mukky
computer virus threats! how do you handle system security?
Answer
I've been taught to use layers of security, or "defense in depth".
Most of these practices & policies will be done over and over again - not a one-time fix, but a process.
At the lowest level, (your machine) - evaluate and address physical security. Do you need to keep this in a locked room so nobody tampers with it? Evaluate & update BIOS and Firmware if appropriate. Remove or block USB, CD/DVD and other drives if necessary.
Next level, the operating system: no matter what you use (Linux, Win, mac, others) make sure you limit administrator or root access and make strong passwords for all users.
(For Windows this means 15+ characters), Patch the OS on a regular schedule, and make sure to disable or remove any services or programs that aren't needed.
If this is a critical system, then some system-file checking system should be used. Make sure that system files haven't changed unless you change them. Update your information regularly, and keep the tables or checksums that you collect from that machine in a safe place (your only copy should not be on the same machine).
Turn on logging, and if practical - store the logs on another machine where they can't be easily tampered with.
Next level, applications: only install what you need, and clean up anything you remove. Manually verify that patches are done on a systematic schedule. Check for security 'best practices' - stuff like "chroot"-ing an Apache install, and input-verification on SQL-like databases. Again, if practical, log events and check file checksums.
Limit user access to application on a need-to-have basis.
Next level, loss prevention: Here's where your firewall, anti virus, anti-malware and user policies come in. Keep all users (even your admins) to the least privileges to get a job done. Have a system to add new users and remove old ones. Keep AV & other security apps patched, and make sure it is working.
If your users will comply, then training is a good thing. Explain why they can't use myspace / utorrent / aim on critical work machines, and hold them accountable if they do violate policy.
(* as Scheiner says, I think it was something like this.. users will try to step across policy bounds, and if your policy isn't enforced, word gets out fast. A poorly enforced policy is useless. Don't waste time making them.)
Review your firewall policy on some schedule, so you can tell if changes were made without authorization.
Review policies on a set schedule - everything from changing keys to the server room, changing passwords, who has night/ weekend access, whether devices like CDs and USB can be booted from or 'autoplay'-able.
Use a UPS (power supply) and keep the machines off the ground where water, bugs, or clumsy employees can damage them.
Write this stuff down as a policy, and be prepared to justify it to outsiders if you keep anybody else's data.
Next level: recovery planning
Frequent backups, of course.
Check those backups .. verify that you actually have a working backup, and check them for viruses. If practical, keep backups off-site. If you can technically perform and/or afford clustering, virtualization, or other fail-over solutions, then split your work up over 2 or more machines. If one fails, be ready to move to the backup. Lots of ways to do this in hardware or software.. one hardware package I recently read about was Novell's (just bought) "PlateSpin".
Put in some system so you (or appropriate people) get some kind of auto-message from your UPS if power fails, or get called if your network goes down. Your recovery plan needs a start point - usually something other than " Monday AM, the CEO calls and complains". Try to avoid that one :)
Depending on how critical your systems are, you may want to have 24/365 monitoring including video camera or recorded logs of swipe/key access to the server rooms.
Network security is a whole 'nuther animal.
Again, layers of security..
block ports you don't need, firewall users/ IPs you don't need, use a VPN if you can, change default passwords on routers & switches, restrict physical and virtual access.. etc.
I've been taught to use layers of security, or "defense in depth".
Most of these practices & policies will be done over and over again - not a one-time fix, but a process.
At the lowest level, (your machine) - evaluate and address physical security. Do you need to keep this in a locked room so nobody tampers with it? Evaluate & update BIOS and Firmware if appropriate. Remove or block USB, CD/DVD and other drives if necessary.
Next level, the operating system: no matter what you use (Linux, Win, mac, others) make sure you limit administrator or root access and make strong passwords for all users.
(For Windows this means 15+ characters), Patch the OS on a regular schedule, and make sure to disable or remove any services or programs that aren't needed.
If this is a critical system, then some system-file checking system should be used. Make sure that system files haven't changed unless you change them. Update your information regularly, and keep the tables or checksums that you collect from that machine in a safe place (your only copy should not be on the same machine).
Turn on logging, and if practical - store the logs on another machine where they can't be easily tampered with.
Next level, applications: only install what you need, and clean up anything you remove. Manually verify that patches are done on a systematic schedule. Check for security 'best practices' - stuff like "chroot"-ing an Apache install, and input-verification on SQL-like databases. Again, if practical, log events and check file checksums.
Limit user access to application on a need-to-have basis.
Next level, loss prevention: Here's where your firewall, anti virus, anti-malware and user policies come in. Keep all users (even your admins) to the least privileges to get a job done. Have a system to add new users and remove old ones. Keep AV & other security apps patched, and make sure it is working.
If your users will comply, then training is a good thing. Explain why they can't use myspace / utorrent / aim on critical work machines, and hold them accountable if they do violate policy.
(* as Scheiner says, I think it was something like this.. users will try to step across policy bounds, and if your policy isn't enforced, word gets out fast. A poorly enforced policy is useless. Don't waste time making them.)
Review your firewall policy on some schedule, so you can tell if changes were made without authorization.
Review policies on a set schedule - everything from changing keys to the server room, changing passwords, who has night/ weekend access, whether devices like CDs and USB can be booted from or 'autoplay'-able.
Use a UPS (power supply) and keep the machines off the ground where water, bugs, or clumsy employees can damage them.
Write this stuff down as a policy, and be prepared to justify it to outsiders if you keep anybody else's data.
Next level: recovery planning
Frequent backups, of course.
Check those backups .. verify that you actually have a working backup, and check them for viruses. If practical, keep backups off-site. If you can technically perform and/or afford clustering, virtualization, or other fail-over solutions, then split your work up over 2 or more machines. If one fails, be ready to move to the backup. Lots of ways to do this in hardware or software.. one hardware package I recently read about was Novell's (just bought) "PlateSpin".
Put in some system so you (or appropriate people) get some kind of auto-message from your UPS if power fails, or get called if your network goes down. Your recovery plan needs a start point - usually something other than " Monday AM, the CEO calls and complains". Try to avoid that one :)
Depending on how critical your systems are, you may want to have 24/365 monitoring including video camera or recorded logs of swipe/key access to the server rooms.
Network security is a whole 'nuther animal.
Again, layers of security..
block ports you don't need, firewall users/ IPs you don't need, use a VPN if you can, change default passwords on routers & switches, restrict physical and virtual access.. etc.
hooking security cams to computer without chords?
Jacob
Ok so i got a security camera i got the spot picked out and its great but i want the feed to come threw multiple sources, its hooked to my tv and id like to get the feed to my computer, problem is computers on the other side of the house and id rather not run a composite all that way, is there a way to get the feed transferred wireless to my computer, like threw a server or something??
Answer
Yes you can use wireless security cameras and link to a computer but how is very dependant on the hardware. There is no conformancy as far as I know between brands. The hard part is getting the camera to understand it is meant to transmit the data wirelessly. External kits can do this. i.e. connect video feed via a splitter to a transmitter which recognises the camera. Wifi on laptop/computer can then pick it up.
The only way I know how to do it is using Ubuntu Linux and setting the camera up as a web cam. Then you can use software called motion. (I think it is in the standard repositories) to capture either a video stream or pictures every x seconds constantly or upon movement in the room.
If you use ubuntu.
sudo apt-get install motion
man motion (instructions on how to use)
If you use windows I found this link but don't know how good it is.
http://lifehacker.com/5233052/motion-detection-is-an-effective-dead-simple-security-camera-app
Yes you can use wireless security cameras and link to a computer but how is very dependant on the hardware. There is no conformancy as far as I know between brands. The hard part is getting the camera to understand it is meant to transmit the data wirelessly. External kits can do this. i.e. connect video feed via a splitter to a transmitter which recognises the camera. Wifi on laptop/computer can then pick it up.
The only way I know how to do it is using Ubuntu Linux and setting the camera up as a web cam. Then you can use software called motion. (I think it is in the standard repositories) to capture either a video stream or pictures every x seconds constantly or upon movement in the room.
If you use ubuntu.
sudo apt-get install motion
man motion (instructions on how to use)
If you use windows I found this link but don't know how good it is.
http://lifehacker.com/5233052/motion-detection-is-an-effective-dead-simple-security-camera-app
Powered by Yahoo! Answers
Tidak ada komentar:
Posting Komentar