Stop that Intrusion, before it stops You!

Intrusions are a key issue in managing IT security. Do you use IT? Even if you’re not a security pros or experts, an awareness of security issues always helps. So what are intrusions? And what should we do to ensure our computing is safe from intrusions?
Individuals and management of organizations must determine the controls necessary to deter, detect, and respond to intrusions, consistent with the best practices of information system operators. The following are some tips and controls that should protect you and your organization from intrusions.

Authentication: Authentication provides identification by means of some previously agreed upon method, such as passwords and biometrics. Biometrics means a method of identifying a person's identity by analyzing a unique physical attribute. The means and strength of authentication should be commensurate with the risk. For instance, passwords should be of an appropriate length, character set, and lifespan, Lifespan of a password is the length of time the password allows access to the system.

Generally speaking, shorter lifespan reduce the risk of password compromises for the system being protected. Employees should be trained to recognize and respond to fraudulent attempts to compromise the integrity of security systems. This may include "social engineering" whereby intruders pose as authorized users to gain access to bank systems or customer records.

Installation and Update of Systems: When an organization acquires and installs new or upgraded systems or equipment, it should review security parameters and settings to ensure that these are consistent with the intrusion risk assessment plan. For example, the organization should review user passwords and authorization level for maintaining "separation of duties" and "need to know" policies.

Once installed, security flaws to software and hardware should be identified and cleared through updates or "patches"

Continuous monitoring and updating is essential to protect the organization from vulnerabilities. Information related to vulnerabilities and patches is typically available from the vendor.

Software Integrity: Copies of software and integrity checkers are used to identify unauthorized changes to software. Integrity checkers use logical analysis to identify whether a file has been changed. Organizations should ensure the security of the integrity checklist and checking software. Where sufficient risk exists, the checklist and software should be stored away from the network, in a location where access is limited.

Companies should also protect against viruses and other malicious software by using automated virus scanning software and frequently updating the signature file. The signature file contains the information necessary to identify each virus to enable identification of new viruses.

Attack Profile: Frequently systems are installed with more available components and services than are required for the performance of necessary functions. Maintaining unused features may unwittingly enable network penetration by increasing the potential vulnerabilities. To reduce the risk of intrusion, institutions should use the minimum number of system components and services to perform the necessary functions.

Modem Sweep: while access to a system is typically directed through a firewall, sometimes modems are attached to the system directly, perhaps without the knowledge of personnel responsible for security. Those modems can provide an uncontrolled and unmonitored area for attack. Modems that present such vulnerabilities should be identified and either eliminated, or monitored and controlled.

Intrusion Identification: Real-time identification of an attack is essential to minimize damage. Therefore, management should consider the use of real-time intrusion detection software. Generally, this software inspects for patterns or "signatures" that represent known intrusion techniques or unusual system activities.

It may not be effective against new attack methods or modified attack patterns. The quality of the software and sophistication of an attack also may reduce the software's effectiveness. To identify intrusions that escape software detection, other practices may be necessary. For example, one can perform visual examinations and observations of systems and logs for unexpected or unusual behaviors as well as manual examinations of hardware. Since intrusion detection software itself is subject to compromise, companies should take steps to ensure the integrity of the software before it is used.

Firewalls: firewalls are important component of network security and can be effective in reducing the risk of a successful attack. The effectiveness of a firewall however, is dependent on its design and implementation. Because mis-configurations, operating flaws and the means of attack may render firewalls ineffective, management should consider additional security behind the firewall, such as intrusion identification and encryption.

Employee and Contractor Background Checks: Management should ensure that information technology staff, contractors, and others who can make changes to information systems have passed background checks. Management also should revalidate periodically access lists and logon IDs.

Are you doing enough to protect your IT infrastructure from intrusion? I hope the above will serve as a useful guide that helps you enhance your IT security.

By:

Apata Mukaila

Mukaila Apata is a System Auditor and Security Administrator with over 18years
of experience in banking systems, programming and system analysis. In addition
to his System Audit function, he has a strong background in Unix, Relational
database management software and Globus banking software.
Drop him a line.

For more IT Security  Resources, Anti-Virus Vendors, Corporate Security Resources, IT Security Articles, Computer and Internet Fraud, IT Security certifications & Career and Internet Policy Guide, Click Here:

http://www.jidaw.com/itsolutions/security3.html

Page Top

Get IT Updates, Tips, Career guides in your FREE Newsletter. Plus regular news on Nigeria's IT &Telecoms