One of the greatest risks to information systems is the threat of unauthorized access. In order to shield a system from attacks,
you must know who is attacking and how - and where the system is most vulnerable.
Minimizing the Risks with a Good Defense
The risks of unauthorized access are best managed with a clearly-defined defensive strategy that combines effective technology tools and user vigilance. Without a clear strategy defining the management of all available resources - including personnel, software and technology - no IT tools will be effective.
The best way to establish a strategy is through risk analysis. A sound understanding of risk will help you to choose the right technology tools to prevent unauthorized access.
Technology Tools
A number of technologies and tools are used to prevent and manage access.
These include:
“Marshal solutions are an important part of a complete strategy to recognize and prevent attacks.”
- Firewalls
- Intrusion Detection Systems (IDS)
- Content security
- Vulnerability assessment
- Software updates (patches and hotfixes)
- Hardened operating systems and applications
Firewalls
A firewall prevents unauthorized access to your network and reduces the risk of an information security breach.
A firewall can detect or prevent many typical network-based attacks by:
- Logging connection attempts and traffic
- Authenticating users trying to make network connections
- Inspecting network packets and tracking the state of connections to ensure they are behaving as expected
- Inspecting application traffic (e.g. email viruses or web pages)
- Protecting internal networks by performing Network Address Translation (NAT)
Firewalls ensure that network traffic of certain types (or from certain applications) is allowed to pass from one network to another according to a set security policy.
Firewalls are available in several forms.
- Software installed on a server/host system
- Appliance (a network device) or
- Feature of other network device (e.g. a router)
Firewall logs produce a large amount of data and turning this data into useful information can be a complex task.
Intrusion Detection Systems
Intrusion Detection Systems (IDS) act as burglar alarms for a network or system. They can identify hacker tools 'casing' the environment, detect the 'rattling of doorknobs' to see if the house is unlocked, hear the 'shattering of glass' as entry is gained, sound the alarm and call the 'police' (or the network administrator). They can also monitor and log forensic evidence to support any legal case.
There are two types of IDS systems.
Host-based
- Installed on servers to identify activity and anomalies and report on server specific problems or activity
- Similar to virus defense software, except the IDS is looking for behavior, rather than patterns, in files
Network-based
- Monitors the network to watch traffic, stop intruders and report on suspicious and unusual activity
You should consider installing an IDS if your organization:
- Suffered a security breach within the last twelve months
- Transacts business through the website
- Wants internal partitioning of your network
- Has a high-profile organization liable to attract malicious attacks
- Has an unattended remote site with ISP links
- Outsources part or all of its IT operations
- Connects to clients or business partners
- Has no permanent, full-time security staffing capability
Content Security
- Firewalls are like the Immigration department at an airport. They check who you are and verify that you are authorized to enter or leave.
- Content security is like Customs: it looks at what you are carrying. Content security looks for items like spam, viruses, pornography, confidential information and excessive bandwidth use.
Content security solutions review the content of email and Internet browsing in real-time. They check for content or activity that is considered to be a security risk or is in breach of acceptable use policies. Content security is sometimes known as content scanning or a content firewall.
Traditional firewalls control WHO has access to your network and what devices they can view. Content security controls WHAT type of data is allowed to enter and leave your network.
Content security software is traditionally used to defend against a variety of common security threats including spam, viruses, phishing, spyware and malicious code.
Vulnerability Assessment
Vulnerability assessment uses scanning software that checks for known security flaws. These products scan your system for known issues using a list like that maintained by the Common Vulnerabilities and Exposures (CVE) project. This means that the vulnerability scanner can only find the problems it already knows about. It does not identify new issues.
To ensure that such scanners are kept up-to-date with the latest problems, users must download regular updates.
Shareware scanners are freely available on the Internet. Vulnerability scans are most effective when used as the basis of a vulnerability assessment, not the totality of it.
Patches and Hotfixes
Most software vendors have websites that provide patches and hotfixes. All systems should be patched to the level recommended by the vendor. Unpatched systems are like an open window into your business.
Many commercial operations and hacker sites provide online databases of known vulnerabilities and exploits.
Hardened Operating Systems and Applications
Hackers are always looking for weak spots. You can reduce these by building your systems using recognized configurations.
Operating systems contain a vast number of settings, features and options. If these are set incorrectly they can lead to easy attack and compromise.
Many default settings are open, insecure or switched off. Security standards must be defined and implemented for all hosts. These will vary for different operating systems.
Vigilance
There is no more effective security control than an informed, vigilant workforce.
Computer systems are best at running repetitive tasks but people are much better at detecting the unusual. Training and educating staff is perhaps the most cost-effective way of managing your information risks and blocking threats.
How Marshal Solutions Prevent Network Attacks
The Marshal content security solution provides enterprise gateway protection against attacks, enabling you to recognize potential attacks and prevent unauthorized access.
Content Security
Marshal offers a gateway content security solution for email and web-based threats designed for all sizes and types of businesses.
MailMarshal SMTP delivers protection from viruses and other email content threats. MailMarshal SMTP also has features to limit the effects of protocol attacks such as Denial of Service (DoS) and Directory Harvesting (DHA).
- WebMarshal provides protection from web-based threats, including viruses, spyware, and other malicious Web content.
Firewall Reporting
Marshal's Security Reporting Center allows you to create easy-to-use reports that highlight the important information from one or more firewalls.
System Hardening
Marshal's content security solutions are installed at the network gateway. They are designed to be robust and resistant to attack. Marshal also provides technical advice about additional measures that can be taken to harden the Marshal solutions and the host systems.
