Most of us think of security as restricting unwanted access to our assets so we have:
-
Privacy - No one can have access to our assets without our approval.
-
Integrity - Our assets are not modified or damaged in any way without our approval.
-
Authorization - We let some people have access and not others.
-
Authentication - We make sure the people that do have access are really who they say they are.
This is the foundation of security but in the context of securing intellectual property, these are just the building blocks of securing property. In the context of securing an information system in addition to the above, security should includes:
- Recovery Strategies - Recovering from catastrophic events.
- Handling Hostile Attacks - Countermeasures and Evading Hostile Attacks both internal and external.
- Hardening Computer Systems - Reduction of the vulnerabilities to potential loss of service or contents of that system.
- External Network Access Protection - Both inbound and outbound
Recovery Strategies
Recovery strategies so that systems can rapidly be operational again after an event may include one or more of the following:
-
Redundant systems are located in separate geographic locations.
-
Action plan to acquire replacement systems or parts as a backup.
-
Action plan to install, configure and reload data from backup.
Typically, the central strategy is to have a good back-up strategy (no back-up, no recovery). Recovery may constitute full or partial recovery.
Handling Hostile Attacks
Requests for services that are unwanted can be defined as attacks. This is true whether it is a person or a machine. There are both passive and active measures that can be used to handle attacks in different levels.
Hardening Computer Systems
Hardening of a computation system is the reduction of the vulnerabilities that may result in potential loss of service or contents of that system. Hardening typically looks at the following vulnerabilities:
-
File System Permissions
-
User Accounts
-
Services and active processes
-
Device access
External Network Access Protection
Network access is typically broken down into external and internal network accessibility. External access is usually an access between public and the internal private network of the owner. Internal access is typically an access within the owners network topology. From the viewpoint of the owner, the security risks of external availability is seen to be higher. This is typically a weakness in the overall security of the system because almost 50% of system attacks come from inside the owner's network. There are several solutions available:
-
Have no physical access to the network.
-
Have an access point that allows access out only.
-
Have an access point that allows internal as well as external requests to the services.
Option 1, is usually not a viable solution for today's corporation that must move to reducing cost as well as competing in a global market place. Employee's need to access public information, customers and business partners need access to the companies information.
Option 2, allows people and systems internal to the organization to access the Internet but customers cannot access the companies information. Still a severe restriction in hyper-competitive markets.
Option 3, is the the most viable solution and is how 99% of businesses operate today. Typically, the access point is a firewall system that can be configured to allow various connections in and out of the internal network.
