Information Technology Reference
In-Depth Information
Malware Defense
Malware defenses and a system-load nursery are excellent starting points
for securing systems against compromise. Threat signatures and antimal-
ware applications require regular updates on a daily (sometimes hourly)
basis. Centralized automated management of malware defenses is manda-
tory beyond a handful of supported systems, while reporting should be
reviewed daily to identify compromised systems for cleansing or wipe-
and-reload service. This is not an area in which to save money at the
expense of quality, because the threat is continuous and includes a high
probability of significantly impacting the C-I-A mandates.
Network Protection
Encryption provides a key function in protection of data transferred
through and stored within the extended enterprise. Additional services
such as intrusion detection systems (IDS) can monitor network traffic
(network-based) or access and application functions within a monitored
host (device-based). These systems can raise an alert when nonstandard
access is identified or when specific attack signatures are detected.
Network firewalls can provide defensive “walls” around protected
subnets, separating network traffic and restricting access between sub-
nets based on access rules and service port constraints. Figure 12.4 illus-
trates a firewall configured to segment a private network into protected
internal services and systems and a public-facing, partially protected
demilitarized zone (DMZ) subnet, separated from the external Internet
by service port restrictions.
Firewall configuration management and log review should be regular
and comprehensive, to ensure that changes to network resources, services,
and use are properly managed to protect network resources from unau-
thorized access.
Defense Against the Unexpected
Quality and risk management disciplines attempt to address the “known
k now n” a nd “ k now n u n k now n” t h re at s to a n enter prise by ident i f y ing risk s,
prioritizing defenses to gain the greatest protection possible using available
resources, and then managing identified risks in the four standard ways:
