Control & Limit Your Secrets
Most security is based on and required by secrets. Passwords and encryption keysSNMP community strings, for exampleare secrets. Too often, though, the secrets are not really all that secret. The most important part of keeping secrets is knowing the areas you need to protect. What knowledge would enable someone to circumvent your system? You should jealously guard that knowledge and assume that everything else is known to your adversaries. The more secrets you have, the harder it will be to keep all of them. Security systems should be designed so that only a limited number of secrets need to be kept.
Remember Human Factors
Many security procedures fail because their designers do not consider how users will react to them. For example, because they can be difficult to remember, automatically generated nonsense passwords are often found written on the undersides of keyboards. For convenience, a secure door that leads to the systems only tape drive is sometimes propped open. For expediency, unauthorized modems are often connected to a network to avoid onerous dial-in security measures.
If your security measures interfere too much with the essential use of the system or network, those measures will be resisted and perhaps circumvented by resourceful users. To get compliance, you must make sure that users can get their work done, and you must sell your security measures to users. Users must understand and accept the need for security. Communication with users is essential here because if users understand the business reasons behind your security measures, they will be more open to accepting them. No matter how hard you try, there will be users who will still try to get around your security.
Any user can compromise system security, at least to some degree. Passwords, for instance, can often be found simply by calling legitimate users on the telephone, claiming to be a system administrator, and asking for them. If your users understand security issues, and if they understand the reasons for your security measures, they are far less likely to make an intruders job easier.
At a minimum, users should be taught never to release passwords or other secrets over unsecured telephone lines (especially cellular telephones) or electronic mail (e-mail). Users should be wary of questions asked by people who call them on the telephone. Some companies have implemented formalized network security training for their employees; that is, employees are not allowed access to the Internet until they have completed a formal training program. This is helpful in raising awareness in a user community, and it should be reinforced with a written security policy for your organization that is accessible to every user. One last point to make is that you should never violate your own security procedures, no matter how tempting it is to do so!
Know Your Weaknesses
Every security system has vulnerabilities, and identifying them is no place for egos but rather honesty and directness. It is sometimes very helpful to get another set of eyes to assist you in reviewing the network for weaknesses.
You should be able to understand your systems weak points and know how they could be exploited. You should also know the areas that present the largest danger and prevent access to them immediately. Understanding the weak points in your network is the first step toward turning them into secure areas.
Limit the Scope of Access
You should create appropriate barriers inside your network so that if intruders access one part of the network, they do not automatically have access to the rest of the network.
As with many things, the security of a network is only as good as the weakest security level of any single device in the system. Having a layered approach to security will certainly slow down an intruder and allow his or her detection. Having a nice big lock is good, but if that lock is your only line of defense, then you might want to consider adding motion sensors, a dog, outside lights, a home security system, and nosey neighbors! A rather simplistic analogy, but my point is that it is always harder to be a criminal when there are many barriers to overcome.
Understand Your Environment
Understanding how your system normally functions, knowing what is expected and what is unexpected, and being familiar with how devices are usually used, will help you to detect security problems. Noticing unusual events can help you to catch intruders before they can damage the system. Auditing tools can help you to detect those unusual events.
Auditing tools are very useful, though you will also want to ensure that there are methods for you to receive alarms when there is an attempt to violate or bypass the security measures in place. The thought here is that it is better to know it is happening before you lose something than to have to go back and audit the crime; its an ounce of prevention!
Limit Your Trust
You should know exactly which software or hardware you rely on, and your security system should not have to rely upon the assumption that all software is bug-free. Learn from history by not reliving it, and remember to question everything!
Remember Physical Security
Physical access to a workstation, server, or router usually gives a sufficiently sophisticated user total control over that device. Physical access to a network link usually enables a person to tap that link, jam it, or inject traffic into it. It makes no sense to install complicated software security measures when access to the hardware is not controlled.
Security Is Persuasive
Almost any change you make in your system might have security effects. This is especially true when new services are created. Network engineers, system administrators, programmers, and users should consider the security implications of every change they make. Understanding the security implications of a change is something that takes practice. It requires lateral thinking and a willingness to explore every way in which a service could potentially be manipulated. Intelligent changes are good and can be judged accordingly; however, quick or ill-considered changes can often result in severe security problems.