13.2 Threat Assessment

 < Day Day Up > 



Threat assessment begins with the assumption of a potentially hostile environment, where intruders are passively or actively trying to breach network security. Passive intruders may browse through sensitive data files, monitor private conversations, or intercept e-mail messages. Active intruders, on the other hand, are malicious and seek to destroy information, deny others access to network resources, and introduce false data or unauthenticated messages onto the network. This type of intruder may even seek to destroy programs and applications by introducing viruses or worms into the network.

To determine the threat level faced by the enterprise, the IT department must conduct a comprehensive vulnerability analysis, starting with a port scan of all network resources. A port is simply a place where information goes into and out of a device on the network, like a router or computer. Left unguarded, a port is a door through which a hacker can enter and, from there, gain access to other resources on the corporate network.

After submitting the network to a battery of tests, sometimes using hacker tools, the findings are displayed in summary and detail form. Depending on the tool used, each discovered vulnerability can be assigned a score, indicating the level of risk. Reports can be prioritized so that all of the highest-level risks appear at the top. This prioritization allows IT staff to start implementing security measures so that the most serious and glaring holes are closed first, denying hackers easy access to the corporate network.

If a firewall is in use, these threat-assessment reports can be used to provide useful information for updating security policies. The recommendations are codified in the form of rule sets that are loaded into a firewall so that it can monitor for specific threats. If a firewall is not in use on the corporate network, the threat assessment findings may provide ample justification for implementing one. The company can add firewall capabilities by upgrading its routers, purchasing a standalone security appliance, or outsourcing security management to a service provider for a monthly fee.

Since most security breaches originate from within the organization, the best security systems will be useless if there are no means to protect against an insider attack. Therefore, threat assessment must include a thorough examination of the work environment.



 < Day Day Up > 



LANs to WANs(c) The Complete Management Guide
LANs to WANs: The Complete Management Guide
ISBN: 1580535720
EAN: 2147483647
Year: 2003
Pages: 184

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net