Resume of Corporate and Information Systems

Defensive Measures

Defensive against hackers is difficult. The threats are varied, sophiscated, and ever-
evolving, and security is a matter of degree rather than absolutes. There is no master list
against which s company can compare its defenses and, after checking off everything,
declare its infrastructure, elements of fotifications that companies can erect around vital
networks, computers, and systems.

Security Policies

Security policies address questions such as the following:

 What kinds of passwords are users allowed to create for use on company systems,
and how often should users change passwords?
 Who is allowed to have accounts on company systems?
 What security features must be activated on a computer before it can connect to a
company network?
 What services are allowed to operate inside a company’s network?
 What are users allowed to download?
 How is the security policy enforced?

Firewalls

A firewall is a collection of hardware of software designed to prevent unauthorized acces to

company’s internal computer internal resource. Computer users outside a company’s
physical premises often have a legitimate need to access the company’s computers. An
employee who is travelling, for example, may need to access a systems he or she often uses
at work. A primary function of a firewall, then, is to facilitate legitimate interactions between
computers inside and outside the company while preventing illegitimate interactions.

Authentication

Describes the variety of techniques and software used to control who accesses elements of
computing infrastructure. Authentication can occur at many points. Host authentication
controls access to specific computers (hosts); network authentication, controls access to
regions of a network; data authentication controls access to specific data items. Host
authenticatin, network authentication, and data authentication are used in combination.
When used with sophiscated and well-managed directory thecnologis which keep track of
identities and access rights, access can be very granular, allowing, many layers of access
control throught the infrastructure.

Encryption

Renders the contents of electronic transmissions unreadable by anyone who might intercept
them. Modern encryption technologies provide a high degree of protection against the vast
majority of poterntial attackers. Legitimate recipients can decrypt transmission contents by
using a piece of data called a “key” (see the accompanying feature on p. 277). The recipient
tipically possesses the key for decryption as a result of a previous interaction. Like
passwords, keys must be kept secret and protected from social engineering, physical theft,
insecure transmission, and a variety of other techniques hostile forces use to obtain them

Patching and Change Management

A surprising number of attacks exploit weaknesses in systems for which “patches” (fixes)
already exist at the time of the attack. Successful attacks of this kind sometimes represent
administrative failures, but there are also a large number of contributing factors, such as
shortage of IT staff to apply fixes to existing systems, or legitimate concerns about the
unintended negative consequences of a systems patch. Keeping track of the variety of
systems in a company’s infrastructure, their security weaknesses, the available patches, and
whether patches have been applied is nontrivial. Consequently, attacks against known and
presumably patched weaknesses often are successful.

Intrusion Detection and Network Monitoring

Intrusion detection and network monitoring together help network administrators recognize
when their infrastructure is or has been under attack. Network monitoring automatically
filters out external attack traffic at the boundary of company networks. Sophiscated intrusion
detection systems include combinations of hardware probes and software diagnostic
systems.