/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsWhat do you have on the network that is valuable and requires security? The answer is data, which travels in various forms (voice, video, data) over the physical network and resides on storage attached to computers.
Threats are specific to the different parts of a network’s anatomy, which include physical cables, computers that have hardware peripherals inter- connected, software such as an OS and application programs that either run as standalone on the system or provide network services. The table below lists the various parts of the network, the possible threat and the result of a successful attack. You will notice that the most susceptible are software related, be it OSs or applications.
/pcq/media/post_attachments/c607405d14db04848e871763c807f644485e62e3039354a18e198d1e785785e0.jpg)
Given that vulnerabilities are a part of a network’s infrastructure and anyone with sufficient networking knowledge can pose a potential threat to your data, it is not necessary that one has to be security conscious only when connected to the Internet. Threats exist within your network; connecting to the Internet merely increases them.
Also, the belief that small organizations do not need to worry about security is a myth. If you have a network within your office and store your data in an electronic form, you’ll need to worry about security. The larger you get, the more you invest in security.
Security needs are different for each organization. Some require only access to their networks be secured, whereas others might need access as well as data security with every bit of data encrypted. The processes required for these are difficult to start with, but get easier
later.
Looking at security as a process, let’s go to the following steps.
Identify your security needs
- What are the potential threats?
- What needs to be secured–access, data or both?
- What is the importance of security vis-Ã -vis your business?
Define a security policy that reflects the above
- Put together a document
- Run it past the management and get it approved
- Hand it over to HR for distribution to each employee
Implement changes required
- Change hardware and software configurations where required
- Test the changed configurations
- Inform the users of the change and what to expect
- Implement the changes
Maintain the secure setup
- Perform regular updates of the software
- Update yourself of vulnerabilities and incidents that happen around the world
- Regularly apply patches to software
- Update users about their responsibility
What is described here are the first level steps towards security. The success of the whole process lies in being stringent and providing users with as simple an operation as possible. Simplifying operations require a great deal of integration of backend functions. If a user were to use four different utilities to read an encrypted e-mail, then the process will not be successful. So, security is really a ‘compromise’ between being secure, user friendly and accessible. The most secure computer, after all, is one with no connections to the outside world, and which no one is allowed to use!
|
Anatomy |
Part |
Possible Threat |
Result |
|
|
Physical Network |
Network Cable |
Physical |
Isolate network segment |
|
| Tapping | Monitor | |||
|
user data, Record |
user data |
|||
| Network Devices
|
Physical device | Physical | Isolate network segments | |
| Device OS software | Denial of service | Isolate network segments | ||
| Power unit | Power off | Isolate network segments | ||
| Computer Systems | OS software | Denial of service | Spurious traffic; data loss | |
| System utils | Software | Spurious traffic; data loss | ||
| Applications | Software | Denial of Service; data loss | ||
To sum up, the process of security needs to be well planned. Networks today are victims of unplanned growth, with users who are not aware of security practices. The security process will require that every user be security aware and disciplined enough to sustain it.
Gopi Krishna Garge is director, Exocore Consulting