Volume 2, Number 3

March 20, 2006

Technology Report

The Education of the Onion: Security gets smarter.

We've all heard the analogy before; network security should be like an onion. If you peel back (compromise) one layer of security, there is still another that can protect you. Conventional wisdom applied this in the form of network security brought by firewalls, patching, antivirus protection and the like.

Firewalls have been considered the first line of defense for the Corporate Network. They protected machines and only allowed trusted traffic into the network. This helped protect machines by making them not immediately available on the Internet.

But the machines could still be gotten to. This occurred when users surfed the Internet, received email or had virus infected machines connect to the Corporate Network via VPN. The firewall wasn't able to protect the Corporate Network from these attacks.

Advances in firewalls, such as Microsoft's Internet Security and Acceleration (ISA) server allows for advanced stateful packet and application-layer inspection. This helps protect the trusted network from bad web traffic or even from attacks that occur from within VPN traffic. This more advanced solution goes a long way in further protecting the network.

Although these advanced firewalls have gone a long way to protecting the network, they still only protect from attacks from the outside. In other words, the firewall cannot protect attacks brought about through email or from infected machines that are brought on the trusted network.

Many of these types of attacks come from known exploits of the machine's Operating System or applications. With the proliferation of these attacks, the management of these desktops and applications became very important. A number of companies have developed solutions to help with this desktop management. One such program is Windows Server Update Services (WSUS) from Microsoft. These solutions help to strengthen the patch level layer of security.

Scanning incoming email for viruses at the server further help protect the network.

Antivirus is often seen as the last line of defense for the desktop. Antivirus programs block many attacks on the desktops. Unfortunately, the security of a network is only as strong as its weakest link. To ensure the strength of this layer of the onion, centralized management of antivirus is critical. The centralized management of Antivirus programs help to ensure that a network's antivirus signatures are current and that users can not turn off the protection.

Spyware and Popups also now attack desktops very similarly to how viruses used to. These attacks can be thwarted through such methods as Windows XP SP2 Popup Blocker or the Windows Defender program.

Passwords historically have been one of the weaker links of security that haven't been effectively dealt with. In too many instances, users rely on simple passwords or share passwords too readily. How often have you seen a user keep their password written on a post-it note on their monitor? Or, how many of your coworker's passwords do you know?

Administrators can enforce hard security of passwords, thereby making them harder to hack. However, ask yourself, if your average user received a call from the Corporate IT Help Desk asking him what his password was so that IT could debug a problem, would they give it to the friendly person on the other side? How secure are your users with their passwords?

Companies such as RSA Security with their two-factor security have gone a long way to protecting the network from lax users. When using RSA Security, a user needs a token before they can successfully log in. A simple user name and password is no longer sufficient to access secure network resources.

Security has come a long way in the education of the onion. Each layer is stronger and more intelligent, thereby allowing for better and better protection. Of course, we have only touched on a few of the most basic layers of the onion and how to make them stronger. It is an ever evolving battle that IT personnel must stay on top of to protect the corporate resources they are responsible for.

ZAG Offers Beachhead Solutions

ZAG Technical Services, Inc. is proud to announce that it now offers Beachhead Solutions Lost Data Destruction (LDD). LDD allows an administrator to remotely wipe data from a PC when it is lost or stolen. LDD is engineered to protect against many different threats, is easy to deploy, and eliminates the requirements for end-user compliance.

Corporations must protect their data wherever it resides. LDD allows management to control data regardless of its location. This is a fundamental step forward in securing a Corporation's data.

Please contact us if you would like further information about this excellent solution.

This email newsletter was sent to you as a service of ZAG Technical Services, Inc. If for any reason you do not wish to continue receiving them, please send an email to newsletter@zagtech.com and you will be removed from future mailings.