|
Introduction
Businesses of today are no longer limited to geographical areas. They are in fact spanning the globe, with multinational presence. Also the new economic order demands that one should share information both down and up the value chain. With the expanding horizons of businesses comes the crucial issue of forming a communication back bone to enable the employees, vendors, customers, shareholders to share and access the information relevant to each one. These result in the wired organization, which is connected by either its own network or public network or both. With this also come the threats of security. As the whole enterprise is interconnected the threat could be throughout the enterprise.
Enterprise Security
Security of the data, facts, figures, transactions of an enterprise can be defined as enterprise security. An Enterprise Security solution will essentially cover the entire communication channel starting from the client who updates the everyday activity logs on the systems of the organization (internal) and the client who completes similar transactions over a Wide Area Network (WAN) usually the Internet (external) to the Databases, which drive the Application Servers, being updated by these clients. As can be seen from the diagram, Enterprise Security comprises of all the plugs to the different holes or vulnerabilities in the Organization's network.
Click here to check figure on vulnerabilities in an enterprise network.
Components of Enterprise Security
Network Security is put down on paper in the form of a Security Policy, which charts out the different procedures/guidelines to be followed for a secure information exchange network. Firstly, the vulnerabilities are fixed (also known as hardening of the network component). Only then are external components used for providing added security.
Network Security
Any Security solution starts by securing the network layer, the lowest one can get on the OSI stack to hack for data. Routers and switches are first hardened (scanned for vulnerabilities and configured). Network level security is strengthened by using access controls on routers, filtering out unnecessary traffic using firewalls, etc.
Application Security
Application Servers are usually the weak links in an Enterprise Network. The different services running on a server keep a host of ports open, which invite attacks. The hardening procedure will take care of these open ports, eliminating most vulnerabilities. Additional Security measures include implementation of SSL (short for Secure Socket Layer, which establishes an end-to-end encrypted channel between client and the server), external security software from different vendors, enabling additional security mechanisms provided on the application software, etc.
Database Security
Databases represent a crucial information resource of the organization. The motive behind most attacks on these is theft of information. To protect the database servers, access can be restricted to that through the Application Server and securing the channel between the App Server and the Database. Also, the in-built security mechanisms of DBMS packages can be employed.
Different Threats to an Enterprise Network
Sniffer Attack
A packet sniffer is a software application that uses a particular network adapter card to tap data being sent across the physical network wire. By employing a packet sniffer, it is possible to capture all network packets that are sent across a particular collision domain. The kind of data that the hacker is usually looking for is usernames/passwords. Several network applications send data in clear text (FTP, SMTP, and Telnet) and the sniffer application can capture this stream of bits. In a worst-case scenario, a hacker gains access to a system-level user account, which the hacker uses to create a new account that can be used at any time as a back door to break into a network and its resources. Sniffer attacks can be avoided by using encryption, authentication, special anti-sniffer tools, etc.
IP Spoofing
An IP spoofing attack occurs when a hacker inside or outside a network pretends to be a trusted computer. To do this, the hacker uses an IP address, either internal or external that is within the range of trusted IP addresses for a network to which access is provided to specified resources on a network. IP spoofing attacks are often a launch point for other attacks. Once the hacker gains access to the network, he can use this to break into the network resources, launch a DoS attack, etc. IP spoofing can be prevented using access control on routers to filter traffic from all external traffic.
Denial of Service
DoS is the one of the most publicized of all attacks, glamourized also by the infamous attacks on the Servers of Yahoo, eBay, etc more than a year ago. It is also one of the most difficult to completely eliminate. As the name suggests, this attack aims to sabotage a particular service running on a Server and deny requests from clients. DoS attacks can be carried out by attacking a variety of ports, and using newer evolving techniques. Network Administrators have to keep themselves constantly updated on the newest form of attacks on the Internet and protect/harden the Application Server against the new vulnerability.
Password Attacks
Password attacks can be implemented using any of the above-mentioned techniques and also, brute-force attacks, Trojan horse programs, etc. Although packet sniffers and IP spoofing can yield user accounts and passwords, password attacks usually refer to repeated attempts to identify a user account and/or password. These repeated attempts are called brute-force attacks. Security software may be installed on the network, which makes sure that even passwords are not sent across in clear text. A hardening policy will take care that standard username/password combinations are not used. Password policies should be brought in place.
Man-in-the-Middle Attacks
A hacker having access to network packets that come across a network launches a man-in-the-middle attack. This person could be anyone from an internal client who sees an opportunity in selling proprietary information of his organization to a person working for the ISP. Such attacks are often implemented using network packet sniffers and routing and transport protocols. The possible uses of such attacks are theft of information, hijacking of an ongoing session to gain access to private network resources, traffic analysis to derive information about a network and its users, denial of service, corruption of transmitted data, and introduction of new information into network sessions.
Virus and Trojan-horse Applications
Viruses refer to malicious software that is attached to another program to execute a particular unwanted function on a user's workstation. An example of a virus is a program that is attached a system file, which deletes certain files and infects any other versions of similar system files that it can find. A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on the user's workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every user in the user's address book. Then other users get the game and play it, thus spreading the Trojan horse.
Value of Information Security
Awareness about the need for information security has been generated in India in a big way over the last few years. But still, this falls short when seen against the value the firm will attach to its proprietary information. A recent KPMG survey of corporate India threw up interesting facts - Maximum threat was seen from the Internet, 72% think corporate espionage has already affected or will affect their business in the future.
A similar survey by CSI pointed out that- 186 respondents out of 538 computer security practitioners in U.S. corporations reported $377,828,700 in financial losses. (In contrast, the losses from 249 respondents in 2000 totaled only $265,589,940. The average annual total over the three years prior to 2000 was $120,240,180.), the most serious financial losses occurred through theft of proprietary information (34 respondents reported $151,230,100) and financial fraud (21 respondents reported $92,935,500).
Enterprise Security - A Collective Decision
There is no such thing as a 100% safe network. So it is better to have a pragmatic approach and focus on reducing risk rather than focus on eliminating risk all together. This approach improves the usability of the system, provides fairly good security and at the same time does not compromise on productivity. The security is as strong as the weakest link in the network. So, one has to be thorough and pragmatic in the evaluation of the requirements.
Creating the policy will be a group effort, and responsible representatives from different departments should be involved to keep communication flowing. Knowledgeable people, savvy in business requirements, technology and security, are necessary. IT staff members--systems and network administrators--must be involved. The security policy should address the issues in a simple and straightforward manner to avoid misunderstandings and misapplications since most often it comes down to people issues. Senior management has to see the inseparable link between computer and network use and computer and network security. Just as it sees computer, network and telephone costs are part of the investment for doing business, so must it see security costs. Tying security and services together gives an honest picture of the cost while linking the cost of security with the benefits of the service. Security costs can then be seen as a profit enabler.
|
 |
|
|
