La Flaca
I am a network administrator. Recently, a number of local companies have been hacked, some from the Internet and some by physical break-ins. I need to address these possibilities for my company. What security tools and procedures can anyone recommend to deploy and use in a situation like this? For the network? What vulnerabilities would these monitor or correct? With these in place, what would the network still be vulnerable to? All info is appreciated.. thanks â¥
Answer
You can reduce the risk by applying good business judgement and procedures. Someone mentioned SANS and INSECURE.ORG as a start. You will also need to implement good governance and risk management programs at the company to...again...reduce the risk from these things to happen.
For IT Governance you can use COBIT 4 and GAIT (ITGeneral Controls Scope Based on Risk (GAIT).) from ISACA and The IIA respectively. Their links are:
http://www.isaca.org
http://www.theiia.org
You can use also the European version of COBIT if you search for ISO17799 and also ITL.
All these are control objectives of the IT Environment that serves as the guide to best practices.
For Internet break-in you need to watch your entry points and their vulnerabilities. This inclues the settings on the firewall, VPN, Remote Access, and Web Services (IIS, FTP, Email) for example. On each you would like to harden their configuration to prevent misconfigurations that a hacker can use to break into your systems. The Center For Internet Security (cisecurity.org) has develop benchmarks for OS and some appliances that you can test the configuration and apply best practices design by experts.
This is just one step, you can do your own checks with nessus to verity you don't have holes in your network. Be careful running this tool. There is an option to run scans that are very intrusive and can perform denial of service attacks (DOS) on your machines. If you decide to run these scans you should coordinate them to make sure you can recover if something goes wrong.
Next, you should have Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) depending on your taste and budget. A good free IDS that runs on LINUX is Snort (snort.org). There is a lot of add ons for Snort that are GPL and can be found at sourceforge.net. If you don't want to mess around the configuration of LINUX and the Snort application you can download a virtual appliance from VMWare already pre-configured (www.vmware.com). The server version that runs on LINUX or Windows Servers is free of charge. I would be surprise if you are not using VMWare or MS Virtual PC. However, VMWare is the leader on virtual technology.
Now that you have preventive and detective controls is time to look at each individual vulnerabilities of the services you provide or the devices you are trying to protect.
For email you would want to have an appliance that can filter spam and that can block individuals from browsing places that can get infected with internet scripts. This can still be achieved centrally on the network.
On the desktop you would want to have good antivirus software installed and periodically scanning for viruses. The leaders are Symantec and McAffee. Each one has its pro/cons.
You would want to establish a periodic review to check what software gets installed all computers including the servers. Look for P2P, IRC, FTP Servers, and anything that can create a conversation with the exterior.
Establish a periodic review to check rouge devices, wireless, with netstumbler (netstumbler.org) and confiscate any that is physically connected to the network ASAP (extends your network and your security risks)
For physical security I can send you an audit program that covers some basic and standard things us IT Auditors look for. For example things we look at like security guards, cameras, the position doors open, ornamental barriers that serve as physical security, signs that can give the location of the data center, barriers to prevent cars crashing into the building, access configurations, etc...
Also, you should implement a security awareness program if you have not done so. This will educate the end-user on thing to watch for and things not to do while using email, internet, and other treats like social engineering attempts.
If you need more information security info just send me an email to mpg_2@yahoo.com.
By the way, what companies were recently broken into? I believe you live in Puerto Rico and I used to live there until 2000.
Cheers!
You can reduce the risk by applying good business judgement and procedures. Someone mentioned SANS and INSECURE.ORG as a start. You will also need to implement good governance and risk management programs at the company to...again...reduce the risk from these things to happen.
For IT Governance you can use COBIT 4 and GAIT (ITGeneral Controls Scope Based on Risk (GAIT).) from ISACA and The IIA respectively. Their links are:
http://www.isaca.org
http://www.theiia.org
You can use also the European version of COBIT if you search for ISO17799 and also ITL.
All these are control objectives of the IT Environment that serves as the guide to best practices.
For Internet break-in you need to watch your entry points and their vulnerabilities. This inclues the settings on the firewall, VPN, Remote Access, and Web Services (IIS, FTP, Email) for example. On each you would like to harden their configuration to prevent misconfigurations that a hacker can use to break into your systems. The Center For Internet Security (cisecurity.org) has develop benchmarks for OS and some appliances that you can test the configuration and apply best practices design by experts.
This is just one step, you can do your own checks with nessus to verity you don't have holes in your network. Be careful running this tool. There is an option to run scans that are very intrusive and can perform denial of service attacks (DOS) on your machines. If you decide to run these scans you should coordinate them to make sure you can recover if something goes wrong.
Next, you should have Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) depending on your taste and budget. A good free IDS that runs on LINUX is Snort (snort.org). There is a lot of add ons for Snort that are GPL and can be found at sourceforge.net. If you don't want to mess around the configuration of LINUX and the Snort application you can download a virtual appliance from VMWare already pre-configured (www.vmware.com). The server version that runs on LINUX or Windows Servers is free of charge. I would be surprise if you are not using VMWare or MS Virtual PC. However, VMWare is the leader on virtual technology.
Now that you have preventive and detective controls is time to look at each individual vulnerabilities of the services you provide or the devices you are trying to protect.
For email you would want to have an appliance that can filter spam and that can block individuals from browsing places that can get infected with internet scripts. This can still be achieved centrally on the network.
On the desktop you would want to have good antivirus software installed and periodically scanning for viruses. The leaders are Symantec and McAffee. Each one has its pro/cons.
You would want to establish a periodic review to check what software gets installed all computers including the servers. Look for P2P, IRC, FTP Servers, and anything that can create a conversation with the exterior.
Establish a periodic review to check rouge devices, wireless, with netstumbler (netstumbler.org) and confiscate any that is physically connected to the network ASAP (extends your network and your security risks)
For physical security I can send you an audit program that covers some basic and standard things us IT Auditors look for. For example things we look at like security guards, cameras, the position doors open, ornamental barriers that serve as physical security, signs that can give the location of the data center, barriers to prevent cars crashing into the building, access configurations, etc...
Also, you should implement a security awareness program if you have not done so. This will educate the end-user on thing to watch for and things not to do while using email, internet, and other treats like social engineering attempts.
If you need more information security info just send me an email to mpg_2@yahoo.com.
By the way, what companies were recently broken into? I believe you live in Puerto Rico and I used to live there until 2000.
Cheers!
Information Systems & Information Technology Advice?
Andrew
Hello i will be enrolling into college in the fall for Information technology or information systems which i see is related but different task. I am not a math genus but i am in the process of making myself stronger in that subject since i need it in this field. My question is to the people that have majored in this career, i want to know what type of big moves i should do in order to be successful and find a good job when i finish. Also i enjoy technology, i seem to be on it everyday of my life and never tired of it. Do you think this is the right career?
Answer
Just to clarify - I hope you are pursuing a 4 year IT related degree. A 2-year Associates degree is not as desirable.
These names that colleges use for their majors are not really standardized and you may find that some IT majors will have more programming than others. If you look at the actual course lists you can tell what the real emphasis is. Computer Science majors typically have a lot of programming courses involved while IT and IS majors have less. If you were good at math that might be something to try. Since you are not I would steer clear of Programming. You will still get to take a few programming courses in other IT majors - it just won't be the main thrust like it will be in CS.
Many people who take programming end up unhappy and switch to other IT majors. Here are just a few of the jobs that you get in non-Programming areas:
Computer Technician - Works on computer hardware at user location or in service center. (entry level IT Job)
Service Center Coordinator - Schedules the repair of user community computers, orders spare parts, schedules staff, establishes priorities, maintains loaner laptops and non-US laptops for travel outside of US.
Help Desk Staff - answer questions and resolve problems for the user community. (entry level IT Job - Tier 1 support)
Storage Administrator - in charge of mass storage servers and devices.
Network Administrator - Works on routers, switches, hubs, cables, load balancers and all the other hardware that handles LAN and WAN network traffic. Also, may be responsible for IP phone service.
Systems Administrator or Systems Engineer- Works with servers, laptops and desktop computers to keep them free of problems and secure the data they contain. Responsible for Security group creation and memberships, server patching, anti-virus protection updates, password changes and any automated mechanisms that make these changes. These positions may be divided into server and desktop teams. Tier 2 support.
Enterprise Administrator - Handles Enterprise support and design issues. Tier 3 support.
Active Directory Administrator - Designs and administers Active Directory infrastructure, AD policies, access permissions, roles, group policies, separation of duties.
Exchange and Messaging Administrator - maintains mail systems servers, other mail related devices and the company messaging infrastructure.
Backup Administrator - Maintains backup devices and determines backup strategies so data that was deleted accidentally or intentionally can be recovered. Design and control how and when data is backed up, where the backups are stored and how long the backups are retained. They will test to be sure backups are valid and usable.
Disaster Recovery Specialist - Plans for disaster events so the company data and infrastructure can be brought back online as quickly as possible after a fire, flood, earthquake, terrorism or other disaster event. Plans for failover of services to alternate locations, if the primary location is not available.
Database Administrator - Maintains the company databases which may include customer and sales records, billing information, inventory and other data.
Computing Security Specialist - A company's biggest asset is its data and the Computing Security Specialist will work to try to keep that data protected from loss. They may be dealing with and defending against viruses, hoaxes, malware, keyloggers, phishing attacks, internal attacks and domestic and foreign intrusion. Develops monitoring and interception systems, filters and strategies and works with appropriate government agencies.
Corporate IT Acquisition Specialist - Works with acquired outside companies to establish migration into the corporate computing infrastructure.
Data Center Administrator - Maintains the data center facilities where the company's servers and other devices reside. They are responsible for physical security and may review badge reader and camera information to be sure that only individuals with proper access are getting close to the company's servers and other critical devices. Also, maintain backup power devices (UPS or generators), climate control equipment, fire suppression equipment, establish access policies, etc.
Best Wishes!
Just to clarify - I hope you are pursuing a 4 year IT related degree. A 2-year Associates degree is not as desirable.
These names that colleges use for their majors are not really standardized and you may find that some IT majors will have more programming than others. If you look at the actual course lists you can tell what the real emphasis is. Computer Science majors typically have a lot of programming courses involved while IT and IS majors have less. If you were good at math that might be something to try. Since you are not I would steer clear of Programming. You will still get to take a few programming courses in other IT majors - it just won't be the main thrust like it will be in CS.
Many people who take programming end up unhappy and switch to other IT majors. Here are just a few of the jobs that you get in non-Programming areas:
Computer Technician - Works on computer hardware at user location or in service center. (entry level IT Job)
Service Center Coordinator - Schedules the repair of user community computers, orders spare parts, schedules staff, establishes priorities, maintains loaner laptops and non-US laptops for travel outside of US.
Help Desk Staff - answer questions and resolve problems for the user community. (entry level IT Job - Tier 1 support)
Storage Administrator - in charge of mass storage servers and devices.
Network Administrator - Works on routers, switches, hubs, cables, load balancers and all the other hardware that handles LAN and WAN network traffic. Also, may be responsible for IP phone service.
Systems Administrator or Systems Engineer- Works with servers, laptops and desktop computers to keep them free of problems and secure the data they contain. Responsible for Security group creation and memberships, server patching, anti-virus protection updates, password changes and any automated mechanisms that make these changes. These positions may be divided into server and desktop teams. Tier 2 support.
Enterprise Administrator - Handles Enterprise support and design issues. Tier 3 support.
Active Directory Administrator - Designs and administers Active Directory infrastructure, AD policies, access permissions, roles, group policies, separation of duties.
Exchange and Messaging Administrator - maintains mail systems servers, other mail related devices and the company messaging infrastructure.
Backup Administrator - Maintains backup devices and determines backup strategies so data that was deleted accidentally or intentionally can be recovered. Design and control how and when data is backed up, where the backups are stored and how long the backups are retained. They will test to be sure backups are valid and usable.
Disaster Recovery Specialist - Plans for disaster events so the company data and infrastructure can be brought back online as quickly as possible after a fire, flood, earthquake, terrorism or other disaster event. Plans for failover of services to alternate locations, if the primary location is not available.
Database Administrator - Maintains the company databases which may include customer and sales records, billing information, inventory and other data.
Computing Security Specialist - A company's biggest asset is its data and the Computing Security Specialist will work to try to keep that data protected from loss. They may be dealing with and defending against viruses, hoaxes, malware, keyloggers, phishing attacks, internal attacks and domestic and foreign intrusion. Develops monitoring and interception systems, filters and strategies and works with appropriate government agencies.
Corporate IT Acquisition Specialist - Works with acquired outside companies to establish migration into the corporate computing infrastructure.
Data Center Administrator - Maintains the data center facilities where the company's servers and other devices reside. They are responsible for physical security and may review badge reader and camera information to be sure that only individuals with proper access are getting close to the company's servers and other critical devices. Also, maintain backup power devices (UPS or generators), climate control equipment, fire suppression equipment, establish access policies, etc.
Best Wishes!
Powered by Yahoo! Answers
Tidak ada komentar:
Posting Komentar