|
Security Policies
When setting up a network, whether it is a local
area network (LAN), virtual LAN (VLAN), or wide
area network (WAN), it is important to initially
set the fundamental security policies. Security
policies are rules that are electronically programmed
and stored within security equipment to control
such areas as access privileges. Of course,
security policies are also written or verbal
regulations by which an organization operates.
In addition, companies must decide who is responsible
for enforcing and managing these policies and
determine how employees are informed of the
rules and watch guards.
What are the policies?
The policies that are implemented should control
who has access to which areas of the network
and how unauthorized users are going to be prevented
from entering restricted areas. For example,
generally only members of the human resources
department should have access to employee salary
histories. Passwords usually prevent employees
from entering restricted areas, but only if
the passwords remain private. Written policies
as basic as to warn employees against posting
their passwords in work areas can often preempt
security breaches. Customers or suppliers with
access to certain parts of the network must
be adequately regulated by the policies as well.
Who will enforce and manage the policies?
The individual or group of people who police
and maintain the network and its security must
have access to every area of the network. Therefore,
the security policy management function should
be assigned to people who are extremely trustworthy
and have the technical competence required.
As noted earlier, the majority of network security
breaches come from within, so this person or
group must not be a potential threat.
How will you communicate the policies?
Policies are essentially useless if all of the
involved parties do not know and understand
them. It is vital to have effective mechanisms
in place for communicating the existing policies,
policy changes, new policies, and security alerts
regarding impending viruses or attacks.
Identity
Once your policies are set, identity methods
and technologies must be employed to help positively
authenticate and verify users and their access
privileges. Identity is the accurate and positive
identification of network users, hosts, applications,
services, and resources. Identity mechanisms
are important - ensuring that authorized users
gain access to the enterprise computing resources
they need, while unauthorized users are denied
access. Secure networks use the authentication,
authorization, and accounting (AAA) capabilities
of the Access Control Server to provide a foundation
that authenticates users, determines access
levels, and archives all necessary audit and
accounting data.
Passwords
Making sure that certain areas of the network
are “password protected”—only
accessible by those with particular passwords—is
the simplest and most common way to ensure that
only those who have permission can enter a particular
part of the network. In the physical security
analogy above, passwords are analogous to badge
access cards. However, the most powerful network
security infrastructures are virtually ineffective
if people do not protect their passwords. Many
users choose easily remembered numbers or words
as passwords, such as birthdays, phone numbers,
or pets’ names, and others never change
their passwords and are not very careful
about keeping them secret. The golden rules,
or policies, for passwords are:
• Change passwords regularly
• Make passwords as meaningless as possible
• Never divulge passwords to anyone until
leaving the company
In the future, some passwords may be replaced
by biometrics, which is technology that identifies
users based on physical characteristics, such
as fingerprints, eye prints, or voice prints.
Digital Certificates
Digital certificates or public key certificates
are the electronic equivalents of driver’s
licenses or passports, and are issued by designated
Certificate Authorities (CAs). Digital certificates
are most often used for identification when
establishing secure tunnels through the Internet,
such as in virtual private networking (VPN).
These services make certain that your information
and transmissions are secure and maintain their
integrity everywhere in the system. Our security
specialists offer up-to-date experience and
expertise with encryption and firewall technologies
and can provide multiple layers of security
and access control as needed.
Eitech offers the most sophisticated methods
available to protect your data from unauthorized
access anywhere it is traveling, stored or processed
in your network. At the same time, these techniques
assure the integrity and availability of your
data. We review security configurations and
suggest alternatives presentations and lead
your staff in discussions on commercial security
issues from both local and global perspectives.
|
|