 |
 |
|
Computer Worm Protection - Call PBM IT at (888) 233-6471Information theft is big business today. Malevolent hackers break into business networks to steal credit card or social security numbers for profit. Small and medium-sized businesses are at risk because they are seen as an easier mark than large corporations. Protecting the perimeter of the network is a good start, but it is not enough, since many information thefts have help from a trusted insider, such as an employee or contractor. Information theft can be costly to small and medium-sized businesses, since they rely on satisfied customers and a good reputation to help grow their business. Businesses that do not adequately protect their information could face negative publicity, government fines, or even lawsuits. For example, new consumer laws enacted in California require any business that suspects customer information has been viewed by unauthorized people must notify ALL their customers. Any security strategy must prevent theft of sensitive electronic information from both inside and outside the business. Cisco IronPort Web Security Appliances (1) Integrate industry-leading web-usage controls, reputation filtering, malware filtering, and data security, (2) Take advantage of Cisco Security Intelligence Operations (SIO) and global threat correlation technology to help optimize threat detection and mitigation, (3) Combine multiple layers of web security technology to combat complex and sophisticated web-based threats, and (4) Support built-in management capabilities to simplify administration and provide visibility into threat-related activity. For over a decade, Cisco and netForensics have provided organizations with best-in-class solutions that enable real-time security visibility, rapid threat response, and compliance with complex regulatory mandates. netForensics products seamlessly integrate with Cisco security and networking products, as well as a broad array of multi-vendor technologies to deliver true end-to-end threat management. It's obviously undesirable for an unknown and untrusted person to be able to execute commands on your server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do. This might, then, be all the access that an attacker needs. On the other hand, an attacker might wish to make configuration changes to a host (perhaps changing its IP address, putting a start-up script in place to cause the machine to shut down every time it's started, or something similar). In this case, the attacker will need to gain administrator privileges on the host. An effective security strategy will of necessity include highly technical features. However, security must begin with more mundane considerations which are often disregarded: for example, restricting physical access to buildings, rooms, computer workstations, and taking account of the messy aspects of human behavior, which may render any security measures ineffective. I shall remind you of these issues at appropriate points in the unit. Make network security testing a routine and integral part of the system and network operations and administration. Organizations should conduct routine tests of systems and verify that systems have been configured correctly with the appropriate security mechanisms and policy. Routine testing prevents many types of incidents from occurring in the first place. The additional costs for performing this testing will be offset by the reduced costs in incident response. Computer systems today are more powerful and more reliable than in the past; however they are also more difficult to manage. System administration is a complex task, and increasingly it requires that system administration personnel receive specialized training. In addition, the number of trained system administrators has not kept pace with the increased numbers of networked systems. One result of this is that organizations need to take extra steps to ensure that their systems are configured correctly and securely. And, they must do so in a cost-effective manner. One form of attack on computing systems connected to the Internet is eavesdropping on network connections to obtain login ids and passwords of legitimate users [RFC 1704]. Bellcore's S/KEY(TM) one-time password system was designed to counter this type of attack, called a replay attack [RFC 1760]. Several one-time password implementations compatible with Bellcore's S/KEY (TM) system exist. These implementations are increasingly widely deployed in the Internet to protect against passive attacks. The Cisco Intrusion Prevention System (1) Identifies, classifies, and stops malicious traffic, including worms, spyware, adware, viruses, and application abuse, (2) Delivers high-performance, intelligent threat detection and protection over a range of deployment options, (3) Uses reputation filtering and global inspection to give businesses actionable intelligence and prevent threats with confidence, and (4) Promotes business continuity and helps businesses meet compliance needs. he Cisco Works Network Compliance Manager (NCM) is a possible solution for Cisco based network (commercial, not free). NCM tracks compliance with a broad variety of regulatory, IT, corporate governance, and technology best practices. It has a sophisticated search capability. |
