ADVISOR Home Boomer Advisor DataBased Advisor FileMaker Advisor Advisor Basics of FileMaker Pro How-To CDs Advisor Store: Subscriptions & CDs Help
My.ADVISOR.com Sign-In
ID
Password

Member Center / Sign-Up
Go to Article
Advanced Search 
Link to DataBased Advisor 
Submit your How To tips and advice 

EDITOR'S VIEW

Today, More Than Ever, We Must Think About Security

System penetrations are a growing problem. Here's what you can do about it.

By Dr. Bruce V. Hartley, Security Advisor technical editor

The February 2000 denial of service attacks on the Internet highlighted the need for security in your IT environment. This is especially true for all your externally visible systems, such as Web servers and firewall devices, especially if those systems support e-commerce.

The February attacks received a lot of coverage in the press. Viruses continue to be an ongoing issue for your business, as do penetrations where your Web site is defaced or your URL hijacked.

In addition to external threats, internal security breaches continue to be the single largest security concern for businesses. Depending upon the statistics you read, anywhere from 60 to 85 percent of all computer-related crime stems from internal sources.

According to the International Computer Security Association (ICSA), privacy was the single greatest concern of the ordinary, Internet-using public in 1999. This is a valid concern, as shown by the Fourth Annual Computer Security Institute/Federal Bureau of Investigation (CSI/FBI) Computer Crime and Security Survey in 1999, which stated that computer crime is a growing problem for U.S. companies, financial institutions, and government agencies.

It isn't enough to prepare for attacks from the outside. You also have to consider threats from inside your organization. System penetrations by outsiders increased for the third year in a row last year. Unauthorized access by insiders also rose for the third straight year, with 55 percent of the respondents reporting incidents. Those reporting their Internet connection as a frequent point of attack rose to 57 percent in 1999, up from 37 percent in 1996.

According to the ICSA, insiders cause 60 percent of computer abuse. Eighty-five percent of computer break-ins occur internally, and insiders remain the most serious threat to your intellectual property.

The CSI says one of five Internet sites has suffered a security breach, and according to an Ernst & Young Security Survey, over 90 percent of Fortune 500 networks have been hacked.

As a result, it isn't enough that you understand the need for security. You must also understand that security, like any other business function, is a result of numerous technical and administrative mechanisms. There's no silver bullet, magical tool, or product that addresses the entire spectrum of security concerns.

Steps to take

So what can you do to secure your IT infrastructure? Start with the small and work to the large. If you haven't already, evaluate your security needs as they relate to your business needs. You'd be surprised how many companies are unable to determine what data or information they consider proprietary and/or why. Scary. Before something can be protected, you must know you need to protect it. Start with a security policy that identifies and explains your enterprise security requirements. Make sure to address such issues as identification and authentication, password guidelines, malicious software, and standard host/server software settings (for UNIX, Linux, and Windows NT, etc.).

After you know what you need to protect and why, look at the existing architecture. Have you spent tons of money on a firewall but left phone lines uncontrolled? Do you have a demilitarized zone (DMZ)? Is it configured so all communications are brokered by the firewall device? Common architectural problems can lead to significant security breaches.

You also need to evaluate the configuration of existing systems. Do you have the appropriate security features correctly implemented and configured? In many cases, systems are penetrated because available security mechanisms were misconfigured or even turned off. Use controls such as mandatory passwords or minimum password lengths. Consider performing an internal assessment or audit and evaluate your findings against your stated policy.

If you're worried about external penetrations, try one on yourself. You can easily scan your own network with tools freely available on the Internet. The same goes for scanning your telephone lines. In addition to these freeware/shareware tools, you can purchase one of the many commercially available products.

These are very basic steps that many companies overlook when they're implementing enterprise IT solutions. In this issue of INTERNET SECURITY ADVISOR, you'll read about specific steps you can take to protect your network and data, as well as where your risks are.

Today, More Than Ever, We Must Think About Security

No reader comments ... yet.

    What do YOU think about this topic? Share your advice and thoughts using this form.

    Your Name

    REQUIRED : PUBLIC

    Your E-Mail

    REQUIRED : PRIVATE

    Job, Company

    OPTIONAL : PUBLIC

    City, State, Country

    OPTIONAL : PUBLIC

    Your Web Site

    OPTIONAL : PUBLIC

    Your Comment

    Please help everyone by keeping your comments on-topic, using clean language, and not defaming or making personal attacks.


    Your e-mail address is required, but it will not be displayed to the public or given to anyone. See our Privacy Policy. Comments become visible after they pass our spam filter, and spammers and abusers are permanently blocked. Please report spam or abuse.

    Printer-friendly
    page layout

    Keyword Tags: Authentication, Firewall, Monitoring, Network Management, Research, Security, System Management

    ADVISORAMA
    Dear Mom and Dad: I graduated from law school so I no longer have to ask you for money. Now I know how to demand it.
    Refresh (F5) for more   Contribute

    Advisor Solutions

    ARTICLE INFO

    DataBased Advisor

    Print Edition: June 2000, Page 6

    FREE ACCESS FREE ACCESS
    SUBSCRIPTION STATUS
    You are not signed-in. If you are a subscriber to this publication, sign-in above to access locked articles. To subscribe or renew go to www.AdvisorStore.com.

    MORE ADVISOR

    Advisor on Authentication

    Advisor on Firewall

    Advisor on Monitoring

    Advisor on Network Management

    Advisor on Research

    Advisor on Security

    Advisor on System Management

    ARTICLE ACCESS
    = free access
    = subscriber-only
    = not online (on CD or in print)
    = has download

    DataBased Advisor How-To Library by Topic Keywords

    Subscribe to DataBased Advisor Magazine

    Get subscriber online access to articles

    DataBased Advisor Forum

    Free enewsletters on business, technology & lifestyle

    Special Offers

    Subscribe to DATABASED.ADVISOR.com

    Get it all -- every current and past ADVISOR tech/business publication, now all-in-one subscription, with new articles and a huge reference library packed with expert advice, how-to and downloads. Subscribe now to get it all.

    DataBased.Advisor.com

    Subscribe to FileMaker Advisor Magazine

    Read the advanced guide to creating custom business database solutions with FileMaker software. Subscribe now to gain access to all the archives and downloads.

    FileMaker.Advisor.com

    Subscribe to Advisor Basics of FileMaker Pro

    Learn the fundamentals of using FileMaker Pro software. Every issue gives you step-by-step instructions on creating the databases you need. Subscribe now!

    FileMaker.AdvisorBasics.com

    Showcase Your Smarts

    Submit your tips, techniques and advice and let Advisor promote your business and build your career. Show the world what you know!

    AdvisorTips.com
    Site Map Advisor Store Privacy Terms of Use Trademarks Advertising About Advisor Media Advisor's San Diego
    ADVISOR NETWORK
    Advisor Basics of FileMaker Pro | Boomer Advisor | Business Advisor | Business Collaboration Advisor | Business Security Advisor | Caregiver Advisor | Community Advisor | Compliance Solutions Advisor | Computer Advisor | DataBased Advisor | DataBased Advisor | Dogs Advisor | E-Discovery Advisor | Entertainment Advisor | Family Advisor | FileMaker Advisor | Food Advisor | Fun Advisor | Generations Advisor | Health Advisor | HomeLiving Advisor | IBM Lotus Advisor | IBM WebSphere Advisor | Law Tech Advisor | Lifestyle Advisor | Microsoft Access Advisor | Microsoft Office Advisor | Microsoft Pro Development Advisor | Microsoft SharePoint Advisor | Microsoft Visual Basic .NET Advisor | Microsoft Visual FoxPro Advisor | Microsoft Visual Studio Advisor | Mobile Business Advisor | Money Advisor | Novell GroupWise Advisor | Pets Advisor | Recreation Advisor | Retirement Advisor | RV Advisor | Senior Solutions Advisor | Travel Advisor | Work Advisor
    Use of this or any other site, content, product or service of Advisor Media constitutes acceptance of Terms of Use.
    Portions copyright ©1983-2008 Advisor Media, Inc. All Rights Reserved.
    Reuse or reproduction of any portion or quantity of Advisor Media's copyrighted content, in any form, for any purpose, requires written permission.
    ADVISOR®, the ADVISOR logo, and other names and logos that incorporate ADVISOR are registered trademarks, trademarks or service marks of Advisor Media, Inc. in the United States and/or other countries.
    Other trademarks are used for identification, editorial or descriptive purposes and are the property of their owners.
    Hosted by Prominic.NET Website powered by
    LOTUS SOFTWARE
    HARTB09 posted 05/03/2000 modified 01/07/2009 03:42:04 AM ztdbms/ztdbms
    domino-144.advisor.com my.advisor.com 01/07/2009 09:39:27 AM