Research shows that the
typical small to medium sized network is not secure and is susceptible to
intrusion by factions with bad intent. Lack of awareness of the true nature of
the risk is the greatest obstacle to overcome. New vulnerabilities are
discovered every day. How will we address this?
Every IT project should
begin with two questions:
1. What business problem
are we trying to solve?
2. Does everyone agree
it’s worth the effort to solve it?
Here we have helped to solve
the problem of security vulnerabilities in a small to medium sized network. The
same ignorance of these vulnerabilities exists from a typical home network, to
a SOHO, to an SMB size network. In each case important personal information and
reputation are at risk including monetary assets.
This report represents an
effort to educate the public and provide a reasonable path towards an
affordable security solution. It should be noted that the enterprise class
security solutions are starting to reach out to the SMB sector. They are trying
to fill the gap between what is effective and affordable to a typical SMB size
network. Still this sector must also be educated, even convinced that if they
do not take some action they will remain at risk. The solution I have proposed will
merit the consideration of these same SMB’s although it will target more
closely a home to a SOHO size network.
Here, I would like to
succinctly address the nature of the beast we are facing. Addressing network
security involves three factors: vulnerability, threat, and attack.
The primary
vulnerabilities are technological, configuration, and security policy
weaknesses. Technological vulnerabilities include protocols, operating systems,
and network equipment. Configuration vulnerabilities involve laxity on the part
of the administration. Due diligence requires that the administrator do
everything possible to correctly configure and protect the network in his
charge. Security policy weaknesses include not having a clear cut written
policy and not following it if you do… or not enforcing it, as they need may
be. Network policy informs users, staff, and managers of their obligatory
requirements for protecting technology and information assets, specifies the
mechanisms through which these requirements are met, and provides a baseline
from which to acquire, configure, and audit computers and networks for
compliance.
On to the four types of
attacks, reconnaissance, access, denial of service (DOS, and worms, viruses,
Trojan horses. Reconnaissance involves Internet information lookup, Ping
sweeps, Port scans, and Packet sniffers. Access attacks include password
cracking, trust exploitation, port redirection, man – in – the – middle. DOS
overwhelms system resources via ping of death, SYN flood, email bombs,
malicious applets. Last would be various types of malware which compromise a
system of systems in various ways… many serious.
Lastly, we have threats.
These include structured, unstructured, internal, and external. Here we have a taste
of what is out there and a way to categorize them for more effective defense
management. We can see that this is an ugly animal with many heads.
Does everyone agree it is
worth the effort to solve it? Is it worth the effort to lock your door when you
go to bed at night? There will always be an ongoing need for risk mitigation
regardless of the size network we are on just as the need to mitigate the risk
of crime in the physical world remains. The question is are you ready? We shall
see in our next section.
No comments:
Post a Comment