Donald Pipkin's Security Tips for the Week of December 23rd

Donald Pipkin's Security Tips for the Week of December 23rd click to see full-size image

Security Tip for Thursday, December 26th, 2002

Evaluate Insurance for Loss Avoidance

Cyber crime insurance is starting to become available from a number of insurance companies. These policies offer financial protection from specific losses. Currently, most of them are focused on electronic commerce sites and losses from external denial of service attacks. Where these policies address a segment of your business, they should be carefully examined and evaluated to determine if the coverage and the associated risk reduction that they provide are economical, based on the premiums. Insurance should not be forgotten as a very viable part of your complete security solution.

Security Tip for Wednesday, December 25th, 2002

Monitor for Unknown Systems Connected to the Network

The appearance of unknown systems connected to the network can indicate that an unauthorized person has attached a system to the network for malicious reasons, or it can be that someone has upgraded a system or replaced a networkcard. With employee turnover and the common use of contractors, intruders can gain unchallenged access to company offices where they can attach systems to gather information or from which to launch attacks. A strong asset management system and policies that require registration of systems attached to the company network can help manage the corporate resources and reduce physical system intrusions.

Security Tip for Tuesday, December 24th, 2002

Perform a Security Drill

Schedule the next disaster recovery drill to be based on an electronic attack instead of a natural disaster. Test your response procedures when your network is flooded and critical systems have been breached causing you to be uncertain of the integrity of your online information. Can you fall back to offline procedures for critical processes while systems are restored? Can you disinfect all the PCs in the corporation while the network is flooded? Are there out-of-band procedures? Today, these soft disasters have to be evaluated, planned for and tested.

Security Tip for Monday, December 23rd, 2002

Implement Base-line Security Everywhere

A minimum base-line security standard should be established and enforced on all systems. It should define the minimum file permissions and the restrictions applied to privileged users in accordance with defined policies. Bastille can be used on Unix systems to create and implement this base-line standard. It can be run in a non-interactive mode to set a pre-defined set of security policies on a system. Systems should be reviewed to ensure that they remain in compliance with the security base line.

GSO
Written on Saturday, 03 October 2009 20:27 by GSO

Viewed 168 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking Articles  Network Security & Hacking Articles / Subscribe to the RSS feed of Legacy Security Articles  Legacy Security Articles
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus
back to top

Site Search

Disqus Tools