the enterprise
Part two: Common security measures explained
Part three: Intrusion-detection systems
Part four: Penetration testing and more information
The threat to the enterpriseMost businesses have conceded that having an Internet presence is critical to keep up with the competition, and most of them have realized the need to secure that online presence.
Gone are the days when firewalls were an option and employees were given unrestricted Internet access. These days most medium-sized corporations implement firewalls, content monitoring and intrusion-detection systems as part of the basic network infrastructure.
For the enterprise, security is very important. The threats include:
- Corporate espionage by competitors,
- Attacks from disgruntled ex-employees
- Attacks from outsiders who are looking to obtain private data and steal the company's crown jewels (be it a database of credit cards, information on a new product, financial data, source code to programs, etc.)
- Attacks from outsiders who just want to use your company's resources to store pornography, illegal pirated software, movies and music, so that others can download and your company ends up paying the bandwidth bill and in some countries can be held liable for the copyright violations on movies and music.
As far as securing the enterprise goes, it is not enough to merely install a firewall or intrusion-detection system and assume that you are covered against all threats. The company must have a complete security policy, and basic training must be imparted to all employees telling them things they should and should not do, as well as who to contact in the event of an incident. Larger companies may even have an incident response or security team to deal specifically with these issues.
One has to understand that security in the enterprise is a 24/7 problem. There is a famous saying, "A chain is only as strong as its weakest link." The same rule applies to security.
After the security measures are put in place, someone has to take the trouble to read the logs, occasionally test the security, follow mailing lists of the latest vulnerabilities to make sure software and hardware is up-to-date, etc. In other words, if your organization is serious about security, there should be someone who handles security issues.
This person is often a network administrator, but invariably in the chaotic throes of day-to-day administration (yes we all dread user support calls), the security of the organisation gets compromised -- for example, an admin who needs to deliver 10 machines to a new department may not password protect the administrator account, just because it saves him some time and lets him meet a deadline. In short, an organization is either serious about security issues or does not bother with them at all.
While the notion of 24/7 security may seem paranoid to some people, one has to understand that in a lot of cases a company is not specifically targeted by an attacker. The company's network just happens to be one that the attacker knows how to break into and thus they get targeted. This is often the case in attacks where company ftp or Web servers have been used to host illegal material.
The attackers don't care what the company does -- they just know that this is a system accessible from the Internet where they can store large amounts of warez (pirated software), music, movies, or pornography. This is actually a much larger problem than most people are aware of because in many cases, the attackers are very good at hiding the illegal data. It's only when the bandwidth bill has to be paid that someone realizes that something is amiss.
Click here for part two: Common security measures.
Click over to Firewall.cx for more articles like this one. You don't have to register or jump through any hoops. All you do is get the networking information you want. Copyright 2004 Firewall.cx.
This was first published in February 2004