One of the thorniest issues in today's wired business world is access to the public networks from desktops. Knowledge workers gain more efficiency by being wired to the network, but that access raises a host of difficulties. This tip, excerpted from MCSE Training Guide (70-220): Designing Security for a Windows 2000 Network,
Irrespective of company property use, legal issues and work-avoidance issues, public network access (and the lack of a policy on its access) raises many security issues that should be addressed. Unsupervised, unprotected and uncontrolled public network access risks the following:
--The introduction of viruses -- Trojan horses, malicious scripts, and so on -- from Web sites, chat rooms or private e-mail.
--Attacks on internal computers by malicious outsiders who use the connection as a point of ingress to network resources.
--The use of compromised company computers in coordinated attacks on Web sites and other companies (such as the distributed denial-of-service attacks in Feb. 2000, which crashed major Web sites).
--Use of company computers for cyberfraud, pornography, or other illegal activity.
--Work stoppage or slowdown due to misuse of privilege, or flooding of corporate networks with data from external networks.
--Exposure of company network information, such as internal addressing schemes, which can be used for attacks.
Although it is impossible to eliminate every risk entirely, you can reduce their probability. To do so, you must focus on the following six areas:
--Protect internal networking address schemes from exposure on the public network.
--Set up server-side configuration to control content access (and level of such access) in the event of a security breach.
--Set up client-side configuration to mitigate the risk.
--Allow only specific protocols to exit and return the organization's boundaries.
--Limit exit and entry points to the network.
--Consider policy, procedure, and politics.
Read more of this excerpt at InformIT.
Related book MCSE Training Guide (70-220): Designing Security for a Windows 2000 Network
Author : Roberta Bragg
Publisher : New Riders
ISBN/CODE : 073570984X
Cover Type : Hard Cover
Pages : 960
Published : Aug. 2000
Exam 70-220, Designing Security for a Windows 2000 Network tests the skills required to analyze the business requirements for security and design a security solution that meets business requirements. Security includes controlling access to resources, auditing access to resources, authentication and encryption. Ideal for you, professionals looking for comprehensive self-study materials to get you through the exam successfully. Years of publishing in this category has shown us that the most asked-for type of study information comes in the comprehensive, study-at-your-own-pace package. New Riders Training Guides, with their objective coverage, emphasis on hands-on knowledge and practice exams, are an ideal tool for this audience.
This was first published in October 2000