Manage Learn to apply best practices and optimize your operations.

Security - Managing the unmanageable

Network column by expert Carrie Higbie on managing security and security policies.

Picture yourself in a sea of consultants and technical end-users with all of the responsibility for their machines, networks and servers. Imagine files (and viruses) being brought in from customer sites, and just think of what may be leaving your business in the way of intellectual property and customer lists. Does the above image have you running for the nearest beach that serves drinks with little umbrellas?

Management of data, security and systems for any workforce is an arduous task. The more technical your user base is, the greater this task becomes. This is due in part to an increased reliance on the systems tempered with an equally compounded intolerance for downtime. Protection of these systems from a security standpoint is also harder as users become more technically savvy, and they possess more ways to make your life miserable. As workforces are becoming more technical, the network administrator or CIO faces tremendous pressure for security, accuracy and stability within the network environment.

While worm and denial of service attacks reach the media in overwhelming proportions, it's striking to realize what doesn't get reported is the estimate that 80% of all hacker type attacks come from within an organization's personnel. Damage caused by disgruntled employees and accidental (or accidentally on-purpose) deletions are at the top of the list of such attacks. New legislation puts additional burdens on the network personnel for auditing, logging and other audit trails in some industries such as healthcare and financial sectors. If you have ever spent 48 hours or so going through audit logs to determine who did what at what time, you know that it will make you cross-eyed and weary way before you find your answer. But there are new products, some old products and various policies to assist you in this task.

First, and foremost, there is nothing better than having a clear and concise policy. It is almost impossible to prosecute someone if you have never provided them with any indication that there will be consequences with verbiage such as "violations will lead to disciplinary action up to and including dismissal as well as potential civil and/or criminal charges." You may say that this is nothing more than a lock on a window but it will provide you with an actionable policy. If you do not have such a policy in place, there are means of implementing it after the fact, such as including it in a revised employee handbook, distributing it for signature and disabling the accounts of all who don't sign it (with management approval of course).

Another policy, which should be in place is a solid termination procedure. IT can be the last to know when someone leaves the company. An employee fired on a Friday can wreak havoc over the weekend. In fact, many HR directors will tell you that the best time to fire an employee is on a Monday afternoon, precisely to avoid this potential disaster. IT and security departments should be notified immediately. But this policy falls short of the employee that is still working there and has another job offer, or didn't get his prize in his cracker jacks, or for whatever reason is in a destructive mood. ANY key data store should be linked to notify IT immediately of copy or deletion infringements. Left unnoticed, this can go on for days leaving company information exposed, or worse, in the hands of your competition. Not what you would call a career making move!

There are also software packages that log changes above and beyond your network operating system software. While some more mature network operating systems have full logging abilities that can be turned on and off for various files and users, some operating systems have sketchy logging at best – just about enough to give you a general idea and a LOT of information to sift through. Newer management packages incorporate logging with additional features. These include things like configuration management, instant notification of configuration changes, file access, etc. The best feature is the reporting capabilities, which can make short work out of a breach audit. Another nifty feature that is included in some of the packages is the ability to automatically restore configuration changes, thereby undoing what the user has done.

Another level of software is what is commonly referred to as "spyware." No IT person wants all of the audits for all of the users on their networks. But if impropriety is suspected, it may be an option. This software logs every keystroke, and some will work within any application. Another version captures screen shots at various intervals throughout the day. Use them with caution, however, as you may get more information than you need. You'll want to test the software to be sure it captures what you want. Personally, I am not a fan of spyware, but it can have its place.

Another often-overlooked problem is remote control software and modem lines. It was once a great tool for users to access their desktops from their homes, but for obvious reasons this can create a big hole in your network security. The same can be said for VPN and remote access to servers, switches and routers. I have seen companies implement password files that are copied to all routers, and generic VPN accounts for all remote user access. What a concept! Make sure that no user accounts still exist for users that are no longer there, or that they are disabled. Change passwords frequently so that even if a user shares a password it won't work very long (then slap their little hand).

Wireless LAN security is beginning to be less of an oxymoron and more of a reality. Firewalls are getting better at detecting denial of service attacks, etc. But even the most sophisticated company can fall prey to the pitfalls mentioned above. So is the answer to go out and buy a security appliance? The short answer may be yes. You should evaluate your potential breach points both inside and outside of your company. The concept is much like radar guns and radar detectors, when you plug a security hole, someone will come along with a can of Drano. You need the tools in place help you with this task. Quarterly or even monthly security evaluations should take place for all of your access points. A security appliance can be as effective as virus protection -- provided that it automatically updates its configuration. The greatest mistake I have seen companies make is to put in software, procedures and other security enhancing tools and rest on their laurels thinking that will provide them with security. Their laurels and a dollar won't even buy a good cup of coffee if the security measures aren't updated, enforced and revisited on a regular basis.

Carrie Higbie, Network Applications Market Manager, The Siemon Company
Carrie has been involved in the computing and networking industries for nearly 20 years. She has been involved in sales, executive management, and consulting on a wide variety of platforms and topologies. She has held Director and VP positions with fortune 500 companies and consulting firms. Carrie has taught classes for Novell, Microsoft, and Cisco certifications as well as CAD/CAE, networking and programming on a collegiate level. She has worked with manufacturing firms, medical institutions, casinos, healthcare providers, cable and wireless providers and a wide variety of other industries in both networking design/implementation, project management and software development for privately held consulting firms and most recently Network and Software Solutions.

Carrie currently works with The Siemon Company as the Network Applications Market Manager where her responsibilities include providing liaison services to electronic manufacturers to assure that there is harmony between the active electronics and existing and future cabling infrastructures. She participates with the IEEE, TIA and various consortiums for standards acceptance and works to further educate the end user community on the importance of a quality infrastructure. Carrie is one of the few that chose to work with applications and networks providing her with a full end-to-end understanding of business critical resources through all 7 layers of the OSI model. Carrie currently holds an RCDD/LAN Specialist from BICSI, MCNE from Novell and several other certifications.

This was last published in December 2003

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.