Most of us have heard about the concept of building a defense in depth in order to protect computer resources from black hat hackers. The idea revolves around the use of multiple defenses to thwart, or at least limit, the damage arising from a potential security breach. RELATED: The data breach quiz Given the rapid pace of change in the security sector, some executives may have difficulty naming the specific safeguards that their companies deploy. this guide aims to shed some light on some of the more common aspects of computer security, and also serve as a checklist to identify potential areas upon which to improve. ? 1. Network firewall The first line of defense against unwelcomed visitors would surely be the firewall. At one point, the use of dual firewalls from different vendors was all the rage, though the creation of a DMZ (Demilitarized zone) appears to be more popular these days. Internet-facing servers are typically placed within the DMZ, where they are encumbered by fewer restrictions and lesser monitoring than the internal corporate network. There are actually a few different types of firewall implementations. for example, consumer-grade routers typically make use of Network Address Translation (NAT), which was originally created to address the problem of limited IPv4 routable addresses. Because the identity of hosts is obfuscated, NAT is often said to offer firewall capabilities. At a minimum, a proper firewall typically offers packet filter technology, which allows or denies data packets based on established rules relating to the type of data packet and its source and destination address. Stateful packet filter firewalls conduct what is known as stateful packet inspection (SPI), which tracks active connections to sieve out spoofed packets, a superior approach to the stateless packet filtering firewall. Finally, a firewall operating on the application layer understands application-level protocols to identify sophisticated intrusion attempts. A heightened security awareness and an increase in ecommerce have led more users than ever to use encryption to protect against third-party snooping. Paradoxically, this has resulted in lower visibility of network traffic at a time when more sophisticated malware varieties are resorting to encryption in order to conceal themselves from a casual inspection. ? 2. Virtual Private Network Employees who need to access company resources from unsecured locations such as public Wi-Fi hotspots are a particularly vulnerable group. such workers will be well served by a virtual private network (VPN) connection in order to protect the confidentiality of their network access. A VPN channels all network traffic through an encrypted tunnel back to the trusted corporate network. As a downside, a VPN can be complex for a small business to deploy, and is costly to support due to the overheads of authentication, processing and bandwidth. Moreover, it is also vulnerable to the theft of physical authentication tokens ? or authentication technology, as was the case with the compromise of RSA?s SecurID technology last year. Finally, stolen and lost company laptops with preconfigured VPN settings can become potential gateways for unauthorized access.
How to Build Multiple Layers of Security for Your Small Business
cj wilson coriolanus coriolanus jon corzine v tech the three stooges top model all stars
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.