 WebProWorld
IT Forum |
A little help with inadvertant shutdown
I am currently working on a HP 742C home PC. The problem is it shuts down either durring startup or minutes after startup. I tried Removing the PCI cards...
CSS and Cache
When I enter a site (like this) the page appears fine, but once I start to navigate through the site, the CSS stylesheet is not being called from the cache and all styling on the site disappears unless I click 'Refresh'.
Outlook .pst File too Large to Manage
One of my co-workers has grown his Outlook .pst file to 1.99 gigs (apparently he’s very popular). Outlook’s limit for .pst (prior to the 2003 release) is 2 gigs...
|
|
|
 |
|
Recent Articles |
McAfee Launches SiteDigger 2.0
Using Google's search index has a tool, McAfee has launched SiteDigger 2.0, a utility designed to locate human error information vulnerabilities that can show up in search engines.
Search Toolbars Creating Security Holes
Apreo encourages enterprise network security administrators to prepare for the onslaught of Google Desktop Search (GDS) and MSN Toolbar Suite downloads, among other desktop search tools.
Air Force Turns to Microsoft
The Air Force has entered contracts with Microsoft to consolidate 38 software licenses and up their security.
McAfee SecurityShield Verified by VeriTest
McAfee SecurityShield for Microsoft Internet Security and Acceleration (ISA) Server 2004 customers has achieved "Verified by VeriTest" validation through VeriTest, the testing division of Lionbridge Technologies, Inc. (LIOX) for "Microsoft ISA Server 2004 test for ISV Solutions."
Red Hat: Fake Emails Circulating
Red Hat posted a notice on their web site about fake emails that purport to come from them. Here is the statement in its entirety: "Red Hat has been made aware that emails are circulating that pretend to come from the Red Hat Security Team.
Assess And Remediate System Vulnerabilities
PatchLink's New Scanner Integration Module Enables Customers to Leverage Their Existing Scanner-related Investments.
Expanded Enterprise Vulnerability Management
Citadel Security Software will soon release Hercules 3.5 and the new AssetGuard component. Hercules 3.5 delivers an enterprise vulnerability management solution that includes expanded security configuration policy templates, improved workflow and monitoring capabilities and comprehensive device discovery.
Common Criteria Conference to Feature Symantec
Wesley Higaki, director of development and Symantec's common criteria program, will participate on a panel discussion at the Fifth Annual International Common Criteria Conference (ICCC), hosted by the German Federal Office for Information Security.
OpenService Announces Availability of Security Threat Manager (STM) Version 3.0.
New Security Information Management Software Links Real-Time Threats and Business Vulnerabilities to Unite Prioritized Incident Responses with Proactive Risk Reduction.
|
|
|
|
02.01.05
Network Security And Cisco SAFE
 By Dan DiNicolo
While implementing a functional network design that meets an organization's business and technical goals is critical, it is imperative that the design is properly secured.
Even today, many companies consider security in an overly simplified manner, thinking that the implementation of a firewall or a few strategically placed access lists will mitigate almost all potential risks. Unfortunately, implementing a secure network is about much more than the deployment of a few pieces of dedicated hardware and some basic configuration settings. Instead, it involves a commitment to risk management and risk assessment that goes far beyond any piece of equipment, involving the creation of policies, procedures, and ultimately, a plan.
Cisco has developed an approach to securing networks that it calls SAFE. SAFE is not so much a specific set of steps that must be followed in order to secure a network, but rather a set of design suggestions and configuration guidelines that should be followed when attempting to design a secure network. The SAFE methodology follows an approach known as defense-in-depth, where the security of individual modules in the Enterprise Composite Network Model is considered individually, with distinct suggestions made for securing these modules based on potential threats and risks.
This article takes a look at the importance of developing a comprehensive security policy, as well as some of the potential threats that a network designer needs to consider as part of any network design project.
| LinksManager manages reciprocal links, and helps increase website traffic through linking with other like-minded quality sites -> more info |
|
Developing a Security Policy
Implementing a secure network always begins with the same step, namely the development of a comprehensive security policy. In far too many companies, securing a network is looked at as a series of steps that involve configuring equipment, strategic placement of security devices, and so on. Although these elements have their role in helping to secure a network, at the end of the day they should only be the tools used to implement a defined policy.
A security policy is not a set of firewall rules or access control list entries either. A true security policy is comprised of many different elements, but is focused on first assessing the potential risks to not only a network but also a business, and then appropriately managing the assessed risks using various methods. To that end, the development of a security policy within an organization is not a single event but rather an iterative process that never ends. Even after a security policy is developed and implemented, it must constantly be reviewed and revised to ensure that it takes new risks into consideration.
 Any good security policy begins with a look at the potential risks to an organization from a high-level perspective. This does not mean the risk of a hacker compromising the network, but rather the specific threats that an organization faces. For example, if the company is engaged in electronic commerce activities with partners or customers, the data that is stored and transferred between the parties must be properly secured. If this information were somehow compromised, it could not only impact system availability and thus productivity, but also the reputation of the organization. By the same token, if a hacker modified critical data on internal servers, this could impact any number of business processes in a negative manner. Quite simply, a security policy begins by attempting to assess all potential security risks, including how those risks might impact the organization. Sometimes these risks impact a specific technical area and represent no more than an annoyance, while other times, the risk might impact an organization's core ability to conduct business.
In a perfect world, any assessed security risks could be eliminated through the implementation of various security features in a good network design. Unfortunately, the best a network designer can hope for, as part of implementing any security policy, is that risks will be reduced to the greatest possible extent. It is simply not possible to eliminate security risks - these evolve over time, and are constantly changing. A network designer needs to be aware of this, and understand that managing risk, not eliminating it, it truly the nature of the beast.
The design of a security policy in any organization needs to be well documented as a starting point. Some of the different areas that should be considered as part of the design of a security policy include:
Physical security. Although it is among the most important elements of any security policy, physical security is all-too-commonly overlooked. Examples of physical security measures include ensuring that all equipment rooms are locked, access to any wiring closets is restricted, and so on. Many companies now implement locks with pass cards in order to track who has physically accessed equipment.
Authentication. Authentication is also a critical factor with in any network security policy. While many companies still rely upon traditional username and password systems to validate network users using protocols like PAP and CHAP, other implement token-based systems that provide two-factor authentication (username/password plus one-time token password) using the Extensible Authentication Protocol (EAP) for a higher degree of security.
Read the Rest of the Article.
About the Author:
Dan DiNicolo is a technical trainer, consultant, author, and the managing editor of the free IT learning web site 2000Trainers.com. When he's not busy traveling the world as an IT volunteer with organizations like Geekcorps, Dan makes his home in the snowy northern backwoods of Canada. |
