Information Technology Reference
In-Depth Information
to an internal organizational network. Like a newborn baby, an unpro-
tected system is susceptible to illness passed from other systems without
a strong immunity to resist electronic contagion. A shielded subnet used
only for loading and updating systems can function as a nursery, to allow
systems time for full configuration and malware protection before expo-
sure to other systems.
Secure the Network
Network attacks may come in the form of denial-of-service attacks that
overwhelm service availability through massed service requests, or may
involve the unauthorized interception of data during transport between
systems. Automated network profiling software can allow a would-be
attacker to identify open service ports, unencrypted data transport end-
points, open-text protocols in use, and vulnerabilities in system defenses
due to missing updates or outdated services still in use. Your security
practices should include regular scanning of systems for vulnerabilities
and network traffic for exposed data streams. Encryption between end-
points can aid in protecting data during transport, using solutions such
as Secure Sockets Layer (SSL) website access, virtual private networking
(VPNs) for secured access over Internet and wireless connectivity, or a
public-key encryption infrastructure (PKI) implementation for point-to-
point encrypted data transport, as illustrated in Figure 12.2.
Secure the Data
Encryption and access controls should also be applied to data during stor-
age and backup archival processes, to ensure that physical access to stor-
age media or lost backup tapes does not expose data to unauthorized
review. As I discussed earlier in this topic, mobile devices are at enhanced
risk because of their small size and portability, and on-device encryption
mandates are vital for devices used to conduct organizational business
using data local to the device.
Backup media are alo at similar risk due to size, portability, informa-
tion density and transport practices for offsite disaster recovery backup
protection. Data should be encrypted on backup media to ensure that a
lost tape does not lead to accidental release of sensitive or protected data
