Tuesday, May 27, 2014
CERT (www.cert.org/). CERT stands for the Computer Emergency Response Team. CERT, the first computer incident response team ever created, is sponsored by Carnegie Mellon University. If you are interested in securing your computer network you should visit the CERT sight on a regular basis. The CERT site has a wealth of information and documentation including security policies and guidelines, cutting edge research, security alerts and a whole lot more.
SANS institute (www.sans.org/) is my next favorite. The SANS site provides detailed documentation on almost any aspect of cyber security. The SANS institute also offers some awesome classes on various security topics and is respected as one of the best sources of cyber security training and information. In addition, SANS also sponsors many security research projects to further cyber security knowledge and publishes information about the projects on their website.
Microsoft Security Advisor (www.Microsoft.com/security/) is my third recommendation because just about every computer in the world runs on Microsoft products. This site is a portal to all Microsoft security information, tools, and updates and you should definitely visit it often.
F-Secure Corporation (www.f-secure.com/) is another great source of security information. This site provides a great repository for detailed information on virus outbreaks. The site provides notification and detailed information on specific viruses. The information provided includes details on how the virus spreads, how to recognize the virus, and the specific tools you will need to clean your system should it become infected with the particular virus.
As stated, there are many resources for obtaining security information. These are but four of my favorites.
Monday, May 26, 2014
When a leader decides on the security approach his or her organization will use they must decide on how proactive or reactive the system needs to be. The leader makes this decision by deciding on how much the security infrastructure and security policies are dedicated to preventative measures vs. simply responding to a breach after it has occurred.
A passive security approach does not take steps to prevent a security breach, or if it does...very little. On the other hand a dynamic (proactive) security approach takes steps to actually prevent the breach before it happens. AN example of this is using an intrusion protection system (IPS) to detect AND prevent a potential security breach. The IPS can also be used to gather information about the techniques an intruder uses to gain conduct an assessment of your net work.
A perimeter security paradigm focuses on protecting the perimeter of an organizations network. The bulk of the security system might be composed of firewalls, password policies, proxy servers and other types of technologies that tries to lesson access to the network. This is a flawed paradigm as it makes no attempt to secure the internal network systems. The perimeter is secure, but not the network itself.
A layered security paradigm focuses on the perimeter AND the internal systems of the network. The servers, workstations, routers, switches, hubs and other components of the network are secured. One approach to layered security is segmenting the network and then securing each of the segments. This way if the perimeter is compromised the internal systems may not be. Or if one of the segments is compromised the others won't be.
In a real system the best approach will likely be a hybrid approach with elements of each paradigm combined into one layered dynamic highly secure design.