Hardware and software are key pieces of any organization’s infrastructure. Components in each domain of the seven domains of the IT infrastructure may connect to a network or to the internet, and can be vulnerable to malicious attacks. Malicious attacks on hardware and software can also lead to more widespread problems. These problems can include loss of critical data or theft of financial information or intellectual property.
Unprotected IT and network infrastructure assets can offer attackers and cybercriminals the widest opening to access sensitive resources. The ease of access makes assets that are connected to the internet the most common first point of attack. That means those assets should be you first line of defense. Technical failure and human error are the most common causes of unintentional downtime. Malicious attacks can occur and cause downtime in all seven domains of an IT infrastructure, but you are more likely to see them in the User, Workstation, LAN, and WAN domains.
Opportunity cost is the amount of money a company losses due to downtime. The downtime can be either intentional or unintentional. Some organizations refer to opportunity cost as true downtime cost. It usually measures the loss of productivity experienced by an organization due to downtime. One of the most important things that information security professionals try to protect is their organization’s reputation and brand image. Companies that suffer from security breaches and malicious attacks that expose any assets are likely to face serious negative consequences in the public eye. In the popular usage and in the media, the term hacker often describes someone who breaks into a computer system without authorization. In most cases that means the hacker tries to take control of a remote computer through a network, or software cracking.
The media and the general public also use the word hacker to describe anyone accused of using technology for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or one of many other forms of crime. Protecting an organization’s computing resources requires that you have some idea what tools your enemy will be using. Knowing how attackers work makes it possible to defend against their attacks. Many organizations use the same tools that attackers use to help identify weaknesses they need to address and it is better to do so before an attacker does. Computer criminals and malicious individuals use a number of hardware and software tools to help carry out attacks.
These tools and techniques include: Vulnerability scanners, Port scanners, Sniffers, War dialers, and Key loggers. As with most technology requirements, it is impossible to cover all of your organizational needs with a single machine or program. By the same token, haphazardly bolting together a number of unrelated solutions leaves cracks that only get bigger as time goes on. What’s required is a multi-layered, company-wide approach in which integrated products complement and reinforce each other. In multilayered Network intrusion detection Systems (NIDS) is the first level of protection against remote intruders. NIDS monitor all the communications that come in to and stop those that look suspicious.
This prevents hackers from overloading your server with Denial of Server (DOS) attacks and scanning your ports for vulnerabilities. Next comes the firewall which only legitimate communications (e.g. email, password certified remote users) are permitted to go through the firewall. This prevents unauthorized users from logging into or using your network. Then comes Email Scanning, while an email is technically an authorized form of communication, it may contain objectionable content (pornography, confidential information, overly large files, etc.).
This software scans the contents of the email and rejects those that violate your company policies. Internet Security similar to email, a web site is technically an authorized form of communication. However only certain web sites and downloads are appropriate for the workplace. This software uses internal criteria to limit the sites that can be visited, and scans what is downloaded. After that comes Server Level Virus Scanning which is a strong anti-virus program with updated signature files checks for viruses on every file that is saved to the server and protects against them. This is particularly important for email servers, such as those running MS Exchange.
Workstation Virus Scanning: Not every file is saved on the server. Files from a number of sources – including those from infected floppy disks or downloaded off the internet – are put directly on the local workstation, which therefore requires its own Anti-Virus software. Update Communication Software: From time to time, prospective intruders and virus writers find vulnerabilities in popular types of communication software, such as Microsoft Outlook. When those holes are discovered software fixes or “patches” are made to close the vulnerabilities. It is therefore necessary to be diligent about being aware of these updates and applying them to the software.
THE BEST DEFENSE: – Attentive Employees and Corporate Policies: We can implement many effective technological solutions, but the most essential piece of a secure business is a company of people who understand the various dangers and the role they play in preventing them. One regularly quoted statistic is that 80% of security breaches come from inside the company. Strong security requires strong corporate policies, clear management dedication, and good employee education about risks. 1) General
This MLS plan will give a brief overview of the security strategies that will be implemented at each level of the IT infrastructure. 2) User Domain
a. The usage of security awareness training to instruct employees of Richman Investments security policies b. Auditing of user activity
3) Workstation Domain
a. The usage of antivirus and anti-malware programs on each user computer b. Strict access privileges to corporate data
c. Deactivation of media ports
4) LAN Domain
a. Utilizing network switches
b. WPA 2 encryption to wireless access points
c. Securing server rooms from unauthorized access
5) LAN to WAN Domain
a. Closing off unused ports via a firewall to reduce the chance of unwanted network access b. Monitor inbound IP traffic, more specifically looking for inbound transmissions that show signs of malicious intent c. Run all networking hardware with up to date security patches, and operating systems 6) WAN Domain
a. Enforce encryption, and VPN tunneling for remote connections b. Configure routers, and network firewalls to block Ping requests to reduce chance of Denial of Service attacks c. Enforce anti-virus scanning of email attachments
i. Isolate found malicious software (virus, Trojans, etc.) when found d. Deployment of redundant internet connections to maximize availability 7)
Remote Access Domain
a. Establish strict user password policies, as well as lockout policies to defend against brute force attacks b. Require the use of authorization tokens, have a real-time lockout procedure if token is lost, or stolen c. Encrypt the hard drives of company computers, laptops and mobile device to prevent the loss of sensitive data