Home   About Us   Services   Solutions   Support            
Power Protection
Importance of Security
Threats to Data
Who are the Enemies?
What can the Enemies do?
Penetration Test
Security Policies
Security Tools

Security Policies
When setting up a network, whether it is a local area network (LAN), virtual LAN (VLAN), or wide area network (WAN), it is important to initially set the fundamental security policies. Security policies are rules that are electronically programmed and stored within security equipment to control such areas as access privileges. Of course, security policies are also written or verbal regulations by which an organization operates. In addition, companies must decide who is responsible for enforcing and managing these policies and determine how employees are informed of the rules and watch guards.

What are the policies?
The policies that are implemented should control who has access to which areas of the network and how unauthorized users are going to be prevented from entering restricted areas. For example, generally only members of the human resources department should have access to employee salary histories. Passwords usually prevent employees from entering restricted areas, but only if the passwords remain private. Written policies as basic as to warn employees against posting their passwords in work areas can often preempt security breaches. Customers or suppliers with access to certain parts of the network must be adequately regulated by the policies as well.

Who will enforce and manage the policies?
The individual or group of people who police and maintain the network and its security must have access to every area of the network. Therefore, the security policy management function should be assigned to people who are extremely trustworthy and have the technical competence required. As noted earlier, the majority of network security breaches come from within, so this person or group must not be a potential threat.

How will you communicate the policies?
Policies are essentially useless if all of the involved parties do not know and understand them. It is vital to have effective mechanisms in place for communicating the existing policies, policy changes, new policies, and security alerts regarding impending viruses or attacks.

Once your policies are set, identity methods and technologies must be employed to help positively authenticate and verify users and their access privileges. Identity is the accurate and positive identification of network users, hosts, applications, services, and resources. Identity mechanisms are important - ensuring that authorized users gain access to the enterprise computing resources they need, while unauthorized users are denied access. Secure networks use the authentication, authorization, and accounting (AAA) capabilities of the Access Control Server to provide a foundation that authenticates users, determines access levels, and archives all necessary audit and accounting data.

Making sure that certain areas of the network are “password protected”—only accessible by those with particular passwords—is the simplest and most common way to ensure that only those who have permission can enter a particular part of the network. In the physical security analogy above, passwords are analogous to badge access cards. However, the most powerful network
security infrastructures are virtually ineffective if people do not protect their passwords. Many users choose easily remembered numbers or words as passwords, such as birthdays, phone numbers, or pets’ names, and others never change their passwords and are not very careful
about keeping them secret. The golden rules, or policies, for passwords are:

• Change passwords regularly
• Make passwords as meaningless as possible
• Never divulge passwords to anyone until leaving the company

In the future, some passwords may be replaced by biometrics, which is technology that identifies users based on physical characteristics, such as fingerprints, eye prints, or voice prints.

Digital Certificates
Digital certificates or public key certificates are the electronic equivalents of driver’s licenses or passports, and are issued by designated Certificate Authorities (CAs). Digital certificates are most often used for identification when establishing secure tunnels through the Internet, such as in virtual private networking (VPN).

These services make certain that your information and transmissions are secure and maintain their integrity everywhere in the system. Our security specialists offer up-to-date experience and expertise with encryption and firewall technologies and can provide multiple layers of security and access control as needed.

Eitech offers the most sophisticated methods available to protect your data from unauthorized access anywhere it is traveling, stored or processed in your network. At the same time, these techniques assure the integrity and availability of your data. We review security configurations and suggest alternatives presentations and lead your staff in discussions on commercial security issues from both local and global perspectives.

© Copyright 2002 Eitech. All rights reserved.