A Reason for Policy: Hackers    



In the real world, a thief can only check so many doors in day. The interconnectivity of the Internet allows a criminal to check many times that number in an hour. And, they are not restricted to any single geographical location making things even worse. Add to that, many countries do not cooperate in the prosecution on cyber-criminals. Giving the cyber-criminal a freedom not shared by their real world counterparts to commit crime.

Organizations and people go to great lengths to protect their real world assets. Door locks, security guards, cameras, smoke detectors, and fire drills are just a few of the items on the extensive list of physical security efforts.

On line should be no different.
The first step to on line protection is to think about and document what could happen. Typically these efforts result in disaster recovery and incident response plans. Policies focusing on the building, maintaining and usage of systems for connecting to the public Internet should follow. These policies should be clearly written, easy to understand and well distributed throughout the organization. Organization in this case includes family.

Security is not just for corporations.
The point of IT security is to protect the digital assets of a company and as we are talking about assets, policies should be vetted by upper management as in the end this is about business. Policies should provide staff with direction in the event of an incident or disaster. Consider the fire route signs in your office; this is no different.

Items to consider when you are writing your security incident response policy: - What access do we continue to allow
- What are the steps to be taken during an attack
- What actual damage was done
- Who should we tell - are there legal or contractual responsibilities here
- How do we stop this from happening again
- What is the source for this attack and are there consequences to the source of the attack

The proper management of systems is essential to mitigating risk and thus improving your chances of not having to deal with a security incident.

Once again we should turn to policy.
Items to consider when you are writing your systems management policy: - Who is responsible for a system (this includes aspects such as hardware, software, and security)
- Who do the responsible people report to (auditing and accountability are a must)
- Is there a set schedule for security patches
- How long are log files kept
- How is the system back up performed and checked
- What kind of connections are permitted
- What kind of passwords are required

IT policies are not simply rules and regulations
They are guidelines towards providing an environment that meets the business needs of the organization.

If you fail to plan, then you plan to fail

This is pretty simple. Awareness is the answer here. The main indicator that something is going on is change. Changes in drive consumption, network activity, and security levels on user accounts or applications are all good indicators that something is amiss.

Monitoring your environment can be a challenge. Demands from management and users are typically given priority over system up-keep and status checks. Therefore finding automated ways to manage systems is essential.

Here are some of the tools already out there:
- Tripwire, for servers (Windows and Unix based, as well as routers)
- Logwatch, for Linux based systems
- Microsoft System Center Operations Manager, for MS Windows-based servers
- IDS/IPS for your network traffic
- Log file alert software

Understanding how your systems behave under normal conditions will allow you to define the criteria for when things are not normal; just like when your car starts to make a funny noise.

Originally published January, 2008
Fragment - Current Release


Articles
Administration

IT Roles and Responsibilities
App_Sec
BCP STATS
On Passwords
Spending Enough
Planning to Fail
Living With the Enemy
A Reason for Policy
Mission Critical Messaging – Do you have a policy
Globalizing the SMB
High Availability: People and Processes
Case for Project Management
Risk Management
Networking

On Routing
VLAN Tutorial
IPs 4 Golden Rules
WAN Technology primer
DHCP Primer
Your Head in the Cloud(s)
DNS: Terms and Process
VPN Surfing Challenge
Network Slowdown
Importance of Time
High Availability: Technologies
Security

Spammers Go Full Circle
Beyond the Lock
The Guardian at the Gate
A Web of Trust
Data Breach Notification
Misc

Electricity Primer
Documentation-101
Data Control
Open Source in the Enterprise
Closing the Loop
Helping IT to help you
Your ICT Keystone

eSubnet Services

Contact us regarding your network,
security and Internet services needs




All content © eSubnet 2003-2017
ESUBNET ENTERPRISES INC. TORONTO CANADA