Security Deployment… What to consider
Before Deploying an effective security mechanism, consider the following:
1. What resources are you trying to protect?
2. Determine the host-specific security measures needed. Password protection, file encryption, firewall, etc…
3. Consider the corporate budget when planning for Internet Security.
4. Design a Security Policy that describes your organization's network security concerns. This policy should take into account the following:
Risk analysis involves determining the following:
- What you need to protect
- What you need to protect it from
- How to protect it
- Estimating the risk of losing the resource
- Estimating the importance of the resource
5. Consider the following factors to determine who will grant access to services on your networks:
6. Design and Implement Packet Filter Rules
7. Ensure your Firewall has the following properties:
8. Educate users about password protection:
9. Security-related organizations play an integral role in the development and deployment of Internet technologies. Keep abreast of the latest in security-related activities by visiting their Web sites. Here are some key security-rated organizations which aid corporations such as yours in keeping the Internet a safer place to compute:
ACM/SIGSAC at gopher://gopher.acm.org/.
CERT (a 24-hour Computer Emergency Response Team) at: ftp://info.cert.org/pub/cert_faq and http://www.sei.cmu.edu/SEI/programs/cert.html.
CIAC (U.S. Department of Energy's Computer Incident Advisory Capability) at: http://ciac.llnl.gov/
CPSR (Computer Professionals for Social Responsibility) at: http://cpsr.org.home
EFF (Electronic Frontier Foundation) at: http://www.eff.org/
EPIC (Electronic Privacy Information Center) at: http:/epic.org/
FIRST (Forum of Incident Reponse and Security Teams) at: http://first.org/first/
Internet Society at http://www.isoc.org/
Important Internet Security Issues
Authentication:
There are two types of authentication:1) TCP/IP (such as Telnet and FTP.TCP/IP and
2) Messages, transactions and E-mail that require authentication of source.
Confidentiality:
Encryption provides security for private or secret information included in E-mail, FTP and electronic commerce.Data Integrity:
Assures that data has not been altered during transmission over the Internet and protects FTP or E-mail files for transmission over the Internet.Proof of Origin:
Protects against the sender falsely denying sending the data or the recipient from falsely denying receiving the data.Internet Access:
A gateway may be required to intercept and examine messages from and to the Internet.
Recommended Reading About Internet Security
Actually Useful Internet Security Techniques By
Larry J. Hughes, Jr.
New Riders Publishing
Building Internet Firewalls By D. Brent Chapman
and Elizabeth D. Zwicky
O'Reilly & Associates, Inc.
Firewalls and Internet Security By William R.
Cheswick and Steven M. Bellovin
Addison-Wesley Publishing Company
Internet Firewalls and Network Security By
Karanjit Siyan, Ph.D., and Chris Hare
New Riders Publishing
Microsoft® Windows NT™ Resource Kit,
Version 3.51 Update
Microsoft® Press
Network & Internet Security By Vijay Ahuja,
Manager, Network Securities Products, IBM Corporation
Academic Press, Inc.
Practical UNIX® Security by Garfinkel and Spafford
Windows NT™ Security Guide By Stephen A.
Sutton
Trusted Systems Services, Inc.
Practical Unix & Internet Security
O'Reilly & Associates