Quick Overview
There is no such thing as a quick overview of security. Security can be a huge undertaking when there is no security. Do YOU need security? Here are some questions to ask yourself.
What will your users/customers expect in the way of security?
Will you loose customers if security is not taken?
How much down time has occurred due to security incidents?
Are you concerned with inside threats?
How much sensitive information is on-line?
What if the information was stolen or compromised, what is the loss to the company?
Do you need different levels of security?
Do you support dangerous network services?
Are there security guidelines, regulations that you are required to meet?
Do business requirements take precedence over security where there is a conflict?
How important is confidentiality & integrity to the company?
Are these security decisions consistent with the business needs of the company?
Security Levels
Several levels of security involves physical security, network or protocol security, application security, and human security.
Favorite Exploitations
1. vendor programs like sendmail, Notes mail
2. cgi-bin vulnerabilities
3. email bombing / spamming
4. anonymous ftp
5. mis-configured firewall
a. user usually have phone lines at the desk thereby bypassing any protection when dialing in or out
b. services destined for internal hosts (ftp, tftp, http, sendmail) left unscreened
c. logs not reviewed
Security problems that plague the internet
1. don't install vendor patches for known security problems
2. don't dedicate resources to security needs
3. security procedures are not enforced
4. no monitoring or restriction on internal hosts
5. no dialup or remote access measures
6. password exchanged unencrypted
Security Requirements
For a proper security program to work well the following needs to be in place:
1. management backing needs to be in place
2. security infrastructure must be in place
3. well defined security philosophy including defined security policies and procedures
4. security awareness training program
5. strong information network and flow of information
A security admin should do:
1. monitor / test systems for holes
2. review logs and audit daily
3. stay current on new exploitations
4. provide training and guidance
A network security program should involve the following:
1. firewalls to control traffic at key subnet gateways
2. virtual private lans
subnet that supply group wide connections over insecure infrastructure
3. secure remote access
4. scanners / sniffers / monitors
5. routers
A router finds the best path between two networks in which to send packets of data toward their destinations. It opens each packet of data to find its destination and uses a set of routing tables to determine the next hop in the transmission path. a router also provides special services for the packets, such as authenticating data or reserving capacity for a packet that takes precedence over other packets
6. switches
A switch creates a dedicated circuit between two points on which to transmit data. The dedicated link removes contention for bandwidth among multiple transmissions and effectively removes multiple hops between end points. a switch typically forwards data faster than a router because a switch needs no extra time or power to examine each data packet in a transmission. a switch also can apply special services to the links rather than to the packets
Conclusion
Remember that security has many layers from physical - hardware security to network security software packages to application identification and authentication to auditing by account / program to resource access / restriction. Which levels of security you implement and how far you go to implement those levels should be determined by simply reviewing your answers to the questions in the beginning.