When a company first sets out to create a network security plan, there are usually two questions asked: Where should we start, and what is the most important part of the network? The answers depend on many factors, and the answers are different for every network. Generally speaking, one person, or department, will not be able to answer both of these questions and one department should not develop the network security policy. The network security policy, as all security policies, should be disseminated through the CIO, and should be approved by the legal department and signed off on by the heads of all other departments. Network and server administrators may be called on to develop the first draft of the policy, but it is up to senior management to finalize, implement, and enforce the network security policy. There are some questions administrators can ask to begin the development of the corporate network security policy. 1.2.1 How Sensitive Is the Data?Any business has confidential data. Whether it is the customer database, proprietary software, a product design, or some other sensitive data, there is undoubtedly something that has to be protected. Such data should always be your first priority when developing a security strategy. In some cases, especially for companies that deal with medical or financial records, there are legal ramifications for not properly securing this data. Of course, core data is useless if no one can access it. Second to protecting the core data is protecting the means by which people within an organization, or customers, access that data. The lines of communication to data ”the network ”have to be kept available. In addition, employee phone lists or human resource records, important data but not as critical, need to be protected. The protection for this information does not need to be as draconian as the measures you should take for your core data, but it absolutely must be in place. The involvement of the CIO and other groups is necessary at all levels of network security. One group cannot be sure how to rank the various databases within an organization. Someone from senior management will need to assign ranks to all data sources, so it can be determined how limited resources should be deployed. Of course the less sensitive the information is, the more difficulty there is in securing it. Employee phone lists generally need to be accessed by other people within the company, and an internal website is probably available to everyone. In some ways, the more available the data, the harder it is to secure. It is easy to prevent anyone from accessing information. It is harder to allow only certain people to access information, and enforce those access restrictions. 1.2.2 Secure Your ServersThe first step in securing your corporate data is to secure the servers where the data is stored. How you go about securing a server depends largely on what operating system you are running. There are some guidelines, however, you can follow that apply to any operating system and any server, no matter what its function. These steps are discussed in greater detail in Chapter 12, but this should give you a good overview. There are two levels of server security: access to the server and environmental control. Access covers who can access the server and how they can do it. Environmental control covers the level of access that users can have ”what they can do once they are on the server. These two types of server security are intertwined. If good access policies are enforced, but all users are allowed access to system files after they have logged onto the server, a security breach is waiting to happen. Should an attacker gain access he or she would have no limitations on what he or she could do to the server. A server access policy should:
Once a user has access to a server, there should be environmental limits that prevent users from gaining unauthorized access to system files or secured data. A good environmental control policy will include:
These steps are a good start toward securing your server, and protecting the data on those servers. 1.2.3 Secure the NetworkOf course, the sooner you can stop a potential intruder, the better. This is especially true when dealing with server attacks. Ideally, you would like to prevent a potential intruder from ever reaching your server. Later parts of this book discuss strategies for securing your network in detail. Here are some useful guidelines that should be implemented on any network to help stop attacks:
These are general guidelines that should help administrators start forming a network security policy that works for an organization. As the book progresses, the policy can be refined. 1.2.4 Monitor it AllNever be complacent when it comes to network security. No matter how great the security measures taken, the fact is that a skilled and determined hacker will probably find a way into your network. If that does happen, it is best to know about it quickly, and be prepared to stop it. To do that, monitor everything on the network. Anything that may be deemed as suspicious has to be brought to your attention. Monitoring is discussed in detail in Chapter 16. In addition to monitoring, extensive logging of network activity should take place. It is unrealistic to expect the administrator's staff to have the time to scour hours of log files every day, but if an incident does occur, good, uncorrupted log files will be essential in tracking down how security measures were breached, and in trying to track down the attacker. At that point, you will be grateful for extensive logging. A good monitoring strategy involves collecting a lot of data, and recognizing patterns within that data that may resemble attacks. These patterns generate an alarm, which will allow administrators to manually investigate the network or servers, and determine if there really is an intruder, or if it is simply a logging anomaly. Some security experts advocate the use of honeypots as part of a monitoring strategy. A honeypot is a system that is intentionally left open to attract potential intruders. An attacker takes the bait and tries to break into the system. All interaction with the system is extensively monitored , and the honeypot becomes a tool to help network administrators learn more about security flaws in their system. |