Technical Library

Security Links

PSINet Security Services

What is Internet security?

In simplest terms, security is the implementation of policy, and resources to protect data, production resources, reputation, trade secrets, etc. from theft, corruption, and liability exposure.

Who needs Internet security?

Potentially everyone, and certainly anyone who has network connectivity and has resources and information that are considered valuable. What was once only the domain for colleges, universities and hackers, is now an integral part of most businesses. It is a platform for marketing and sales, a communication portal for employees, vendors, and sales partners, and in some cases the storefront for entire businesses.

As the Internet becomes a larger part of a business, it becomes valuable, necessitating the need for Internet security. And when an entire business, like an on-line store or bank or search engine, is Internet based, it needs to be running 24 by 7 or there is no business.

What security issues do I need to consider?

When an organization is connected to the Internet without adequate protection in place, they are exposed to many possible risks. Some of these include:

Loss of private confidential information. This could include database information, employee records, strategic plans, or other mission-critical information.

Loss of available services. This may include web site access, file access, inventory systems, e-commerce transactions, etc.

Exposure of infrastructure. This would reveal the internal network/server workings of your organization. This information could uncover weaknesses that could be used in a future attack.

Legal liability. There could be legal ramifications of exposure of confidential records. There could also be liability for unknown involvement in the attack of a third party.

Vandalism. This could be the defacing of a public web site or file server. This could damage reputation and promote a lack of confidence among customers and business partners.

What is the first step to protect myself?

The first step in protecting a valuable business is to implement a Security Policy.

What is a security policy?

A security policy is a well documented approach to define resources and protect them. What this policy looks like depends on the scope and complexity of your organization.

The basics of a security policy should at a minimum define: resources, access privileges, methods of detecting intrusion, procedures to respond to intrusion, training, and audit procedures. Once a policy is defined, it becomes the guideline for deploying/securing firewalls, workstations, private servers, public servers, remote access/vpn devices, etc. Once a policy is in effect it should be audited and modified to keep up with company growth and evolution.

Resources.

Resources include: database information, employee records, vendor files, applications, public/private web space, file servers, desktop workstations, laptops, remote access servers/vpn's, network topology, internet gateways, mail gateways, employees, etc.

Access privileges.

Access privileges include, but are not limited to: application access, on-network access privileges, off-network access, internet access, chat, video-conferencing, public web servers, building access, server/computer room access, desktops access, file sharing, drive mappings, remote access protocols, telnet, ftp, etc.

Methods of detecting intrusion.

Intruders are always looking for new ways to break into systems. They may attempt to breach your network's perimeter defenses from remote locations, or gain direct access to your resources. Intruders look for vulnerabilities in operating systems, network services and protocols. Oftentimes they are using widely available hacking programs designed for the single purpose of exposing and attacking. An attack may only take a few seconds which means that an organization needs to already have a means of detection in place. Many times detection is difficult or not possible because a skilled hacker will cover his/her tracks, or use a third party to gain access. Many firewall solutions include logging that can help, but a well planed attack may use permitted protocols. Also a good firewall and security profile are designed to protect against attack, rather than identify one. Ultimately, a system administrator must know his network and detect intrusion by file integrity, system operation, system logs, network monitoring software, user reports, and public advisories.

Responding to intrusions.

Most organizations are not prepared to deal with intrusions. They are likely to prepare and respond only after a breach occurs. This results in on-the-fly decision making and damage control. A well prepared organization will understand the nature of the intrusion and its impact on sensitive data and systems. It will have a recovery plan already in place and be prepared to act quickly so that there will be minimum downtime. All data available should be collected and analyzed to better understand the breach and to prevent future attacks of a similar nature.

Training.

Proper training is an essential part of an organization's security. When employees and administrators are aware of potential security risks, then the organization as a whole is more secure. Basic training should include: application, internet, e-mail, passwords, file sharing, virus detection, etc. Administrators should have additional training on networking, routing, and security specific topics.

Audit procedures.

An effective security policy must include audits. System administrators should, on a regular basis, audit internal systems, procedures and perimeter access in order to identify potential security risks. There are many tools and utilities available to do this, as well as third party auditing firms. There are also many public web sites dedicated to this topic and often times include new security threats and attack reports. Security Policy and implementation should be modified appropriately to reflect any new findings.

What is a firewall?

A firewall is a hardware/software appliance that bridges two or more physically separate networks and provides an access policy between the networks. A firewall typically separates an internal network from the internet. However it may separate two internal networks, or separate a public server from an internal private network. In any case, it uses one or more of the following: packet filtering, proxies, packet inspection, Network Address Translation (NAT), or masquerading to implement an organization's security policy.

Public server deployment/security. Security issues of this type of deployment are improper configuration or operation. Either can result in inadvertent disclosure or confidential information. Improper configuration of the server host could allow an intruder to modify the contents of the server. The best methods to ensure server integrity is to carefully chose an operating system for the host and server software. One must also make sure that the server is fully patched based on vendor recommendations and maintain and operate the server within its specifications. Perhaps the single most effective security measure for a public server is to put it on a network separate from the internal network. This isolates it from your private network, preventing further damage if the public server is compromised.

Workstation deployment/security. Security issues of this type of deployment are improper configuration or operation and can result in inadvertent disclosure or confidential information. Improper configuration of the workstation could allow an intruder to modify or view the contents of the workstation or network resources. The best method to ensure workstation integrity is to carefully chose an operating system for the host. Also make sure that the server is fully patched based on vendor recommendations. And most importantly, set permissions appropriately, limiting access to properly authorized and authenticated users (internal and external).

Physical/premise security. An often overlooked facet of security is physical site security. You can have the best firewall and perimeter policy but still have an opening for intrusion. Access should be restricted to server rooms, workstations, network access ports, utility rooms, etc. Some questions to consider: Can an intruder gain access to electrical service equipment or phone lines? Is DHCP in use and are there open network ports? Are workstations left unlocked when not in use? Are passwords written down in open view? Is there authentication to dial up access points? Are visitors escorted in production areas? These are just a few items to keep in mind in order to completely secure your valuable resources.

Summary. Complete security requires commitment, awareness, time, resources and money. This effort is not in vain. A valuable business is worth protecting. Hard work built it, so hard work is needed to protect it.