Advertisment

'F1' for Enterprise Security

author-image
PCQ Bureau
New Update

Important data and information that lie at the heart of any enterprise needs

to be secured to ensure smooth running of the business.

Advertisment

With connectivity reaching new heights, threats to nodes of information on

network are increasing exponentially. With the advancement in enterprise

security for networks, the number of 'successful penetrations' has also

increased, making security a priority. Threat to information exists at every

level be it your storage or network. Several solutions are available to do away

with this threat, but striking the right balance of availability and security of

information is a complex task.

For instance, blocking websites that contain words like 'sex' is not a good

idea, as website hosting information related to medical field would also be

blocked, which in turn may affect your pharmaceutical business. To simplify this

complex task, there are domain specific consultants available with in-depth

knowledge of security concerns and solutions to address concerns.



In this article, we will talk about various threats to information at different
'leak points', plus solutions available today to mitigate them. Finally, we will

talk about security compliance.

Advertisment

Network security threats and solutions



One of the biggest sources of threats to enterprise security comes from

Internet. Most of the spywares and viruses covertly reach machines via e-mail

attachments or by 'piggybacking' on legitimate downloads. Once they get into a

machine, it is very difficult to detect and eliminate. The policy of prevention

is the best approach to tackle this threat.

Security at entry point to enterprise network should be properly implemented

using gateway level security along with Web access control. Unified thread

management or UTM's are fast becoming popular as single security device takes

care of almost all the security related aspects of an organization. In a single

UTM box, one can get security features like e-mail spam filtering, Internet

traffic filtering, and anti-virus along with all the features of standard

firewall.

These UTM's also include network management tools to further simplify network

management. Having a single appliance for security also greatly reduce

management issues associated with security. Customization of an UTM is quite

simple with lot many free versions available today. One can build an effective

UTM appliance by spending on hardware only. The only issue with these free

versions is non availability of support, in case you run in to a trouble.

Advertisment

Another concern arises from ever increasing mobile device usage in

organizations. If an infected notebook from outside is connected to Wi-Fi or to

the local network, it compromises all preventive security measures. To overcome

such a situation, you can create a separate zone altogether for visiting devices

so that, even if they are infected, they do not affect other machines in the

network.

Let's move towards threats that are keeping security heads of enterprises on

their toes.

Advertisment

Phishing



Protection against phishing and pharming attacks is very critical as most of

these attacks target end users. Most of the gateway level solutions offer

protection against phishing but majority of these solutions use blacklisting

techniques to detect such attacks. Same technique is used for anti-spam

solutions to detect phishing emails. However, this technique isn't always

successful especially in case of targeted phishing attacks. Once a phishing

email or URL manages to bypass an anti-phishing solution, it can even drop a

malware into a user's machine which might even spread into other nodes of the

network.

While buying a security solution, look for a solution which offers advanced

phishing detecting techniques. Since now, phishing protection comes with Web

browsers, security suites and anti-spam. So, at any point of time you will have

multiple defenses against phishing attacks. For extra phishing protection, anti-phishing

toolbars are freely available.

Zero day attacks



Consider a scenario where a product is launched in the market that has some

vulnerability. The period between patch releases to plug that vulnerability, and

launch of product is known as 'Zero Day Period' and any attack carried out

during that period is known as 'Zero Day Attack' (ZDA). To defend these attacks,

there are number of zero day protection solutions available.

Advertisment

Most of the firewalls (Application level as well as gateway level) these

days, provide protection against zero day attacks. Most commonly used techniques

used to protect against Zero Day Attacks are behavior analysis, pattern

matching, protocol anomaly detection. So while buying a UTM or firewall

solution, ask vendorsfor solution that provide protection against ZDA. Many

solution use signature based protection against ZDA, However in most cases, they

only detect ZDA having signatures available. Such solutions are not recommended

to protect against ZDA.

Some security solutions

Advertisment

1. Web application firewall



WAF is a new information security technology built to protect Web applications
from malicious attacks. These firewalls are capable of preventing attacks that

intrusion detection systems and firewalls cannot prevent. Another point worth

mentioning is that these firewalls do not require any change in application's

source code. These firewalls respond to all requests within OSI layer-7 for

violation in programming security policy and usually sit between Web client and

Web server and look for attack signature or abnormal behavior.

Web Application Firewalls are available as a appliance, third party plugins

as well as software solutions. These firewalls are recommended for the companies

who doing businesses online through web applications. These firewalls also

provide protection against SQL injection attacks as well as botnets which are

the major threats around these days. Such attacks can be easily combatted using

Web application firewall at their initial level.

2. Device based control: Cisco's Network Admission Control



This solution from Cisco is to enforce security policy compliance on users

and devices in organizations.

Advertisment

Access to the enterprise network is controlled by giving access to only those

users having proper credentials and devices that are compliant. These devices

include printers, servers, IP phones, and wireless devices. Cisco's NAC helps in

securing both managed and un-managed assets of an organization. Proper

management in turn lowers operational expenditure in long run and mitigates

internal and external threats.

Cisco's NAC has following components: Cisco NAC Manager that is a Web based

interface for managing NAC Server, where NAC Server is the actual device used to

enforce security policies and is implemented at network level. Besides, there

are three optional components. Cisco NAC Agent is a light weight read only agent

on devices for inspection of their security status and for taking measures to

make them security compliant. Non-PC device like printers, IP phones etc. are

profiled using Cisco NAC Profiler that keeps track of their behavior.

Finally Cisco NAC Guest Server is used for automated provisioning,

notification, reporting and management of guest devices.

3. App based control: Microsoft's Network Access Protection



Approach taken by Microsoft for enforcing security compliance is application

based. NAP like Cisco's NAC control access to network is based on devices'

identities and compliances with security policies. NAP helps to define client's

network access based on identity, group to which client belongs and degree of

compliance.

If client is not compliant, NAP automatically tries to make client compliant

plus it also includes application programming interface (API) for developers to

create complete health state validation solutions.

Components of NAP are known as system health agents (SHA) and system health

validators (SHV), these are used for validation and tracking of health state.

Windows Vista, Windows XP service pack 3 and Windows server 2008 include NAP

support for following type of network access: Internet Protocol security

(IP-sec) protected traffic, IEEE 802.1X authenticated network connection, VPN

connection, DHCP address configuration and Terminal Server Gateway connection.

These are known as NAP enforcement methods. Network policy server (NPS) in

Windows Server 2008 acts as health policy server for these enforcement methods.

Physical security measures



One more important aspect of enterprise security is physical security.

Physical security includes securing the work area by access control that can be

achieved by access cards (RFID) or biometric measures and surveillance like IP

surveillance .

If you want to know more about IP surveillance , refer to IP surveillance

story in August issue of PCQuest.

Advertisment