Академический Документы
Профессиональный Документы
Культура Документы
DATA SECURITY
Establishing and Maintaining a
Security Policy
Today outline
2
Administrative Security
Overall Planning and Administration
Day-to-Day Administration
Separation of Duties
Introduction
3
Backups of your system and all the data stored on your system are
absolutely essential if you expect to be able to recover from a disaster
In a PC environment, many system administrators discover that critical
documents on a user's machine often disappear when a disk fails They
can help protect against this by providing personal folders in common
space on a server.
Some backup rules:
Encrypt your backups if they contain sensitive data.
Keep extra backups off-site in a locked, fireproof location. You don't want a
fire, lightning, or some other disaster to wipe out your system and your
backups at the same time.
Secure your backup tapes or disks in locked areas
Verify your backups. Check periodically to make sure they've been produced
correctly and haven't been damaged in any way
Be sure to delete all data by overwriting what's there; don't just reinitialize
your tapes or disks
If you're throwing backups away, destroy the media first (by burning,
crushing, or shredding.)
Consider buying an automatic backup program that runs full or incremental
backups (without your intervention) every night
Hardware and Software
15
Security Tools
firewall tool, network incursion
An intrusion detection system (IDS), listens to the circuit, taking note if
any unusual activity is taking place a certain user that constantly
connects to a little used disk drive may be storing information there,
either for later theft, or perhaps to be used as a tool in a future incursion.
Intrusion detection systems usually have large libraries of attack
signatures, that is, lists of the steps attackers typically take or have taken
in the past to accomplish some attack. If the pattern of these attacks is
repeated in a system being monitored by the IDS, the IDS will likely stop
the transaction if it can, and place a page or call to an administrator
informing of the attempted attack.
A honeypot, sometimes called a honeynet, is a decoy. It is usually placed
in an unprotected portion of the network as a lure to attackers. While
unauthorized users are checking out the honeypot, their movements are
recorded. This helps further develop the library of attack signatures.
Penetration testing, or pentesting is a programmed, usually automated
series of attacks that administrators carry out on their own network. The
purpose of pentesting is to locate overlooked vulnerabilities
Performing a Security
16
Audit
A security audit is a search through your system for security problems and
vulnerabilities
Check your system files and any system logs or audit reports your system
produces for dangerous situations or clues to suspicious activity. These
might include:
Accounts without passwords
Accounts with easily guessed passwords
Group accounts
Dormant accounts
These include accounts of users who have left your organization, have gone on vacation, or
have moved to a different group or system.
New accounts
Be sure these are accounts you have assigned and not accounts that an intruder has
created.
Default accounts
Many operating systems create "Everybody" or "Guest" or even "Administrator" accounts
automatically
Recent changes in file protection
Suspicious user activity
Basically, this means that a user (or someone using that user's account) is acting in an
unexpected way for example, someone logs in from a number of different terminals, logs in
at odd times of the day or the week, runs protected system programs, transmits or dials out
an unusual amount, uses new networks
Separation of Duties
17