Information Technology Reference
In-Depth Information
3.2
Security Practices
System administration practices play a key role in network security. Checklists and
general advice on good security practices are readily available. Below are examples of
commonly recommended practices:
x Ensure all accounts have a password and that the passwords are difficult to guess.
A one-time password system is preferable.
x Use tools such as MD5 checksums (8), a strong cryptographic technique, to
ensure the integrity of system software on a regular basis.
x Use secure programming techniques when writing software. These can be found
at security-related sites on the World Wide Web.
x Be vigilant in network use and configuration, making changes as vulnerabilities
become known.
x Regularly check with vendors for the latest available fixes and keep systems
current with upgrades and patches.
x Regularly check on-line security archives, such as those maintained by incident
response teams, for security alerts and technical advice.
x Audit systems and networks, and regularly check logs. Many sites that suffer
computer security incidents report that insufficient audit data is collected, so
detecting and tracing an intrusion is difficult.
Based on the risk management process results, the security policy is the key element in
the design process which is covered in the next section.
4.
DESIGN PHASE
Designing secure networks is the vital step for protecting valuable information.
Designing a secure network is not only performed with technical measures but also with
operational ones. A network is composed of hardware, software, data and people who use
hardware and software and process data. Therefore design of secure systems should
cover all these objects.
Design process can span the whole system, or just a small part of the system. So, the
design does not necessarily cover the whole system. For example, one design process
may suggest a completely new DMZ structure, new software, new hardware and training
programmes. On the other hand, another design process may suggest only the
reconstruction of a firewall. One design process may deal only with people, and another
with just operating systems.
Design is not made only once. Secure design of networks is a countermeasure that is
suggested by risk management. Therefore, an information system always needs to be
redesigned periodically. The period of redesign is basically determined by the risk
management process.
With all these important points in mind, the countermeasures listed below should be
considered in the design of secure networks:
x Using security tested products and boxes
x Using perimeter protection devices and constructing a DMZ
x Using crypto equipment and software
x Establishing policies and procedures
Search WWH ::
Custom Search