Security Deployment. What To Consider

Full Version: Security Deployment. What To Consider

GovernmentSecurity.org > The Archives > General Network Security

GSecur

Aug 18 2003, 04:36 AM

Security Mechanisms

Security Deployment. What to consider

Before Deploying an effective security mechanism, consider the following:

1. What resources are you trying to protect?

CPU, files, storage devices phone lines, etc.
2. Determine the host-specific security measures needed. Password protection, file encryption, firewall, etc.

Determine who the computer systems must be defended.
Determine the likelihood of a threat.
Implement measures to protect network resource.
3. Consider the corporate budget when planning for Internet Security.

4. Design a Security Policy that describes your organization's network security concerns. This policy should take into account the following:

Network Security Planning
Site Security Policy
Risk Analysis
Risk analysis involves determining the following:

What you need to protect
What you need to protect it from
How to protect it
Estimating the risk of losing the resource
Estimating the importance of the resource
5. Consider the following factors to determine who will grant access to services on your networks:

Will access to services be granted from a central point?
What methods will you use to create accounts and terminate access?
6. Design and Implement Packet Filter Rules

7. Ensure your Firewall has the following properties:

All traffic from inside to outside, as well as outside to inside must pass through the firewall.
Allow only authorized traffic as defined by your corporate security policy be passed through the firewall.
Ensure the firewall is immune to penetration.
8. Educate users about password protection:

Educating users not to use passwords that are easy to guess.
Ensuring the password lengths are adequate.
Running a password guesser.
Requiring the use of a password generator.
Always using a mixture of upper- and lowercase characters.
Always using at least one or two non-alphanumeric characters.
Never using dictionary words or ones spelled backwards.
Never using a portion or variation of a proper name, address or anything that could obviously identify you (the user).
9. Security-related organizations play an integral role in the development and deployment of Internet technologies. Keep abreast of the latest in security-related activities by visiting their Web sites. Here are some key security-rated organizations which aid corporations such as yours in keeping the Internet a safer place to compute:

ACM/SIGSAC at gopher://gopher.acm.org/.

CERT (a 24-hour Computer Emergency Response Team) at: ftp://info.cert.org/pub/cert_faq and http://www.sei.cmu.edu/SEI/programs/cert.html.

CIAC (U.S. Department of Energy's Computer Incident Advisory Capability) at: http://ciac.llnl.gov/

CPSR (Computer Professionals for Social Responsibility) at: http://cpsr.org.home

EFF (Electronic Frontier Foundation) at: http://www.eff.org/

EPIC (Electronic Privacy Information Center) at: http:/epic.org/

FIRST (Forum of Incident Reponse and Security Teams) at: http://first.org/first/

Internet Society at http://www.isoc.org/

--------------------------------------------------------------------------------

Important Internet Security Issues

Authentication:
There are two types of authentication:

1) TCP/IP (such as Telnet and FTP.TCP/IP and

2) Messages, transactions and E-mail that require authentication of source.

Confidentiality:
Encryption provides security for private or secret information included in E-mail, FTP and electronic commerce.

Data Integrity:
Assures that data has not been altered during transmission over the Internet and protects FTP or E-mail files for transmission over the Internet.

Proof of Origin:
Protects against the sender falsely denying sending the data or the recipient from falsely denying receiving the data.

Internet Access:
A gateway may be required to intercept and examine messages from and to the Internet.

--------------------------------------------------------------------------------

Recommended Reading About Internet Security

Actually Useful Internet Security Techniques By Larry J. Hughes, Jr.
New Riders Publishing

Building Internet Firewalls By D. Brent Chapman and Elizabeth D. Zwicky
O'Reilly & Associates, Inc.

Firewalls and Internet Security By William R. Cheswick and Steven M. Bellovin
Addison-Wesley Publishing Company

Internet Firewalls and Network Security By Karanjit Siyan, Ph.D., and Chris Hare
New Riders Publishing

Microsoft® Windows NTT Resource Kit, Version 3.51 Update
Microsoft® Press

Network & Internet Security By Vijay Ahuja, Manager, Network Securities Products, IBM Corporation
Academic Press, Inc.

Practical UNIX® Security by Garfinkel and Spafford

Windows NTT Security Guide By Stephen A. Sutton
Trusted Systems Services, Inc.

Practical Unix & Internet Security
O'Reilly & Associates

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.