Security is often described in an Internet and technology-centric fashion. But how do these threats get into enterprise networks, and what techniques are available to implement an enterprise security policy? How do people, advertently or inadvertently, create entry points for these threats, and what are counter measures can you take?
The Internet Hacker and the Traditional Perimeter
The most visible perpetrators of security attacks are Internet hackers. The threats take many forms including Denial of Service (DoS) attacks, worms, viruses, phishing carried in e-mail, etc... The list goes on. Experts tell us that the motives vary: fame, a socio-political agenda, a technical challenge, notoriety, and monetary gain. The counter measures include firewalls at the perimeter of the Internet; robust endpoint security; threat protection and intrusion prevention translating industry knowledge into network action; and anti-virus software.
The Office Worker and the Hazards of the Job
Employees who work predominantly in the office represent a much less obvious entry point for attacks. However, in the course of doing their daily jobs, these users send and receive e-mail and IMs, and surf the Net. As a result, they may inadvertently bring in viruses, worms, and spyware, and be set up as agents for external hackers, ready to infest other internal users or participate in a distributed Denial of Service attack. For example, 80 percent of users, when presented with a certificate authenticating the source of a file to be downloaded, have no idea what constitutes a valid certificate authority and what does not, and thus expose themselves and the enterprise to potential attacks. A number of counter measures are available including establishing corporate policies about personal use or user training to increase security awareness and to discourage risky behavior, such as opening attachments from unknown senders or downloading applications from the Internet. PCs should run antivirus and personal firewall software, and endpoint security should be deployed to ensure PC applications and security software are up to date before any user is allowed to connect to the network.
The Mobile Worker and the New Perimeter
The proliferation of mobile devices has redefined the very notion of perimeter, given that these devices can one minute be connected to a home network, a wireless hot spot or hotel Ethernet service, and the next be connected to the enterprise network, carrying with them whatever worms, Trojans, viruses, and spyware that they have picked up. In addition to employee training and endpoint security, remote users should use SSL or IPSec VPNs to secure voice and data traffic. The success of Blackberry is a testament to the value of a holistic end-to-end approach to secure mobility. While wireless LAN (WLAN) standards such as 802.11i can protect user traffic, many enterprises opt to use VPN technology to provide a consistent user experience.
The Disgruntled Employee Accounting for 60% of Losses
FBI studies indicate that the majority of financial loss is the result of employee action. Counter measures include bringing together endpoint security and policy management to control who has access to which applications and data and from where such access is allowed, and to allow these to be updated in real time. Furthermore, eavesdropping by these individuals to obtain usernames, passwords, and critical data can be minimized through the application of VLANs (Virtual LANs), techniques such as ARP (Address Resolution Protocol) spoofing prevention, WLAN rogue Access Point (News - Alert) detection, and end-to-end encryption.
The IT Specialist Hacking From the Inside
IT staff represent a class of potentially disgruntled employees who may have physical and logical access to network devices and application and database servers. Role-based administration, effective audit logs (who did what and when), and configuration control/tracking are all important counter-measures. Encryption of critical stored and transmitted data (e.g., credit card numbers, passwords) is likewise critical and must be aligned with enterprise policies and privacy regulations.
The Victim of Social Engineering
People can inadvertently create vulnerabilities, by disclosing security-related information, such as passwords, or by letting non-employees or non-authorized employees into restricted areas, perhaps while assisting someone in apparent need. A lot can be done with employee training and ongoing awareness programs, but technology can help as well. Common identity management techniques and single or multi-factor sign-on can simplify an employeeï¿½s life and deter him or her from having to write down a plethora of user names and passwords.
People are either the explicit causes of security attacks or are, at least, unwilling accomplices. While a layered defense approach to security (using different approaches at different parts of the network) can help minimize the impacts of attacks and protect critical assets, employee training and enhanced awareness are equally critical elements of a unified security framework that meets enterprise security policy requirements. IT
Tony Rybczynski is Director of Strategic Enterprise Technologies at Nortel (News - Alert). He has over 30 years experience in the application of packet network technology. Brad Black is a Senior Security Specialist at Nortel and has 13 years experience in network security and engineering and IT management. For more information, please visit the company online at www.nortel.com.
If you are interested in purchasing reprints of this article (in either print or PDF format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.