Protecting Information Technology

Once you have your security policy in place, you should be able to protect your information technology. One way of doing this is improving your security—staying on top of the day-to-day security issues. As information technology is never stagnant, your maintenance should not be either. In addition to basic maintenance, encrypting your network connections and even your data can make your information technology secure.

Also, it is important to regularly test your network security. You can do this through various tools to make sure your defenses are sufficient. In order to do this, make sure you have a clear understanding of how the tools work as well as their possible adverse effects.

Improving Security

The fourth phase in the Security Wheel is that of improving security. In addition to securing your network, setting up monitoring, and performing vulnerability testing, you need to stay abreast, on a weekly or even daily basis, of current security news, primarily consisting of new vulnerability reports. Waiting for a particular vendor to alert you to new vulnerabilities is not enough; you also need to subscribe to third-party mailing lists such as Bugtraq (www.securityfocus.com) or Security Wire Digest (www.infosecuritymag.com). Also important is verifying configurations on key security systems on a regular basis to ensure that they continue to represent your current policy. Most important of all, the four steps of the Security Wheel must be repeated continuously.

Protecting the Servers

File servers on which sensitive data is stored and infrastructure servers that provide mission-critical services such as logon authentication and access control should be placed in a highly secure location. At a minimum, servers should be in a locked room to which only those who need to work directly with the servers have access. Keys should be distributed sparingly, and records should be kept of issuance and return.

If security needs are high due to the nature of the business or the nature of the data, access to the server room could be controlled by magnetic card, electronic locks requiring entry of a numerical code, or even biometric access control devices such as fingerprint or retinal scanners.

Other security measures include monitor detectors or other alarm systems, activated during non-business hours, and security cameras. A security guard or company should monitor these devices.

Keeping Workstations Secure

Many network security plans focus on the servers but ignore the risk posed by workstations that have network access to those servers. It is not uncommon for employees to leave their computers unsecured when they leave their offices for lunch or even when they leave for the evening. Often a workstation in the receptionist area is open to visitors who walk in off the street. If the receptionist manning the station must leave briefly, the computer—and the network to which it is connected—is vulnerable unless steps have been taken to ensure that it is secure.

A good security plan includes protection of all unmanned workstations. A secure client operating system such as Windows NT or Windows 2000 (unlike Windows 9x) requires an interactive logon with a valid account name and password in order to access the operating system. In addition, it allows a user to "lock" the workstation when he or she will be away from it, so someone else can't simply step up and start using the computer. Some degree of security can be provided for Windows 9x clients by using password-enabled screensavers, although savvy intruders can bypass this form of security by rebooting the computer.

Don't depend on access permissions and other software security methods alone to protect your network. If a potential intruder can gain physical access to a networked computer, he or she is that much closer to accessing your valuable data or introducing a virus onto your network.

Ensure that all workstation users adhere to a good password policy, as discussed in the section "Designing a Comprehensive Security Plan" later in this chapter.

Many modern PC cases come with some type of locking mechanism that will help prevent an unauthorized person from opening the case and stealing the hard disk. Locks are also available to prevent use of the floppy drive, to prevent copying of data to a diskette, or to prevent rebooting the computer with a floppy.

Protecting Network Devices

Hubs, routers, switches, and other network devices should be physically secured from unauthorized access. It is easy to forget that merely because a device doesn't have a monitor on which you can see data, that doesn't mean the data can't be captured or destroyed at that access point.

Securing the Cable

The next step in protecting your network data is to secure the cable across which it travels. Twisted-pair and coaxial cable are both vulnerable to data capture; an intruder who has access to the cable can tap into it and eavesdrop on messages sent across it. A number of companies make such "tapping" devices.

Fiber optic cable is more difficult to tap into because it does not produce electrical pulses but instead uses pulses of light to represent the 0s and 1s of binary data. It is possible, however, for a sophisticated intruder to use an optical splitter and tap into the signal on fiber optic media.

Compromise of security at the physical level is a special threat when network cables are not contained in one facility but span a distance between buildings. There is even a name for this risk: manhole manipulation, a term that refers to the easy access intruders often have to cabling that runs through underground conduits.

Cable taps can sometimes be detected using a TDR or optical TDR to measure the strength of the signal and determine where the tap is located.