A major component of IT security is determining who is allowed into your structure both physically and logically, and what can they do once they have gained access? Access control determines who has how much access. To get control, organizations must lock down their systems, including hosts, networks, applications, data stores, and data flows, and address the following:
- Communication Security
- Logging and Monitoring
- Penetration Testing
- Remote Access
Communication security protects the pathways across which voice and data traverse. The goals of communication security include prevention of eavesdropping to protect confidentiality, assurances of integrity, and the maintenance of availability of the connection itself. All communication channels, whether between devices on the same network, across a VPN, over a remote connection, or wirelessly over radio waves, must be protected. A significant portion of communication security requires appropriate encryption. Encryption is used to protect the data itself while in storage and transit and provide a digital means of authentication. Without proper security, communication is subject to interception, manipulation, or denial of service. Communication security also includes planning for protection, as new technologies and data flow patterns are incorporated into the workplace.
Cryptography is the science of obfuscation and is used to protect data while in transit or in storage. Data encryption includes three common sub-divisions: symmetric ciphers, asymmetric ciphers, and hashing. Symmetric cryptography is used for bulk data encryption, protecting information while in transit or in storage. Asymmetric cryptography is used to prove the identity of endpoints (e.g., digital signatures), or provide secure symmetric key exchange (e.g., digital envelopes). Hashing is used to detect alterations or verify integrity of communications and stored data.
Intrusion Detection Systems (IDS) are designed to notify administrators of suspect activities in the computing environment. Intrusion Prevention Systems (IPS) detect suspect activities and alter the environment in attempt to thwart those activities. New Intrusion Detection and Prevention (IDP) solutions can perform deep packet inspection on cloud traffic. These tools supplement the security provided by firewalls, proxies, malicious code scanners, and other typical security mechanisms. IDS/IPS/IDP may be able to detect violations based on pattern matching, anomaly detection, and behavior analysis. However, these tools require expertise for proper deployment, configuration, and tuning.
Logging and Monitoring
Logging and monitoring, in addition to auditing, are essential parts of keeping track of all of the events that occur within an organization’s infrastructure. Each and every piece of equipment that can record a log file should be configured to do so, especially firewalls, proxies, DNS servers, DHCP servers, routers, and switches. Plus, every OS and application that can log events should be enabled as well. The more extensive the logging, monitoring, and auditing, the more evidence will be collected about benign and malicious situations. Other important issues related to event tracking include historical log archival, securing logs, time synchronization, monitoring performance, vector tracking, maintaining accuracy, and complying with rules of evidence and chain of custody.
Penetration testing is the third major phase in security assessment and management. Penetration testing is used to stress test a mature environment for issues that cannot be discovered by automated tools or by typical administrators. Penetration testers are skilled in the method and tools of criminal attacks, the art of reconnaissance, and are masters of systems, protocols, and other aspects of IT from the perspective of malicious hackers. Testers craft exploits, modify code, decompile executables, applications, debug scripts, uncover covert channels, and more. These are essential skills of the members of a penetration testing team. A complete understanding of the benefits and the mechanisms of black box security testing will enable an organization to benefit fully from hiring an ethical hacking consultant or developing their own in-house testing team.
Remote access is convenient, can reduce costs, and can make work tasks more flexible, but it also increases risk for an organization. Once remote connectivity of any type is enabled for valid user access to a private network, the benefits of physical security are greatly reduced. As soon as authorized outsiders can establish valid connections to internal resources, hackers from across the globe gain the ability to attempt to intrude into those same remote access channels. Remote access includes traditional PSTN modems, VPN connections over the Internet, wireless connections, and more. Remote access often benefits from the implementation of AAA (authentication, authorization, and accounting) servers exclusively for remote users. Adding filters and rigorous oversight, such as with auditing and IDS/IPS/IDP solutions, is essential. Secure remote connectivity is possible, but is more challenging and involved than most organizations realize when first launching telecommuting or remote access projects.