Handbook of Local Area Networks, 1998 Edition:LAN Security Click Here! Search the site:   ITLibrary ITKnowledge EXPERT SEARCH Programming Languages Databases Security Web Services Network Services Middleware Components Operating Systems User Interfaces Groupware & Collaboration Content Management Productivity Applications Hardware Fun & Games EarthWeb sites Crossnodes Datamation Developer.com DICE EarthWeb.com EarthWeb Direct ERP Hub Gamelan GoCertify.com HTMLGoodies Intranet Journal IT Knowledge IT Library JavaGoodies JARS JavaScripts.com open source IT RoadCoders Y2K Info Previous Table of Contents Next One aspect of a security breach that you should address is whether you want to track down the offender or if your primary response is just to shut the offender out. Cooperating with law enforcement officials or the FBI may involve leaving the door open, so to speak, so that the attacker can be brought to justice. This approach, however, can pose risks to your site while evidence is gathered about the attacker’s activities. You should pre-determine, then, which course of action you will take and under what circumstances. You should also be aware of what legal recourse you have, in any case, and what computer crime laws might apply to you. Remember that on the Internet, your local laws may not apply to the locale from where the attack is launched. Once your document is complete it should be widely publicized within your organization. Users should have the ability to provide feedback on the policy. After the comments have been addressed and any necessary changes have been made, the policy should again be circulated to all users. Any new employees of the company should receive a copy of the plan. It should not be simply filed away as a completed project but should be viewed as a living document. Now that you have established your security policies, what steps should you take to help protect your environment? One of the most basic and widely used forms of security is through the use of passwords. Passwords are only as effective as the weakest link, however; if users choose very simple passwords or write them down, they can serve as an easy entry into a system. In some environments, password protection is supplemented with devices that provide additional identification, such as smart cards (which may provide you with a one-time password) to fingerprint or retinal scanners. A more detailed discussion of passwords is presented later on in this chapter. Another major consideration at your site is that of viruses. Viruses are spread today in many ways and a virus can be obtained by opening an executable file received in e-mail, on a disk, downloaded from a bulletin board system (BBS), or obtained from the Internet. The best way to protect against viruses is to make virus scanning software available to every user, make sure that it is updated as often as possible, and make sure that people use that tool properly. In addition, write-access to critical servers should be limited where possible and virus-scanning rules strictly adhered to on those systems. One popular defense against possible attacks from the Internet is called a firewall. Just as a firewall in a building helps to protect areas behind it against the spread of flames, a firewall in a networking environment serves to protect the machines behind it against an attack from the outside. The basic idea of a firewall is that all access to and from your network is conducted through a single machine or set of machines. If an attack is being launched against your site, the firewall should be able to keep the attack from reaching any systems inside your network. Furthermore, the network administrator has only to tightly secure the firewall(s) to provide an adequate level of security rather than have to depend upon the ability and willingness of every user to protect their systems. A more detailed discussion of firewalls is presented later in this chapter. Another component that is sometimes overlooked is system backups. It is essential that backups are performed and verified on all of your systems, particularly any repositories with critical information. Backups not only protect you against any hardware errors or natural disasters that may occur, but also allow you to go back to an uncompromised state if an intrusion occurs. In addition, it can serve as a way to track an intruders’ actions on your systems. Now that your policy is in place, and you have examined and modified your security, how do you determine if there has been a security breach? One method is to monitor your systems using some sort of auditing tool, which allows you to monitor the access to, and activity of, your systems. Examining the audit trail will allow you to get a good picture of how your system is used on a day to day basis, so you will be able to recognize something abnormal. User logs should be examined frequently. In some cases, the information in the logs may be tampered with by an intruder and the only clue to an intrusion is noticing that the logs have been suspiciously modified. Even at a site that has extensive security measures in place, a break-in may occur. With a policy in place, at least you will have a clear plan of action; not only will this spell out what needs to be done and by whom, but it can also minimize the damage. During the time after the incident is detected, you should keep a journal of all events that have occurred and all actions that have been taken. This will be vital if the attacker is caught and brought before a court. The system logs and written journal will help you to review the attack, evaluate your responses and policies, and re-visit your level of protection. After the incident is resolved, you can review your site security policy and determine how effective it was. Were there parts that were missing that you can now fill in? Were there contact names that should have been in the document? Are there entire sections that should be rewritten entirely now that you have a greater understanding of what is needed? Whatever the case may be, you should learn from the experience and be more prepared for the future. Previous Table of Contents Next Use of this site is subject certain Terms & Conditions. Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Please read our privacy policy for details.