Advanced Information Technologies Inc. Skip to main content
Home News Products Services Solutions About Us
Search
 

 
 

 
 
 
Services:
 
  Programming  
  Network Service  
  Outsourcing  
  Security Analysis  
About our Services
   

Is your Network Secure?

 
   

Are you being Hacked?

 
    How can I be sure that my server is safe?  
    Overview  
    Identify Threats
  Establish Strategies
  Testing
  Response Team
 
   
 
 
 

 

 

Overview of How to Compile a Security Strategy

Reviewing Current Policies

Establishing an effective set of security policies and controls requires using a strategy to determine the vulnerabilities that exist in our computer systems and in the current security policies and controls that guard them. The current status of computer security policies can be determined by reviewing the list of documentation that follows. The review should take notice of areas where policies are lacking as well as examine documents that exist:

  • Physical computer security policies such as physical access controls.
  • Network security policies (for example, e-mail and Internet policies).
  • Data security policies (access control and integrity controls).
  • Contingency and disaster recovery plans and tests.
  • Computer security awareness and training.
  • Computer security management and coordination policies.

    Other documents that contain sensitive information such as:

    • Computer BIOS passwords.
    • Router configuration passwords.
    • Access control documents.
    • Other device management passwords.

Identifying Assets and Vulnerabilities to Known Threats

   Return To Top

Assessing an organization's security needs also includes determining its vulnerabilities to known threats. This assessment entails recognizing the types of assets that an organization has, which will suggest the types of threats it needs to protect itself against. Following are examples of some typical asset/threat situations:

  • The security administrator of a bank knows that the integrity of the bank's information is a critical asset and that fraud, accomplished by compromising this integrity, is a major threat. Fraud can be attempted by inside or outside attackers.
  • The security administrator of a Web site knows that supplying information reliably (data availability) is the site's principal asset. The threat to this information service is a denial of service attack, which is likely to come from an outside attacker.
  • A law firm security administrator knows that the confidentiality of its information is an important asset. The threat to confidentiality is intrusion attacks, which might be launched by inside or outside attackers.
  • A security administrator in any organization knows that the integrity of information on the system could be threatened by a virus attack. A virus could be introduced by an employee copying games to his work computer or by an outsider in a deliberate attempt to disrupt business functions.

Identifying Likely Attack Methods, Tools, and Techniques

Listing the threats (and most organizations will have several) helps the security administrator to identify the various methods, tools, and techniques that can be used in an attack. Methods can range from viruses and worms to password and e-mail cracking. It is important that administrators update their knowledge of this area on a continual basis, because new methods, tools, and techniques for circumventing security measures are constantly being devised.

Establishing Proactive and Reactive Strategies

   Return To Top

For each method, the security plan should include a proactive strategy as well as a reactive strategy.

The proactive or pre-attack strategy is a set of steps that helps to minimize existing security policy vulnerabilities and develop contingency plans. Determining the damage that an attack will cause on a system and the weaknesses and vulnerabilities exploited during this attack helps in developing the proactive strategy.

The reactive strategy or post-attack strategy helps security personnel to assess the damage caused by the attack, repair the damage or implement the contingency plan developed in the proactive strategy, document and learn from the experience, and get business functions running as soon as possible.

Testing

   Return To Top

The last element of a security strategy, testing and reviewing the test outcomes, is carried out after the reactive and proactive strategies have been put into place. Performing simulation attacks on a test or lab system makes it possible to assess where the various vulnerabilities exist and adjust security policies and controls accordingly.

These tests should not be performed on a live production system because the outcome could be disastrous. Yet, the absence of labs and test computers due to budget restrictions might preclude simulating attacks. In order to secure the necessary funds for testing, it is important to make management aware of the risks and consequences of an attack as well as the security measures that can be taken to protect the system, including testing procedures. If possible, all attack scenarios should be physically tested and documented to determine the best possible security policies and controls to be implemented.

Certain attacks, such as natural disasters such as floods and lightning cannot be tested, although a simulation will help. For example, simulate a fire in the server room that has resulted in all the servers being damaged and lost. This scenario can be useful for testing the responsiveness of administrators and security personnel, and for ascertaining how long it will take to get the organization functional again.

Testing and adjusting security policies and controls based on the test results is an iterative process. It is never finished and should be evaluated and revised periodically so that improvements can be implemented.

The Incident Response Team

   Return To Top

Good practice calls for forming an incident response team. The incident response team should be involved in the proactive efforts of the security professional. These include:

  • Developing incident handling guidelines.
  • Identifying software tools for responding to incidents/events.
  • Researching and developing other computer security tools.
  • Conducting training and awareness activities.
  • Performing research on viruses.
  • Conducting system attack studies.

These efforts will provide knowledge that the organization can use and information to issue before and during incidents.

After the security administrator and incident response team have completed these proactive functions, the administrator should hand over the responsibility for handling incidents to the incident response team. This does not mean that the security administrator should not continue to be involved or be part of the team, but the administrator may not always be available and the team should be able to handle incidents on its own. The team will be responsible for responding to incidents such as viruses, worms, or other malicious code; intrusions; hoaxes; natural disasters; and insider attacks. The team should also be involved in analyzing any unusual event that may involve computer or network security.

 

 
Privacy Legal Contact