You must be aware of the various appliances and software to combat malware.
Such solutions form the first line of defense for an enterprise to secure their
IT infrastructure. Enterprises are always searching for the best security
solution that provides more security at lesser cost. As the market becomes
competitive, vendors are packing their security appliances with more features.
There is a wide range of security solutions available, both free and paid. The
difference between the two is primarily in the features and functionality
offered. However, we repeat that one should only go for the best solution
irrespective of cost.
Paid vs free
There is always a debate on whether one should go for a free/open source
security solution or a propriety or paid solution. For instance, for a gateway
level security solution there are plenty of security appliances available of
both kinds. However, open source or free appliances require in house expertise
to deploy, whereas proprietary solutions are deployed by the vendor. You can
find some open source consultants for deploying free appliances but this would
negate the cost benefit. A standard gateway level security appliance, let's say
a UTM device, which can handle a load of 100 to 500 users and has considerable
features, will cost you somewhere between 2 to 5 lakh rupees. You can also get
most functionality provided by these devices using an Open Source UTM device
where the software or license cost is zero. You only have to pay for the
hardware, which hardly costs 50k. However, there will be no service or support
with such a deal. Also, you need to have a good in house team to first build and
then maintain such devices. Now, let's take the case where you have multiple
offices. Let's say, 30 in number, with at least 100 users at each location. If
you spend 2 lakh rupees per branch, you will end up spending 60 lakhs just for
securing your branches. To avoid so much expenditure, you can use a commercial
UTM at your central office and deploy Open Source UTM in branches.
On the Cloud
Cloud Computing is getting hotter each day, but the technology behind this
is nothing new. For details on what it is and how one can deploy Cloud Computing
visit http:// tinyurl.com/lrshbnasp. There are security solutions available on
the cloud which one can use on pay-as-you-use basis. Let's take a simple
example. You have a mail server in your enterprise, but lack an anti-spam
solution. You can buy an anti-spam appliance but does that really make sense.
Yes, it does for a large enterprise but for others it might not. You need to be
aware of the bandwidth requirements and the ability of the appliance to handle
the load. So one should subscribe to an anti-spam solution deployed on the cloud
and not care about the hardware or software being used. The billing is done
based on usage. There is a free anti-spam solution deployed on the cloud called
Safentrix. To know more about this solution and how one can integrate it to a
mail server then visit http://tinyurl. com/nhd97q.
App-based control
Microsoft's approach for enforcing security compliance is application-based.
NAP, like Cisco's NAC control access to network is based on a device's identity
and how it complies with security policies. NAP helps define a client's network
access based on identity, group to which a client belongs and the degree of
compliance. If a client is not compliant, NAP automatically tries to make that
client compliant plus it also includes application programming interface (API)
for developers to create complete health state validation solutions. The
components of NAP comprise of system health agents (SHA) and system health
validators (SHV). These are used for validation and tracking of health state.
Windows Vista, XP service pack 3 and Server 2008 include NAP support for
Internet Protocol security (IP-sec) protected traffic, IEEE 802.1X authenticated
network connection, VPN connection, DHCP address configuration and Terminal
Server Gateway connection. These are known as NAP enforcement methods. Network
policy server (NPS) in Windows Server 2008 acts as a health policy server for
these enforcement methods.
End-point security
The end point security comprises the anti-virus and anti-spam solution
deployed at the end-user's desktop. By simply deploying a gateway level security
solution, threats generated within an enterprise can not be controlled. One of
the ways in which security can be compromised is by transferring data through
USB drives. For such threats, there should be a mechanism to alert the
administrator about an attack. There are devices that can be plugged into a
network to monitor for malicious activity. As soon as a threat is detected, the
device notifies the administrator about it. The licensing of these devices is
quite interesting. You can buy a device and place it on the network for
continuous monitoring or you can rent it for a couple of months to scan your
network and neutralize all threats. Information no longer resides inside the
four walls of an organization, given the business outsourcing scenario. Any
leakage of information can cause you to lose not only money but also
credibility. So, apart from securing PCs from viruses, spyware, etc it very
important for an organization to defend against all vulnerabilities. And this is
now a big concern for many enterprises. Data loss protection or DLP is the term
used to describe the theft of sensitive or critical data from an organization.
However, there are number of ways to solve this issue. But before that, you
first need to figure out the amount and type of data your organization wants to
protect. This might comprise an organization's strategies, client confidential
data, etc. Such data can get stolen only if someone tries to copy it to a
portable media or send it via Internet to a third person. To steal data one
needs the rights to access that data. The most common solution to this problem
is to stop users from carrying portable media inside the organization. The other
measure an organization can opt for is to block all ports on a user's system.
The second method seems to be pretty practical, because even if someone gets
inside the premises of your organization with the intention of stealing data, he
will not be able to connect to the system. The third option is to configure the
mail server in such a way that any mail that comes with an attachment is
blocked. The issues are endless when it comes to DLP. Even if you block the port
and scan all emails that go out of the organization, one can still use a third
party email service provider, such as Gmail. This might make you think of
blocking the Internet itself, but such a solution is feasible only for
organizations that work offline. So what solution should one opt for? There are
couple of vendors that offer customized solutions.
Web application firewall (WAF)
WAF is a new information security technology built to protect Web applications
from malicious attacks. Such firewalls are capable of preventing attacks that
intrusion detection systems and firewalls cannot prevent. Another point worth
mentioning is that these firewalls do not require any change in application's
source code. They respond to all requests within the OSI 7 layer model for
violation in programming security policy and usually sit between the Web client
and Web server and look for attack signature or abnormal behavior. WAFs are
available as an appliance, third party plugins as well as software solutions.
These firewalls are recommended for companies that conduct business online
through web applications.
Security policies
The most important aspect is to clearly define a policy and stick to it.
However, security solutions alone aren't enough. You also need well-documented
security policies, and conduct regular assessments of your network. Having a
written policy is always a good idea and we can't stress enough on its
importance. But even more important is to visit them regularly and keep
updating. For instance, consider a scenario where despite having a documented
policy you keep getting recurring security threats. In such a case, you need to
find a solution to the threat and update your security policy defining how to
combat it in future. Besides documentation, you also need to conduct regular
assessments of the security of your network.\
Since your IT infrastructure isn't static, do not expect your security
requirements to remain the same. Security threats keep changing, and so does
your IT infrastructure. Beyond a certain point, even policies and re-assessments
may not work. That's where you need to start exploring security standards.
Today, two key standards exist for information security. These are BS7799 and
ISO 27000 series. Amongst the two, the ISO standard is more popular.