- Why
is it important to have an Information Security Policy
-
Planning your Information Security Policy in 10 steps
- Implementing
your Security Policy
- Ongoing review
- Security Risk Assessment
- Intrusion Detection
Systems
- Wireless security
- Security threats
from within
- Frequently
Asked Questions on Internet firewalls
Why is it important to have an Information
Security Policy
A comprehensive information security policy is vital
for organisations and companies
that want to ensure adequate level of protection to their
electronic systems.
This policy is important in providing the framework for managing
information effectively. Information is essential to a business
and it is important that we maintain the integrity and ensure
its availability.
Read more
Planning
your Information Security Policy in 10 steps
- Analyse your employees behaviour around their job roles
so as to have the appropriate procedures and training at
hand.
- Do a risk assessment of what you are trying to protect.
Identify what you are trying to accomplish. Identify the
vulnerabilities within your systems processes.
- Examine existing procedures and identify processes that
could be causing a security risk such as data management.
- Have a clear log of each of your employee and department
responsibilities.
Find out who is accountable for what.
- Base your security policy around your company's risks
and not around the technology available so that you do not
change your policy around to technology.
- Create a plan of action to aleviate the flaws that you
have identified.
- How do you deal with sensitive information, how do you
store it, who handles it.
- Protect sensitive customer information with encryption
and network security.
- Ensure cooperation among departments to find their role
in goal setting and merge that into your policy.
- Identify the budget available to allocate it to the necessary
training for the newly adopted standards that are going
to be implemented.
There are a variety of tools that help implement a security
policy taking into account various paremeters and are adjusted
to any organisation or small business individually.
Implementing
your Security Policy
A few problems arise when getting to the next step
of implementing the security policy that you have already
planned. Sometimes you do not anticipate the amount of training
and re-adjusting that might be needed.
People need time to digest it and practice it themselves.
It is also important that employees feel more appreciated
when their efforts to comply with the policy are actually
appreciated.
Read
more
return
to top
Ongoing review
A security policy, once implemented requires constant
monitoring. Changes in technlogoy, the business environment
and processes as well as threats need to be overviewed
and the policy adjusted and aligned with current technologies.
Security
Risk Assessment
Our dependency, use and application of information
are all pervasive but the risks to this information are a
serious issue. Understanding what the risks are and assessing
how these risks affect and impact busines are vital to being
able to manage these risks effectively.
Managing the risks involves taking action and implementing
controls to reduce or minimise these risks. It is important
that an organization deals with information security at all
levels to ensure business continuity, to reduce business risks
and avoid any potential damage and impact to the business.
Creating a security risk assessment will help you
determine the cost-justifiable controls that can be implemented
into your organisation to mitigate the risks.
You need to:
- Understand the organisation and identify the people and
assets at risk
Assets include core business processes, information, networks,
systems, telecommunications, people.
- Specify loss risk events/vulnerabilities
Risks or threats likely to occur at a site. A loss risk
event can be determined
through a vulnerability
analysis.
- Assess current security measures
Analyse current security measures.
- Establish the probability of loss risk and freqency of
events
Frequency of events is the regularity of the loss event.
- Determine the impact of the events
The financial, psychological costs related with the loss
of an asset.
- Determine the level of risk
The level of risk is determined by analyzing the values
assigned to the likelihood
of a threat occurence and the resulting impact of that threat.
- Develop options to mitigate risks
Develop related security processes to mitigate risks.
- Study the feasibility of implementation of options
- Perform a cost/benefit analysis
- Identify security measures and finalize documentation
Here you begin to identify security measures that can be
used to reduce risk
to a reasonable and appropirate level.
Intrusion Detection
Systems
Intrusion Detection Systems (IDS) are used to monitor networks
for and computers
for unusual activities. There are different types of IDS but
they have some baseline functions that are found in all. They
give early warnings of security problems
so that when an incident happens it can be dealt with quicker
than usual.
If an IDS is not configured properly it can generate many
alerts and missing important ones.
There are network-based IDS that detect attempts
on breaching a network.
They examine network packets and compare them against rules
that are designed
to distinguish unusual activities. Those rules need to be
updated regurarly, exactly
like we do for anti-virus systems. One such example is Snort.
It can detect a variety
of attacks and probes, such as
buffer overflows, stealth
port scans, CGI attacks,
SMB probes,
OS fingerprinting attempts. Read
more
Host-based IDS are usuful on critoreical
servers as they take a snapshot of the files
in a computer and they generate alerts when there are any
unexpected changes
to the permissions, ownership or content of critical files.
One such example is Tripwire. Read
more
Another type of IDS collects information about network
flows. All that information is stored in a database and can
be queried or used to generate alerts for suspicious flows.
One such example is NetFlow Sensor or NfSen. Read
more
Wireless security
A wireless network is not a continuation of a wired
Local Area Network. On a wireless network, everyone can sniff
on everyone else from the inside so tehre are problems of
privacy and accountability of this services. Those networks
use radio broadcasts that enables anyone with a wireless receiver
to hear the communications on that network. Virtual
Private Networks (VPNs) and Secure
Sockets Layer (SSL) are popular choices for protected
information over a wireless network.
All wireless LANs need some level of authentication (depending
on the risks involved) to ensure that only the signed and
known users are accessing the network. Read
more
return
to top
Security threats
from within
Internal threats are a problem that many businesses
seem to dismiss. They usually focus on how to safeguard their
company from intrusions coming from the outside.
Internal threats usually come from people who know the weaknesses
that are either software vulnerabilities, or limited physical
security to premises. They could also come from people who
cause problems without realising it, like simply opening email
attachments that contain viruses. Most of the times its the
company's fault that
they might allow easy access to restricted areas without the
need of having password-protected areas where condidential
information is involved.
Read
more
Frequently
Asked Questions on Internet Firewalls
What does an Internet firewall do?
A firewall implements an access control policy between networks.
What it does is that
it either blocks or permits traffic. When configuring a firewall,
you can put more emphasis on your application to block traffic
rather than allow and vice versa depending
on your demands. It can be the embodiment of your corporate
policy.
What can/cannot it protect you from?
A firewall can protect your network against incoming attacks.
They are configured
to protect you against unauthenticated logins from the outside
world. It also keeps a log file of all attempts against your
network so they are very useful for auditing purposes. When
suitably configured they can provide the network administrator
with summaries about the amount and the type of traffic that
passed through it.
A firewall cannot protect you from attacks that do not go
through it. That means proprietary data that can be stored
in magnetic tapes, discs, flash drives etc.
It cannot protect you from inside attacks, meaning people
within your network.
Types of firewalls
There are three types of firewalls that we are going to give
a short explanation on each.
However, they are not very different with one another or better
or worse.
As with everything, it depends on what you want to protect
and your needs.
Network layer Firewall: The one we have just
explained its usage.
Application layer Firewall: They provide
more detailed audit reports than network layer firewalls.
They can be used as Network
Address Translators. Generally it is a host using various
forms of proxy servers to proxy traffic instead of routing
it. As it works on the application layer, it may inspect the
contents of the traffic, blocking what the firewall administrator
views as inappropriate content, such as certain websites,
viruses, attempts to exploit known logical flaws in client
software, and so forth. They do not permit any traffic directly
between networks.
Hybrid Firewall: Combines both what a network layer and application
layer firewall does. Most firewalls nowadays do networking
filtering as well as some application inspection too. The
amount changes depending on the vendor or the version but
the basics
are the same.
return
to top
|
