Chapter 2: Identifying and Designing for Potential Security Threats

Overview

New threats appear on the Internet all too often. Rarely does a week pass without reading about a new worm, virus, or some other type of security threat that will attack a network. It may seem as if Microsoft products are the ones with the most holes. Actually, most attacks target Microsoft products because Microsoft products are the most popular. A virus that exploits a Eudora mail client will affect not nearly as many people as an attack that exploits Outlook will affect. And because of Microsoft’s popularity, the press pays more attention when a vulnerability in a Microsoft product has been exposed. If you manage a network, especially a targeted one like a Windows network, security is one of the most important issues that you will face.

As a security administrator, it is your job to predict and respond to attacks. If you make the assumption that all users accessing your network are trying to breach your security infrastructure, you will have a significant leg up against a true attacker. You must learn how to visualize the attacks that are most likely going to come your way. You will accomplish this by having strategies in place to detect, respond, and remove threats and attacks against your organization.

In this chapter, you will learn how to predict the threats to your network. You will be introduced to the different types of attacks. You will also learn how to design a process that will be used to respond to these attacks should they occur. You will learn how to design segmented networks to keep your assets more secure by making them inaccessible from an insecure network. Finally, you will learn how to design a process for recovering your services.