This vendor-written tech primer has been modified by Network World to eliminate product promotion, but readers should note that likely will approach the submitter.
Government officials and intelligence of the world were caught off guard and in many cases embarassed and compromised by disclosure of documents relating to the website WikiLeaks.
For security and IT professionals, these losses to serve as an important wake-up call to improve the policies, procedures and safeguards. Here are five key tips to help your enterprise or Government agency not to be the source of the next Wikileak.
UPDATE: Assange of WikiLeaks awaits extradition decision
I. procedures and security policies. Each government organization or enterprise must have policies in place to define who gets access to the information and when. These policies and procedures must be actively maintained and updated and communicated appropriately. Therefore, security policies can be administered by leveraging technology and introduce the tools to protect, enforce, and mitigate risks to the organization.
In October 2010 WikiLeaks case involve some 400,000 U.S. military documents on the war in Iraq, the policy may have limited access to systems containing confidential information to those who had a "need to know".
In environments of highly sensitive information should require strict policy management, monitoring and control of access only to people who have a legitimate need to know. The instruments of governance, risk and compliance (GRC) enable organizations to automate certain aspects of this activity, overlapping security policies and controls on the origins of matching data from switches, routers, security platforms, servers, endpoints and applications, for a real-time view of their compliance status.
However, no policy can be 100% effective, and many organizations will experience someone inside who satisfies the requirement of the policy, have a legitimate need to know, but illegal intentions. In these cases, the safety technology will provide the next level of defence to meet these internal threats.
II. implement security solutions based on the Host. Security solutions include host-based tools that allow an organization to secure and control your desktops and laptops. Examples would be anti-antivirus/antimalware and software that prevents you from using a USB drive or writable CD drive on a computer to a network classified.
Essentially, host-based security protects and limits of what users can do to your workstation. Host-based checks may turn off, for example, network capacity and wired simultaneously, which can serve as an entry point for a hacker.
Solutions to host-based security can be integrated with network access control (NAC) to create a first line of Defense for systems that are regularly in and outside the network, such as portable computers. If a laptop is infected by a virus or if it is missing a security patch is important when you are disconnected from your organization's network security solutions, based on the host, in conjunction with NAC solutions can ensure that systems do is quarantined and clean the virus or receives the appropriate first security patch is allowed on the network.
Prevention of loss III. data (DLP). DLP tools allow an organization to be aware of activity throughout the network. This includes monitoring what comes from the network via e-mail, and file sharing via FTP. An organization can optimize the solution and have the network DLP watch for special events, such as blocking the e-mail that contains sourcecode or credit card or social security numbers.
IV. traffic analysis tools. These tools can look through the network of individual users in aggregate form and see what kind of sites are being visited, with particular emphasis on all sites that allow sharing of files, such as Dropbox, Mozy or YouSendIt. Network administrators may not want or need to block such sites, but it is useful to know, in real time, when a user accesses such sites and for what purpose.
Analysis tools can also detect subversive attempt to extract data from a network. You think a certain way of acting when communicating every device on a network. Network traffic to and from a printer should looks like a printer. If the traffic analysis tool detects a printer looking more like a Linux workstation, then someone may be trying to spoof the IP address of printer in order to take advantage of a data extraction system.
V. log Management & correlation. Almost all online activity leaves a "breadcrumb trail" in the form of log entries--automatic entries on servicers and network devices that users interact with a network. Consequently, in the event of a loss of information, logs will provide easier access to forensic information that can go back a few days or a couple of years. These tools can help determine the origin of flight faster. Important, once you have identified the location that someone has taken to get data out of the network, then new policies and procedures can be created to avoid a repeat occurrence.
When implemented in a corporate environment, all these individual solutions can be centrally managed and monitored. Most can be integrated with the tools of a security incident and event management (SIEM) for a real-time view "single pane of glass" in the security context of the organization. SIEM tools enable organizations to automatically correlate events based on event "signatures"--known combinations of events on multiple security platforms that were previously known to be a violation or attempted violation.
With experience, organizations can create their own signatures based on or developed real threats in your environment. Automatic answer to know events, such as persistent automated attacks--attacks by botnets, or other automated--harmonized attacks may allow an agency to get closer to a network of scraping.
Read more about wide area network in Wide Area Network network in the world.
For more information on the corporate network, go to NetworkWorld. Story copyright 2010 Network World Inc. All rights reserved.src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
No comments:
Post a Comment