13.8 PERIMETER SECURITY

Previous page
Table of content
Next page

13.8 PERIMETER SECURITY

Securing the perimeter of an organization is critical in insuring security. If the perimeter is not secured, the number of potential attacks increases from those who have physical access to computers on a network, to anyone in the world who has Internet access.

There are a number of facets to perimeter security. Methods should be combined to provide defense in depth.

Firewalls and Antivirus solutions are the most popular methods for implementing perimeter security.

  1. Firewalls-Firewalls implement policy on what types of traffic are allowed in and out of a network. They are used to specifically prohibit certain services to specific hosts (such as not allowing SQL server traffic in to the network to head of the SQL Slammer worm).

  2. Antivirus-Antivirus can run on servers, workstations and mail servers to detect, prevent and remove programs on computers with malicious intent.

Even though firewalls and antivirus are the most popular, they are not effective in preventing attacks. According to the FBI computer crime study for 2002, 80% of organizations employ both a firewall and antivirus. Of that 80%, half of them have had their perimeter security breached.

  1. Network intrusion-Network intrusion products evaluate network traffic at each packet to determine if it contains malicious content. There are two flavors to network intrusion functionality. The first is intrusion detection. This will inform an administrator if malicious traffic is passing on the network so that they can respond to it via reconfiguration of the network. The second is intrusion prevention, which stops the malicious traffic automatically without requiring a network administrator to act.

  2. Host intrusion-Host intrusion products evaluate actions by applications on a computer to determine if it is malicious or not. This is different from network intrusion in that it looks at both network events and events that are not on the network, but only for the hosts in which it is loaded. Host intrusion can be implemented in both detection and prevention mode as well.

  3. Virtual private network-Virtual private networks are implemented to allow business partners and remote employees access to the internal network via an authenticated and encrypted communication channel. Extra attention should be given to these connections to be sure they are secure. Many organizations have been compromised at the network perimeter via attackers taking control of an employees personal machine at home (which is generally much less secure than computers controlled by the healthcare organization), then using it's VPN connection to attack their employer. Authentication of VPN users should employ strong and multifaceted authentication (such as password and token).

  4. Vulnerability assessment-Vulnerability assessment tools will search the network and report on known vulnerabilities in applications due to bugs in the applications and misconfiguration of the applications. This allows network administrators to close these holes so that they cannot be exploited by attackers.

A combination of these methods should be utilized as appropriate to secure the perimeter on the network.

Security policy implementation in the area of perimeter network security is discussed here: firewalls, antiviruses, IDS and IDP systems.



Previous page
Table of content
Next page
HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
Year: 2003
Pages: 181
BUY ON AMAZON
Qshell for iSeries
Oracle Developer Forms Techniques
Visual C# 2005 How to Program (2nd Edition)
Introduction to 80x86 Assembly Language and Computer Architecture
PMP Practice Questions Exam Cram 2
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy