CertCities.com -- The Ultimate Site for Certified IT Professionals
Keep on Top of the Latest Certification News: Subscribe to CertCities.com Newsletter Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets


CertCities.com
Let us know what you
think! E-mail us at:



 
 
...Home ... Editorial ... Columns ..Column Story Saturday: April 5, 2014


 Link State Update  
Eric Quinn
Eric Quinn


 More than Secure...
Creating a network security plan that also works for your users.
by Eric Quinn , courtesy of TCPMag.com
9/18/2001 -- Last month, I talked about intrusion detection, but that’s only a small component of the whole kit and caboodle we call security. In order for you to have effective security, it must be planned. What happens if you build a small house with the plan of adding on to it in the future? If you add a single room or maybe a deck, then you’re usually OK. But if you add on four bedrooms, a deck, den, two bathrooms and a fireplace all over the span of 20 years, I’d bet that the house would look funny.

Planning security is essential to ease growing pains as much as possible while keeping your network secure. In my classes, we often allow students to telnet into real equipment to get hands-on experience; however, there are always some students who say they can’t access the equipment we provide because the firewall won’t allow telnet out. This is an example of a security policy hindering the growth of the company.

There are four broad security weaknesses: physical, technological, configuration and policies. Physical security is probably the easiest to do and one of the most overlooked. This includes things like propping the door open, leaving the door unlocked and not locking your PC when you leave it. (Not one of us has ever done that last one!)

Technological security is the toughest to stick with because we have to live with it if we want to use our tools. Does your company like getting e-mail? Then you have to deal with the many holes found within SMTP, TCP and IP. A technology problem is usually solved by a technology solution; so where there are many SMTP commands that aren’t safe, a PIX firewall can filter many of them out.

Configuration security problems are the "Doh!" of the security world. You forgot to require the user to change his password every 90 days or you may have given dial-in access to the wrong user. You have a configuration security problem when the technology does what you want it to, but you either misconfigured it or neglected to configure it.

Policy weaknesses are holes in your corporate policies. You can set the users so they have to change their password every 30 days, not use something similar to anything they’ve used before, and must use at least 10 characters with letters and numbers. This isn't going to fly unless management buys in. Not only does a security policy have to exist to have any chance of working, but everyone must agree with its necessity -- including execs and IT staff. The rank and file tends to rebel when it finds out that certain groups aren’t affected by an oppressive policy.

A security plan will help you bring these four components together so they play nicely with one another now and into the future. You need to identify the direction your company is going and figure out if your current policy will get you there. For instance, your company may be migrating to a pure Voice over IP solution using the Session Initiation Protocol (SIP), but your PIX firewall will break the connections unless you’ve upgraded to software version 6.0.

Security components can be found in many places beyond your typical router and firewall. If you need to terminate many VPN connections, look at a VPN concentrator. If you need to filter certain traffic crossing a 6000 series switch, you can use a VLAN Access Control List or VACL to accomplish this.

Remember, the ultimate goal of security is to secure the network while allowing people to do their jobs. A network can be locked tight -- that’s not a challenge. The challenge is making sure the network is useful while preventing the bad guys from getting in or preventing the bad guys in your network from doing more damage.


Eric Quinn, CCNP, CCDP, CCSI, is a security instructor and consultant. He is also co-author of the CCNP Remote Access Exam Cram by Coriolis Press. He writes the “Link State Update” column for TCPmag.com, and is a contributing editor for CertCities.com. Reach him at .

 


More articles by Eric Quinn:

-- advertisement --


There are 17 CertCities.com user Comments for “More than Secure...”
Page 1 of 2
10/19/01: Arnold says: i must say that i appreciate the clarity of the explanation of security weaknesses. however , how can intentional damage to hardware, software, and networks be prevented. thank you.
2/13/12: Ayse from QvGEnFDwGgMT says: Jon Oltsik, a panrcipil analyst at Enterprise Strategy Group, expounds on Cisco's inability to boost its security revenue.
7/1/13: michael kors outlet from [email protected] says: nice articles michael kors outlet http://www.michaelkorsioutlet.org/
7/4/13: christianlouboutinoutleta.com from [email protected] says: nice articles christianlouboutinoutleta.com http://www.christianlouboutinoutleta.com
7/26/13: cheap Herve Leger outlet from [email protected] says: nice articles cheap Herve Leger outlet http://www.herveleger-outlet.co.uk/
8/30/13: custom nfl jerseys from [email protected] says: thanks for share! custom nfl jerseys http://www.customnflljerseys.com
9/4/13: cheap moncler men jackets from [email protected] says: good articles cheap moncler men jackets http://www.cheapmonclerejackets.org
9/5/13: buy cheap nfl jerseys from [email protected] says: nice articles buy cheap nfl jerseys http://www.buynflljerseys.com
9/9/13: ugg boots sale uk from [email protected] says: nice articles ugg boots sale uk http://uggr-online.eu
9/10/13: moncler jacket outlet from [email protected] says: thank you for share! moncler jacket outlet http://www.monclerejacketoutlet.com
First Page   Next Page   Last Page
Your comment about: “More than Secure...”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top