By Mike Mullins
Security doesn't begin with a server installation, and it doesn't end with the latest hot fix. In fact, security actually begins with a formal policy. But unless you actually follow your security policy, that piece of paper won't stop a single attempt to destroy your network or steal its data.
Hackers and script kiddies are trying to access your network. On a daily basis, worms and viruses target your desktops and servers running security-hole-riddled Microsoft operating systems and software. You apply service packs and hot fixes in a never-ending effort to balance between testing the fix against your configuration, gaining downtime permission to apply the fix, and waiting to discover if the fix will work or crash a critical business process instead.
A secure network doesn't exist, so stop chasing it. Instead, jump ahead of the game: Secure your perimeter by loading only the services your network and customers need to survive.
Move your public assets off your private network and into a DMZ. Then, shift your focus to the insider threat. Your worst enemy isn't outside your network—it's inside it and logged on right now as a validated user. Cybersabotage and theft of company data are prevalent and require a tight watch to circumvent.
Identify internal threats
Internal threats can come from a variety of sources, such as disgruntled and/or recently terminated employees. However, a curious user or a poorly designed internal application can be just as harmful.
Secure your intranet using the same reasoning and logic that you use to secure your external network: Treat all connections, both internal and external, as potentially hostile.
Take the following steps to mitigate and remove the insider threat.
Access and permissions
System and user accounts
Successful security, inside and out
Proper configuration during server installation, loading all the hot fixes, and limiting external traffic are good steps toward security. But blocking thousands of daily attacks at your borders does little good if your network is vulnerable from the inside.
Focusing on the external threat and forgetting about the enemy within is a common mistake and a recipe for disaster. Don't let one of your users compromise your network or your credibility.
Getting hacked from the outside is bad; getting hacked from the inside is insulting. Avoid this insult: Develop, publish, and strictly apply a security policy, and limit and direct your users' activities—then, watch them like a hawk!
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.