online computer training, education online, distance learning
 
Resources
  
 
  Articles  
  K Alliance  
  Countrywide Training    

Don’t Allow These Mistakes In Your Network Security

A good defensive strategy in information security includes layers upon overlapping layers to ensure solid protection. By utilizing a mixture of policies, available technology and user awareness and practice, a strong and powerful deterrent is achieved. Companies that fail to set an inviolable foundation find themselves in a breached situation waiting to happen. There are a number of elements a data center and organization can avoid, and strengthen their infrastructure.

One area of improvement arrives when a company takes stock of their possessions, resources, and network configurations. When an organization knows what they have in house and in stock, it makes it very easy to know what is in need of protection. By not knowing exactly what you have executing on your network and how it is operating is a recipe for disaster. The process running in the background during times where it will not be noticed could be a malicious piece of software or back door in your defenses. Following activity logs is a prime source of detecting what is going on behind the scenes.

Risk management is a critical part of information security. In these days and times, having a firewall and antivirus solutions installed is not enough. A false sense of security sets in when the least amount of protection is utilized. While routers and switches, used in conjunction with firewalls and antivirus is a good procedure, there must be a layered defensive scheme built around them.

Security solutions expert Ken Smith, of Forsythe Technology, notes the business needs and compliance of an organization must come before deciding what type of security will suit the requirements of the business."It is the main reason security practitioners are thought to be rigid or not bringing value to the business," he says. "When this happens, users will discover workarounds worse than the original problem."

Another process in need of re-thinking is where a business performs what it needs to meet government policies and standards, then eases back when they have passed the compliance requirements. By relaxing their thought processes, openings still exist in other areas. Excellent security is an ongoing process that changes with the environment. Canadian independent security consultant Timothy Brush states, "The security landscape -- technologies, vendors, attack vectors, vulnerabilities, etc. -- is constantly changing. The latest technology -- firewall, IDS/IPS, identity management systems, vendor-driven technology du jour -- or procedure -- policy, standard, framework, business process -- may increase an organization's security posture for the moment, but probably not a year or five down the road.”

The president of Techtonica Inc. in California, who is also CISM and CISSP certified, said he has witnessed this type of thinking many times. "The biggest problem is typically the view of management. Some of management understands why PCI is needed, but don't grasp the overall risk management. Maintaining attention after the fact is the biggest challenge.”

Users are a part of excellent security if they are aware of how inadequate security damages the overall intent and efforts. Employees are a weak link when an understanding of what they are doing and how they are doing it is missing, especially when outside forces work towards exploiting the unsuspecting individual. Data centers and companies must include their workforce when considering methods to strengthen their infrastructures. Accidental disclosure of information through social engineering happens all to frequently. A workforce policy including what employees can and should not perform on workstations aids in information security.

The Miami located operations and security executive at Bank of America, Gary Bahadur believes it is a number one concern on his list. "Not educating or providing training for the user in basic security measures is a problem. All the security and money spent is useless if the user continues to click on e-mail links, tape the password to the computer and surf porn sights. The biggest bang for the security buck is user education."

Providing an overabundance of access to employees has brought problems to organizations. The network administrator of a Southeast educational facility, Toivo Voll, agrees. "The biggest failure is the lack of management support for the necessary spending and the continuing requirements to have an effective policy on who has authority to do what, who is responsible for granting or denying access, who is responsible for vetting and enhancements, and having it all performed in a way that is not too cumbersome on the operations of the company."

Sometimes data centers give everyone admin level access to cut down the necessary control over who can gain entry into network areas. Swinging the other way and only providing access to senior management also brings problems. Hackers love to attack executives, a technique given the name of ‘whaling’. When a controlled level of security comes from the top, the mindset and culture spreads through the organization. An example of providing too much control to one person became evident in 2008 when a San Francisco network administrator of the Department of Telecommunication Information Services locked the city government out of their information operations.

Security patches exist for a reason. Many businesses fail to keep up with the latest patches and fixes, resulting in an unsecured environment. Verizon ran a study, concluding up to ninety percent of hacks occur when patches run without updates for a time period of six months or more. Verizon also noted breaches did not happen to patches put into place within a month of the attempted breach or attack. Cyber criminals are aware of how slow businesses are in updating fixes and patches, and therefore continue to use their toolbox of exploits to attack the older vulnerabilities. Viruses, worms and related attacks used years ago still bring havoc to un-patched systems. This should also apply to applications, the middleware, and device drivers as well.

Keeping your network environment simple and segmented assists in knowing what your data is doing, and where it occurs. Complex networks are very hard to monitor when and where information needs to be protected. Data centers also need to be able to determine data flows when compliance auditing is conducted.

Information security becomes easier when IT professionals use CISSP training to become security aware, earn their certification, and begin a successful career a globally recognized information security expert. Network security is only one part of the training, obtainable thru the quality K Alliance training course. Telecommunications, access control, risk management, environment security, business continuity, disaster recovery, and operational security are also detailed within the course.

About Us: Online Training Direct is a solutions provider of online computer training. PMP project management training courses instill the topics of the Project Management Book of Knowledge, a must for any manager seeking consistent success and leadership qualities. Online Training Direct contains courses including information security, Microsoft Windows 7 training, Office 2010 training and so much more. Utilize Online Training Direct as your main source of professional tutorials.

 

  
  
  
Articles - Contact - Online Training Direct
Home Page About Online Training Direct Contact Online Training Direct View Online Training Direct's Catalog Try a Free Online Course Demo