Four simple security tips
By Robert Bagnall
Concentrating your efforts on simple security helps keep the intruders out and your budgets intact. We all have budget issues, and there is never enough money to get it all done right.
So what to do? Try eliminating the easy things first, things you might otherwise overlook. For example, let's assume you have a well-secured server closet in your organization. All your security systems are inside -- firewall, IDS, authentication server. Now imagine that you boot these systems from the hard drive.
Try this instead: Make a bootable CD with only what you want for a configuration and boot your perimeter and security systems from CD-ROM. This way, you eliminate the ability of an intruder to write to the system files on the hard drive. This stops both the external and internal threat to system reboots and means that access to altering this state must be taken at the server closet -- which is much more easily monitored.
Easing the pain of Web hacks: Try configuring a CD-ROM with an exact copy of the configuration you want for your Web site. Then write a script to refresh the site at specific intervals using the configuration from the disk. In one organization I observed, they refreshed the Web site every 15 minutes. While slowing the site a bit during the day, this policy ensured that even if the site was compromised, it did not stay so for long and allowed the system admins to sleep through the night peacefully.
Cheap, effective security paging: Most of us own cell phones now, particularly the systems and security administrators, because we get pulled from sleep the most for network issues. Many of us come from the old environment too, where pagers and cell phones were carried. With the introduction of Web-capable phones, however, text paging via cell phone is a very simple process and means that pagers no longer have to be purchased or carried. In one of our customers security departments, we instituted the cell phone paging process with a template that populates a pre-formatted message via a Visual Basic program. This lets the receiver know if the issue is critical or FYI with a single glance at his/her phone. Creative security admins, particularly those in smaller organizations with tighter budgets, could even use the VB program to autopopulate messages from the IDS system so that a human would not even need to be involved in the paging process.
Behavior-based malware defense: Tired of having to manage the antivirus efforts across tons of hosts and servers? Are you most often protecting these systems from the users who sit at them? Behavior-based malware defense is your answer. Try supplementing your current signature-file defense with a product such as "Achilles Shield," by InDefense. This perimeter-centered tool stops UNKNOWN code, based upon unacceptable behavior parameters. Yet it is flexible enough to allow you to certify home-grown macros and other code you might use within your enterprise. This is particularly critical as the growth of agent-based and scripting technologies takes more of the tedium from our administration efforts. The product resides on the user's desktop and, since it is behavior-based, does not require frequent updating like the signature-file products. Thus, the management overhead nightmare is greatly reduced as well. I discovered this product during the Melissa virus outbreak and mine was the only system in the organization I was at during the Love Bug outbreak that could continue to operate uninhibited on the network. It's worth its weight in gold, and is very affordable both for consumers and enterprises.
These tips are alive and well in the real world and I hope they help you manage your network defenses more smartly and cost-effectively. Configurations via CD-ROM require frequent updates, to be sure, but the pain of $1 per CD every month or couple of weeks is much more cost effective than dragging systems administrators out of bed at 4 o'clock in the morning to put a Web site back up!
We all face too many problems with too few people and resources. Defending computers smartly by putting the technology at hand to work for us, in simple and effective ways, is the only way we can stay on top of things as the management pain of our enterprises increases.
Information Security Management & Small Systems Security
Author : Jan H.P. Eloff, Les Labuschagne, Rossouw von Solms, Jan Verschuren
Publisher : Kluwer Academic Publishing
ISBN/CODE : 0792386264
Cover Type : Hard Cover
Pages : 256
Published : Sept. 1999
This book presents a state-of-the-art review of current perspectives in information security management and small systems security, focusing on technical and functional as well as managerial issues. It contains the selected proceedings of the Seventh Annual Working Conference on Information Security Management and Small Systems Security, sponsored by the International Federation for Information Processing (IFIP) and held in Amsterdam, The Netherlands, in Sept./Oct. 1999.