Security Policy for e-Fence Corporation's Network

Table of Contents

Abbreviations

1 Introduction
1.1 How much Security does a Company Need?
1.2 Procedure and Analysis Objectives

2 Products and Techniques to Enhance Security on e-Fence ’ s Intranet
2.1 What Security Services have to be Provided?
2.2 Anti-Virus Software
2.3 User Management
2.4 Monitoring and Auditing
2.5 Hardening the Operating System
2.6 Firewalls and Proxy Servers
2.7 Web Server Restrictions

3 Management and Generation of Performance and Security Reports
3.1 Intrusion Detection Systems
3.2 Logging
3.3 Network Administration and Management Tools

4 Secure Document Management Procedure
4.1 Document Management System
4.2 Cryptography Service
4.3 Authentication Service

5 Guidelines for Cost Effective Security Implementation & Management
5.1 Free Measures to Increase Security
5.2 Expensive Products to Increase Security

6 Conclusion

7 References

8 Bibliography

Abbreviations

Abbildung in dieser Leseprobe nicht enthalten

1 Introduction

1.1 How much Security does a Company Need?

A company’s network serves the purpose of delivering information to all employees as fast and as easily as possible. However, the information that is delivered through such an Intranet has to be secured against attack or misuse from outside the organisation as well as from inside the organisation. Since the need of security always conflicts with the need of fast and easy information access, e-Fence has to decide what level of security is appropriate for different types of information.

Of course, total security can never be provided but a company has to consider several threats to its Intranet. These threats include physical threats (e.g. theft or damage of equipment), natural disasters (e.g. damage due to lightning or earthquakes), mechanical breakdowns, viruses and Trojan Horses, and people from outside or within the organisation attacking the network. (Baker, 1995, pp. 7-9). E-Fence has to mitigate these threats with a well-planned security policy.

1.2 Procedure and Analysis Objectives

This report will evaluate a security policy suitable for e-Fence Corporation’s Intranet. Therefore, it will first describe the appropriate techniques and products to enhance security on the Intranet. Then it will show mechanisms to manage and generate performance and security reports on all servers in the company’s Intranet. After that, it will address the deployment of a secure document management procedure and finally it will depict guidelines to implement and manage the security policy in a cost effective way. The report will focus on security means to prevent attacks from people within or outside the organisation and will not address the danger of mechanical breakdown or physical threats.

2 Products and Techniques to Enhance Security on e- Fence’s Intranet

2.1 What Security Services have to be Provided?

To ensure a network’s security several different security services have to be guaranteed. These are confidentiality, authentication, integrity, nonrepudiation, access control and availability. Confidentiality means that the company must ensure that no unauthorized person can gain access to confidential data, authentication means that a message must come from the source it claims to be from, integrity means that the data must be secure against unauthorized modification, nonrepudiation means that a message’s sender must be recognizable, access control means that access to specific data can be limited, and availability means that the system should be available all the time. (Stallings, 1995, pp. 10-12). To provide these security services, the threats mentioned in section 1.1 must be mitigated.

2.2 Anti-Virus Software

An important threat to a company’s network comes form viruses, worms and Trojan horses. These can destroy or manipulate software on any machine in the network. Usually they come hidden behind other software and infect computers, from which they can infect more machines in the network. Therefore, it is essential to have anti-virus software to protect the network against these threats. Anti-virus software scans files, detects the hidden viruses, and disables or deletes them. A very good product is the Norton AntiVirus Corporate Edition, which is currently available in version 7.6. This highly sophisticated software is available for different platforms and has many different functions to effectively protect a company’s network against all types of viruses, worms and Trojan horses. Furthermore, its virus definitions are updated on a regular basis, so that the system is always well protected.

2.3 User Management

Since there are always many different user accounts on a company’s network, potential attackers can try to use “infrequently-used accounts to breach in the system” (Dridi & Neumann, 2000, p. 112). When the accounts are not used very often, nobody will notice the attackers attempt. Therefore, user accounts must be kept current and old accounts have to be deleted. (Dridi & Neumann, 2000, p. 112) Furthermore, an effective password policy must be used and users must be educated or enforced to chose good, i.e. hard to guess, passwords. Whether a password is good or not can be tested by using password-cracking programmes. Moreover, passwords should be changed on a regular basis. In addition to that, e-Fence should try to create security awareness among its employees. Users should be educated concerning security issues so that they choose good passwords and do not open suspicious email attachments.

2.4 Monitoring and Auditing

A good logging system is essential for the protection of e-Fence’s network. Especially all activities on servers should be saved in log files. These log files can be used to determine whether an attack has happened and sometimes can even uncover the attacker’s identity. However, it is very important to secure log files themselves against attackers to prevent the attacker from deleting them, manipulating them, or stopping the logging mechanism. Therefore, log files should be kept on separate machines, be encrypted, and should be stored in multiple places. Furthermore, the system should produce a warning automatically when the logging function has stopped unexpectedly (Wadlow, 2000, pp. 122/123). Common logging mechanisms are Syslog and Simple Network Management Protocol (SNMP), which are both available on different platforms.

Of course logging alone does not help. Log files must be analysed regularly to determine if attacks have happened and to identify weak spots. Looking at traffic, anomalies in the traffic, and divergences from normal traffic patterns can do this (Wadlow, 2000, pp. 255/256). Furthermore, suspicious events should cause an automatic alarm.

In addition to that, the network should be audited on a regular basis. This means testing the network in order to find weak spots. This can be done by the network administrator or by hired hackers, who try to attack the network.

2.5 Hardening the Operating System

To enhance security on the network, e-Fence should choose secure operating systems. Therefore, it makes sense to use Windows NT or 2000 instead of Windows 98 or ME because these operating systems provide higher security standards and better multi user management like access right definitions and group policies. Above all, the operating system has to be kept up to date. Therefore, all available security patches and service packs have to be installed immediately to provide a higher level of security. In addition to that, unused services should be turned off and unwanted ports should be removed to prevent attackers using them for their purposes. A good thing is to remove the built-in administrator account and give the administrator rights directly to the corresponding person’s account. This is a good measure against potential attackers because they usually know that the standard administrator account exists by default on all NT systems, which makes this account popular for attacks. Furthermore, guest accounts should be disabled and screensavers should be secured by using the “Password Protected” option, which automatically locks a workstation when the screensaver launches.

2.6 Firewalls and Proxy Servers

Firewalls and proxy servers provide quite similar services. However, in general a firewall provides more security services whereas a proxy server focuses on providing an Internet connection for a network and caching websites to increase performance. However, neither firewalls nor proxy servers can protect the system from attacks from inside the organisation, which make up nearly 80% of all attacks (Graham, 2000, section 2.5).

Apart from the caching function, proxy servers provide some basic security and control mechanisms because they can filter packets and create log files and because “proxy servers hide the inner details and specifics of your network’s layout and architecture” from potential hackers outside the network (Edwards, 1997, Chapter 13, p. 1). Moreover, a proxy server can be used to block user access to certain domains.

A firewall acts as an interface between the protected internal network and other networks. Firewall software should be installed to filter information coming through the company’s Internet connection. It can be used to block any communication with certain IP addresses or domain names. Furthermore, a firewall provides address translation and hiding. This means that internal IP addresses are translated into one external visible IP address. This prevents potential attacker from gaining information about the internal network and reduces the number of IP addresses on the Internet. Additionally, good firewall software provides automatic operating system hardening by shutting down unnecessary services and patching security holes (Symantec Corporation, 2001). A further feature of firewall software is authentication of users who attempt to log on to the network. Since an authentication based on IP addresses is very insecure because of spoofing, the firewall authentication mechanism should be password based. Normally, firewalls also provide some logging features to keep record of every successful and unsuccessful connection attempt to or through the firewall as well as to track Internet usage within the company (Symantec Corporation, 2001). When detecting an unauthorized connection attempt the firewall software should notify the administrator.

Apart from the features mentioned above, firewall and proxy software can be used to block certain content, which can stop employees from browsing unwanted websites.

[...]