by May 5, 2003 0 comments

If you really want to protect your network, then you must keep in mind that it’s not a question of if, but when, someone will try to get into it. That’s why it’s important to be prepared.There are many ways to do this, the best being to try to break into it yourself. There are umpteen tools to help you with the task. So, go ahead, use them to attack your network and fish out the vulnerabilities. 

Enforce security policies
Software tools alone won’t be able to protect your network from being attacked. You’ll also need to put policies in place. How do you know that you don’t have a disgruntled employee sending your trade secrets to competition via a free mail account or instant messenger? One way is to monitor all such activities, and the other is to prevent their usage in the company altogether. Phony e-mail ids are a major cause of data being leaked out. So, ensure that all official correspondence is performed through your company’s official e-mail accounts. If the data is critical enough, then provide ways of encrypting its

Look out for trouble
One thing that must be done is to keep track of how your systems behave under normal usage conditions. Anything that causes this normal activity to be disrupted is a signal that something’s wrong. The system’s CPU usage has suddenly shot up, or has become too idle. There is excessive network traffic on your network all of a sudden. Your Web server’s response time is too slow. These are all indicators that something’s wrong. The best thing to do in such cases is to keep a regular track of the log files in all your critical systems. This is a fairly difficult task considering that the log files of even an ordinary desktop could have hundreds of thousands of events logged. This could become a nightmare for medium to large networks. One solution to this problem is to use Intrusion Detection Systems, short for IDS. There are two types of IDS: network- based and host-based. The latter monitors the events and log files from a particular system on the network. As soon as it detects an abnormal activity, it can inform the concerned people of the same, and even dentify the user. The former tracks all network activity and can detect an attack while it’s in progress. 

Delete sensitive data
Ensure that the sensitive data you don’t need anymore is deleted from the system properly. So, ensure that the data doesn’t land up in the Recycle Bin after being deleted, in case you’re using Windows. Keep in mind that, even if you’ve emptied the Recycle Bin, the data is still there and can be recovered using commercially and freely available ‘undelete’ utilities. There are also tools that can completely wipe out the data from a storage source. However, there are ways of recovering data even from a formatted hard drive. In such cases, an easy solution is a low-level format of the drive. 

Good training 
Firewalls are great to keep external intruders who’re using different tools from getting inside your network. Tools like network monitors, IDS, packet sniffers are great to keep a tab of internal network activities. Unfortunately, most corporate espionage goes beyond using these tools. It uses other techniques, such as social engineering, to enter your company. The prime targets for social engineers are new employees, who could easily give away critical information unknowingly over the phone. So, ensure that some simple ground rules are followed such as identification of what information can and can’t be given over the phone, e-mail or other communication channels. 

Anil Chopra

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.