 |
 |
|
Security Audits - Call PBM IT at (888) 233-6471A Cisco Secure Network Foundation uses many tools to keep customer information from unauthorized users inside or outside the business. Virtual private networks (VPNs) allow small offices and traveling workers to communicate with each other and their head office in complete privacy, even when using the public Internet for transport. The highest user authentication standards ensure only valid users can access the VPN network. Strong encryption technologies make the data unintelligible to anyone attempting to intercept VPN communications across a public network. Firewall and IPS at every network entry point helps stop worms, spyware, or hacker attempts from penetrating the business network to steal information. Firewalls are also useful in preventing internal users from accessing sensitive information. For example, internal firewall policies can prevent unauthorized employees from accessing finance, human resources, or accounting computers, or from viewing their traffic. Virtual LANs (VLANs) allow businesses to further segment internal communications within their organization. Sensitive financial or customer information can be placed on its own VLAN, logically separate from employee LANs. The Cisco Secure Network Foundation helps businesses meet legal requirements for the security and privacy of customer information by protecting the network from security breaches or unauthorized intruders from inside or outside the network. Cisco ASA 5500 Series Adaptive Security Appliances (1) Combine firewall, VPN, and optional content security and intrusion prevention to distribute network security across your operations, (2) Provide threat defense and highly secure communications services to stop attacks before they affect business continuity, (3) Reduce deployment and operational costs while delivering comprehensive network security for networks of all sizes, and (4) Support a wide range of environments from small businesses to large enterprises. Cisco Adaptive Wireless IPS Software (1) Provides automated wireless vulnerability and performance monitoring to deliver visibility and control across the network, (2) Maintains a constant awareness of the RF environment to meet the demands of the largest networks, (3) Automatically monitors for wireless network anomalies and to identify unauthorized access and RF attacks, and (4) Collaborates with Cisco network security products to create a layered approach to wireless security. It's obviously undesirable for an unknown and untrusted person to be able to execute commands on your server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do. This might, then, be all the access that an attacker needs. On the other hand, an attacker might wish to make configuration changes to a host (perhaps changing its IP address, putting a start-up script in place to cause the machine to shut down every time it's started, or something similar). In this case, the attacker will need to gain administrator privileges on the host. In recent years, security needs have intensified. Data communications and e-commerce are reshaping business practices and introducing new threats to corporate activity. National defense is also vulnerable as national infrastructure systems, for example transport and energy distribution, could be the target of terrorists or, in times of war, enemy nation states. On a less dramatic note, reasons why organisations need to devise effective network security strategies include the following: (1) Security breaches can be very expensive in terms of business disruption and the financial losses that may result, (2) Increasing volumes of sensitive information are transferred across the internet or intranets connected to it, (3) Networks that make use of internet links are becoming more popular because they are cheaper than dedicated leased lines. This, however, involves different users sharing internet links to transport their data, and (4) Directors of business organizations are increasingly required to provide effective information security. For an organization to achieve the level of security that is appropriate and at a cost that is acceptable, it must carry out a detailed risk assessment to determine the nature and extent of existing and potential threats. Countermeasures to the perceived threats must balance the degree of security to be achieved with their acceptability to system users and the value of the data systems to be protected. Make network security testing a routine and integral part of the system and network operations and administration. Organizations should conduct routine tests of systems and verify that systems have been configured correctly with the appropriate security mechanisms and policy. Routine testing prevents many types of incidents from occurring in the first place. The additional costs for performing this testing will be offset by the reduced costs in incident response. Evaluation of system security can and should be conducted at different stages of system development. Security evaluation activities include, but are not limited to, risk assessment, certification and accreditation (C&A), system audits, and security testing at appropriate periods during a systems life cycle. These activities are geared toward ensuring that the system is being developed and operated in accordance with an organization’s security policy. This section discusses how network security testing, as a security evaluation activity, fits into the system development life cycle. The standard one-time password dictionary from RFC 1760 helps maintain backwards compatibility with the various deployed systems, however, support for hexadecimal format passwords will also be mandatory to implement. The standard might specify pass phrase quality checks for the secret pass phrase. The standard will be specified so as to eliminate any possible conflict with the Bellcore trademark on the term S/Key. The Cisco Intrusion Prevention System (1) Identifies, classifies, and stops malicious traffic, including worms, spyware, adware, viruses, and application abuse, (2) Delivers high-performance, intelligent threat detection and protection over a range of deployment options, (3) Uses reputation filtering and global inspection to give businesses actionable intelligence and prevent threats with confidence, and (4) Promotes business continuity and helps businesses meet compliance needs. Network administrators can run the grep command against configuration files pulled from routers and firewalls and stored in local directory of their workstation (UNIX or Windows), or use grep statement build into Cisco IOS or ASA. For example, suppose the auditor wants to check the configuration for all telnet statements. The network administrator can run show running-config grep telnet and look through each entry (or without grep, just using include sh run i telnet), filter out addresses and send output to auditor. |
