Flylib.com

Books Software

 
 
 

Category list


Similar pages

Final Words


Buy on amazon.com >>
McCarthy L.
    << Previous page
    Table of contents
    Next page >>

    Final Words

    In today's hyperconnected business environment, external connections have become as much a part of business structure as telephones, overnight deliveries, and cubicle walls. You can no longer assume that your partner will put the proper controls in place. You must agree on a secure architecture, proper implementation, and testing.

    McConnell Drugs trusted that JFC would put the proper controls in place—controls that would protect both JFC's and McConnell Drugs' data. That trusted handshake could have destroyed McConnells' data and reputation, and JFC could have wound up in court . McConnell's employees could have easily pulled down bad code containing a Trojan horse, worm, or virus.

    If you're still wondering just how bad a virus attack could be, you are one of the lucky ones. The 2002 CSI study found that 85 percent of the respondents had detected viruses. Not surprising given the speed at which the newer strains spread. As CERT's "Overview of Attack Trends" pointed out, "Tools like Code Red self-propagate to the point of global saturation in less than 18 hours." And the cost? Computer Economics reported the total cost of Code Red, and its cousin Code Red II, at a staggering U.S. $2 billion.

    External connections are a big problem and are difficult to manage. Do you know how many modem connections your company has? Are your engineers allowed to install modems in the engineering lab where your source code is stored? If you don't know the answers to these questions, you could be in for a big surprise.

    Sadly, even companies with strong legal and moral incentives to control access are often found wanting. A security audit at one such site, a large hospital with plenty of incentives to protect access to sensitive patient files, found 75 unauthorized modems on site. In nearly each case, a physician or administrator with enough clout had found a way around the policy against external connections. To be useful, security policies must apply to everyone, not everyone else. Easily skirted policy rules aren't worth the paper they're printed on.

    Protecting your system from attacks requires more than a wing and a prayer. It takes training, determination, and a strong commitment to control access to your systems. In analyzing your company's access control, make sure that the rules are really rules and not guidelines that employees feel free to ignore at the slightest inconvenience.

    Chapter 5. Security Training

    There has always been a sizeable gap between what is written about security and what actually happens in the real world—no one ever talks about the last time they were broken into, when they had a significant security incident, the multitude of problems that the last security audit found, or the unpleasant fact that their organization's security policy doesn't exist.

    Dan Farmer, Security Researcher

    You're moving up the chain of command fast. Not because you're buddies with the CEO, but because you have ground-breaking brilliant ideas that continue to place your company in front of the competition. You're not arrogant . You're confident, strong, and have vision. Clients who want things done with superior results put you on the job because you have a Ph.D. in results!

    Over the past few months, your ideas have been flowing like a river . At work, you don't give it a second thought as you store your brilliant business ideas, development plans, key investments, and takeover strategies on your powerful desktop computer.

    Just this morning, your receptionist informed you that she completed your presentation for the board of directors. You thank her and think to yourself how lucky you were to get such a brilliant MBA summer student as your assistant. You log out of your system, pick up your presentation, and head to the board meeting.

    What you don't know is that your lovely MBA summer student is clandestinely collecting all of your brilliant ideas and company secrets. She's a spy! On top of that, she's a world-class underground security expert and could strip the information on your systems bare without leaving a shred of evidence of her presence. You'd be left with no clue that she walked right through the front door of your computer and ripped off your ideas.

    As a corporate spy, your receptionist sells competitive information for cash. This time, she didn't have to work very hard for that cash. Your system administrators set up the systems so that anyone could easily read, modify, destroy, or steal the data on your network. They didn't bother enabling auditing or intrusion detection, so no one will ever even know about the security breach. Sound like a movie of the week? Don't be fooled.

    Like most people, you've always considered your corporate network a safe haven for your information. Unfortunately, the key to keeping that haven safe is good training, and few people responsible for security get that. Just consider...


    Buy on amazon.com >>
    McCarthy L.
      << Previous page
      Table of contents
      Next page >>

      Similar products

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy