Security is
generally regarded as a cost, rather than a
revenue generator. The return on investment
is not readily apparent and is often
difficult to quantify which generally causes
a problem when it comes to budget
allocation.
It is often necessary to
look at the bigger picture for example,
remote authentication enables employees to
securely access the network away from the
office therefore improving flexibility and
in turn the effectiveness and profitability
of the organization.
It is necessary to
authenticate the identity of users and
computers, maintain an appropriate level of
network service operations and optimal
network performance.
There are four
main security objectives:
- Authentication -
Proving identity to gain access.
- Integrity - Ensuring
only authorized personnel can amend
data.
- Confidentiality -
Restricting data access.
- Non-repudiation -
Decisive tracking of actions to a
specific user.
Benefits of
Orange County Network
Security:
- Increased
productivity. Limit or eliminate access
to non-critical resources addressing
potential security issues and improving
productivity.
- Improved visibility
and control. Know who is connecting to
the network, how they are connected and
what they are accessing.
- Be pro-active. Stop
security breaches before they happen or,
at worst, quarantine attacks in order to
minimize disruption.
- Legislative
compliance. Deploy security procedures
and solutions to address the legalities
associated with use of e-mail and the
Internet.
- Control and
management. Set strategic levels of
security ensuring that the right people
have the right level of access at any
one time, and have the ability to amend
this instantly, for example when people
leave the organization.
- Better use of IT
resources. Monitor and manage spam and
unauthorized web browsing ensuring
adequate bandwidth for mission-critical
applications.
- Data protection.
Control the flow and content of data in
and out of the organization protecting
client, supplier and organizational
confidentiality.
Authentication
Controlling who has access
to what data is a central theme of
information
Network security. Security built around
passwords is too easy to defeat. User
authentication becomes even more important
when the user is remote. Whether users are
dialing in from home into a RAS solution or
using a
VPN connection these links provide
the single most vulnerable link into a
network. If an electronic identity can be
faked the connection will provide an open
path in the system.
Strong authentication
addresses any of the vulnerabilities of
single authentication. Furthermore, this
stops an authorized user accidentally
accessing another user's resource and allows
that administrator to track all events
linked to each individual user where
necessary.
Strong authentication can
be achieved by incorporating more than one
means of authentication: Something you have.
Something you know. Something you are.
IDS - Intrusion Detection
System
Intrusion
Detection Systems are designed to alert
system managers to potential trouble whether
it is from an internal or external source.
Commonly attackers make a tentative probe
first, wait to see if it is detected and
then home in on a subsequent attempt. IDS is
an intelligent system that reads and
interprets the contents of log files from
routers, firewalls, servers and other
network devices to identify the type of
traffic on the network and network activity
patterns. The IDS responds to alerts by
raising an alarm, activating an automatic
response action to limit potential damage
and attempts to identify the intruder and
correlate evidence of activity.
The main types of
IDS:
-
Network-based
- looks for attack signatures and
monitor network backbones.
-
Host-based
- defends and monitors the operating and
file systems.
-
Application-based
- monitors only specific applications.
-
Signature-based
- looks for patterns in events specific
to known attacks.
-
Anomaly-based
- looks for anomalies in network
activities that may indicate attacks.
Firewall
A perimeter security
measure permitting only authorized LAN
access to and from the Internet. Access can
be administered according to job description
and user requirements rather than a 'one
rule suits all' basis.
The firewall analyses the
traffic routed between the network and the
Internet, both inbound and outbound, against
set access criteria. Non-compliant traffic
is stopped.
Firewalls fall into four
categories: packet filters, circuit level
gateways, application level gateways and
Statefull multilayer inspection firewalls.
-
Packet filtering
firewall
- Operating at the Network layer of the
OSI analyzing each packet is against a
pre-determined set of criteria before
being forwarded. Once analyzed the
firewall can drop the packet, forward
it, or send a message to the originator.
-
Circuit level
gateways
- Operating at the Session layer of the
OSI. TCP handshaking between packets is
analyzed to determine the legitimacy of
requested sessions. Packets are not
filtered by circuit level gateways.
-
Application level
gateways (proxies)
- Application specific, filtering
packets at the application layer of the
OSI model. An application level gateway
that is configured to be a web proxy
will not allow any ftp, gopher, telnet
or other traffic through. User activity
and logins and also be logged.
-
Stateful
inspection firewall
- A combination the other above
firewalls. Packets are filtered at the
network layer to determine whether
session packets are legitimate and
contents of packets are analyzed at the
Application layer. Algorithms identify
and process application layer data as
opposed to application specific proxies.
Anti-Virus
Anti-virus searches for
any known or potential viruses. New viruses
emerge at an increasing rate and old viruses
remain a threat to poorly updated systems.
A good anti-virus
will:
- Detect and quarantine
viruses before reaching the internal
network and servers.
-
Protect workstations
and servers against viruses with regular
signature updates.
- Check for viruses in
attachments as well as in the body of
emails.
- Be capable of
identifying suspicious file types and
virus-like signatures in addition to
known viruses.
- Provide the option of
excluding file types most likely to be
virus carriers.
Emails present a wide
range of risk, notably the leakage of
sensitive information and potential legal
liability for employee email conduct.
A good email
security solution will:
- Be based on a clear
internal email usage policy.
- Identity and remove
viruses at the point of entry to the
network whether within an email body or
attachment.
- Identify and
quarantine suspect file types and any
mismatches between file suffix and
content.
- Implement
user-defined policies to control the
release of company data as email
attachments.
- Enable unwanted email
sources and addresses to be blocked.
- Attach legal
disclaimers to all outgoing messages.
- Protect against spam
and spoof attacks.
- Provide detailed
analysis and management reports.
Web access control
To get the greatest
business benefit out of the internet users
need desktop access. However, personal web
browsing and web-based email needs to be
managed so as not to compromise the
organization in any way.
To this end web access
control is more than just blocking web
addresses and protecting from web-borne
viruses. It is necessary to administer
access rights at user level.
Access can be allowed,
denied or limited by time-based quota
according to policies applied to users,
workgroups, computer or the entire network.
Policies may be set for web address,
specific file types and are often associated
with a database of inappropriate websites
such as gambling, chat sites and sites with
pornographic content.
