Security Policy for e-Fence Corporation's Network

Table of Contents

  Abbreviations  II

1  Introduction  1

1.1  How much Security does a Company Need?  1

1.2  Procedure and Analysis Objectives  1

2  Products and Techniques to Enhance Security on e-Fence’s Intranet  2

2.1  What Security Services have to be Provided?  2

2.2  Anti-Virus Software  2

2.3  User Management  3

2.4  Monitoring and Auditing  3

2.5  Hardening the Operating System  4

2.6  Firewalls and Proxy Servers  4

2.7  Web Server Restrictions  6

3  Management and Generation of Performance and Security Reports  6

3.1  Intrusion Detection Systems  6

3.2  Logging  7

3.3  Network Administration and Management Tools  7

4  Secure Document Management Procedure  8

4.1  Document Management System  8

4.2  Cryptography Service  10

4.3  Authentication Service  10

5  Guidelines for Cost Effective Security Implementation Management  11

5.1  Free Measures to Increase Security  11

5.2  Expensive Products to Increase Security  12

6  Conclusion  14

7  References  15

8  Bibliography  16

I

Abbreviations

DOS Denial of Service HIDS Host Intrusion Detection System IDS Intrusion Detection System IIS Internet Information Server LFM Log File Monitor MIF Management Information Format MS Microsoft NIDS Network Intrusion Detection System SIV System Integrity Verifier SMS Systems Management Server SNMP Simple Network Management Protocol TCP Transmission Control Protocol

II

1 Introduction

1.1 How much Security does a Company Need?

A company’s network serves the purpose of delivering information to all employees as fast and as easily as possible. However, the information that is delivered through such an Intranet has to be secured against attack or misuse from outside the organisation as well as from inside the organisation. Since the need of security always conflicts with the need of fast and easy information access, e-Fence has to decide what level of security is appropriate for different types of information.

Of course, total security can never be provided but a company has to consider several threats to its Intranet. These threats include physical threats (e.g. theft or damage of equipment), natural disasters (e.g. damage due to lightning or earthquakes), mechanical breakdowns, viruses and Trojan Horses, and people from outside or within the organisation attacking the network. (Baker, 1995, pp. 7-9). E-Fence has to mitigate these threats with a well-planned security policy.

1.2 Procedure and Analysis Objectives

This report will evaluate a security policy suitable for e-Fence Corporation’s Intranet. Therefore, it will first describe the appropriate techniques and products to enhance security on the Intranet. Then it will show mechanisms to manage and generate performance and security reports on all servers in the company’s Intranet. After that, it will address the deployment of a secure document management procedure and finally it will depict guidelines to implement and manage the security policy in a cost effective way. The report will focus on security means to prevent attacks from people within or outside the organisation and will not address the danger of mechanical breakdown or physical threats.

1

2 Products and Techniques to Enhance Security on e-Fence’s Intranet

2.1 What Security Services have to be Provided?

To ensure a network’s security several different security services have to be guaranteed. These are confidentiality, authentication, integrity, nonrepudiation, access control and availability. Confidentiality means that the company must ensure that no unauthorized person can gain access to confidential data, authentication means that a message must come from the source it claims to be from, integrity means that the data must be secure against unauthorized modification, nonrepudiation means that a message’s sender must be recognizable, access control means that access to specific data can be limited, and availability means that the system should be available all the time. (Stallings, 1995, pp. 10-12). To provide these security services, the threats mentioned in section 1.1 must be mitigated.

2.2 Anti-Virus Software

An important threat to a company’s network comes form viruses, worms and Trojan horses. These can destroy or manipulate software on any machine in the network. Usually they come hidden behind other software and infect computers, from which they can infect more machines in the network. Therefore, it is essential to have anti-virus software to protect the network against these threats. Anti-virus software scans files, detects the hidden viruses, and disables or deletes them. A very good product is the Norton AntiVirus Corporate Edition, which is currently available in version 7.6. This highly sophisticated software is available for different platforms and has many different functions to effectively protect a company’s network against all types of viruses, worms and Trojan horses. Furthermore, its virus definitions are updated on a regular basis, so that the system is always well protected.

2

2.3 User Management

Since there are always many different user accounts on a company’s network, potential attackers can try to use “infrequently-used accounts to breach in the system” (Dridi & Neumann, 2000, p. 112). When the accounts are not used very often, nobody will notice the attackers attempt. Therefore, user accounts must be kept current and old accounts have to be deleted. (Dridi & Neumann, 2000, p. 112) Furthermore, an effective password policy must be used and users must be educated or enforced to chose good, i.e. hard to guess, passwords. Whether a password is good or not can be tested by using password-cracking programmes. Moreover, passwords should be changed on a regular basis. In addition to that, e-Fence should try to create security awareness among its employees. Users should be educated concerning security issues so that they choose good passwords and do not open suspicious email attachments.

2.4 Monitoring and Auditing

A good logging system is essential for the protection of e-Fence’s network. Especially all activities on servers should be saved in log files. These log files can be used to determine whether an attack has happened and sometimes can even uncover the attacker’s identity. However, it is very important to secure log files themselves against attackers to prevent the attacker from deleting them, manipulating them, or stopping the logging mechanism. Therefore, log files should be kept on separate machines, be encrypted, and should be stored in multiple places. Furthermore, the system should produce a warning automatically when the logging function has stopped unexpectedly (Wadlow, 2000, pp. 122/123). Common logging mechanisms are Syslog and Simple Network Management Protocol (SNMP), which are both available on different platforms.

Of course logging alone does not help. Log files must be analysed regularly to determine if attacks have happened and to identify weak spots. Looking at traffic, anomalies in the traffic, and divergences from normal traffic patterns can

3