- Stay in touch. Email is your friend. At the very least, subscribe to the Bugtraq mailing list from Security Focus, which is busy but essential. You will hear about problems here first, although it's a broadly focussed list and you'll also hear about things that don't directly affect you. That's good -- airline pilots call this 'situational awareness', and say it saves lives by bringing up problems before they get bad -- but if you really don't have time then choose one of Security Focus' more tightly defined groups. Also see the CERT Coordination Center, and the Internet Storm Center, for up to date reports on threats.
- Email is also your enemy. Use an email filtering system to check and remove virus infected incoming attachments, dangerous scripts or HTML content. Make sure the users know what the rules are, especially if you also remove 'inappropriate' content by looking for keywords -- this can cause bad feelings and encourage people to find alternative, unprotected ways to get email into and out of the organisation.
- In general, keep users informed about the whys and wherefores of security that affects them, and listen to their concerns. Provide clear, logical security policies, and be prepared to discuss and even change them according to the needs of the users. Even foolproof security can be undone by a determined employee armed with a modem and a mission: making people feel part of the security process encourages their acceptance of the rules. Most security problems are people, rather than technology, related, but disproportionate effort is spent on the technology.
- Have a regular firewall audit. Over time, firewalls become leaky -- someone needs a port opened temporarily for a particular application, and it never gets closed. A good scheme is to schedule a monthly review of the firewalls rule lists, and to have an independent security analyst check it every six months. The reason for every open port should be understood and defensible.
- Keep your operating system and major software updated. When a patch is published, make it a priority to apply it. This absolutely applies to OS updates and service packs as well, even those without immediate security implications, as they may be a requirement for future security fixes. Timetable a weekly window for reviewing the week's security alerts and fixes, to make sure they've been acted upon. If you don't know what patches have been applied in the past -- do an audit and be sure. Do it!
- Put anti-virus software on every computer, and keep it up to date. If a user can touch it, a user can infect it. Floppy disks, CD-Rs, files downloaded from home pages, the modem plugged into the phone extension: the number of ways infected code can enter a computer via user action only increases with time. The worst case scenario -- a trojan horse that spreads around the LAN and breaks through the firewall from inside -- can happen in minutes. AV software and user discipline are the only guards against this, and only AV software is under your control
- Read your logs. Many problems become apparent before they become pressing through unusual network activity, firewall reports or host logs. Review these regularly, and keep up to date with automated tools to help you analyse what can be an overwhelming cascade of information.
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
Talkback
if someone is spying on my network or my pc is it possible to get his IP address and how can i track him
Regards