IT Employment

General discussion

Locked

Shift security focus to users

By discussion ·
How do you control internal access? In this week's Security Solutions TechMail column, Michael Mullins says the greatest threat to your secure network is inside your own firewall. How much of your time do you spend on internal security? Do you have internal security best practices to add to Michael Mullins' list?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Link please

by Cactus Pete In reply to Shift security focus to u ...

Well, I don't know what is on his list, so I can't really know if I'm adding to it, or duplicating it. Please provide a link to the column.

Again.

Collapse -

I don't want to get in the

by admin In reply to Shift security focus to u ...

habit of cutting and pasting. So, please do us a favor TR! Please include a link for those that didn't get the e-mail! Not even fancy, we can cut and paste the link out of the message body.

Otherwise my reply may be something like: "Yes, I agree that users should now be responsible for security and that they should rotate each day a different user reads logs and is persoanlly responsible for any attack they do not report and stop or they get fired and pay fines."

You don't want more responses like that, do you?

Seriously, we will be eternally grateful for links in the future.

Thank you for your consideration,

~Michael

:)

Collapse -

Can't Be Given

by Oldefar In reply to I don't want to get in th ...

Its an approach to user security. Divulging the link would breach TR security.

Next step - take away the workstations!

Collapse -

Steps to check INTERNAL TREATS

by nandy40 In reply to Shift security focus to u ...

In many large organizations, alot of users are not aware that there action on the internet could cause a big security breach for their organization. This could be due to the sites they visit on the net, or people they colaborate with. These risks can be reduced by educating users, restricting visitation to unecessary sites, blocking users that violate site restriction notices and regular srutiny of audit trails to know the activity of users.Other measures include immediate removal of ex-employee accessto all system facilities etc.

Collapse -

disabling accounts

by gshollingsworth In reply to Shift security focus to u ...

I have seen some policies stating that accounts of terminated employees are to be deleted within a certain short time period, with certain terminations requiring "immediate" action.

Deleting accounts can be a problem for auditing access and determining file ownership. Many times files' ownerships need to be reassigned to other employees. Many audit log mechanisms record the system's userid code and not the username for accesses. Deleting accounts orphans audit records and files. The records and files now refer to "unknown user".

It is better to disable accounts. In the Windows NT environment, I disable, change the account name using a formula to be able to identify the person to which it belonged, and reset the password to a random strong password (14 characters, alphanumeric, numbers, and special characters) which is not recorded anywhere. I then record all group memberships and that account's rights then remove the memberships and rights. This preserves the audit trail if it is needed. The record of account access and rights is sent to HR to be placed in the terminated employee's file.

Similar procedures can be used in Unix, Novell, Linux, and many other operating systems.

Collapse -

The best protection is

by lguerriero In reply to Shift security focus to u ...

Cyber Operations has a product called Pro-Defense, which is an
Anti Terrorism System that prevents DoS/DDoS attacks at the router. The
product is designed to use heuristics to analyze and determine normal
behavior from abnormal behavior. Unlike other competitive products,
Pro-Defense can stop external attacks as well as attacks that have been
generated from within your trusted network.

Pro-Defense can alert you in a fraction of a minute and actually identify
the source or the actual machine/computer within your network that is
generating an attack. If your attack is an external source, Pro-Defense
would block or rate limit that IP address if you wish to monitor that
particular attacking source from outside your network. This gives the you
options as to how to deal with that particular malicious traffic. So now,
along with many other features and benefits, your router can stop malicious
traffic from coming into your trusted network, the performance of the router
will not hamper normal network operations during an attempted attack, and
your router is now immune to viruses, worms or Trojans. This is now your
first line of defense.

On to countermeasures and management. First, during an attack situation
Pro-Defense has the capabilities to deploy countermeasures to the router or
routers under attack within seconds. With their on-the-fly rate limiting
capabilities and ability to deploy countermeasure policies to any type
router (all other products being proprietary to their make and model) an
attack can be monitored and/or stopped within seconds.

On to management. Pro-Defense has the capability to merge and de-conflict
access control lists that well exceed 75,000 lines. This process can be
done, depending on size, within seconds or minutes.

I sell it and my customers love it.

Related Discussions

Related Forums