Buying the Security Farm

Written by

The landscape of network security is a world of transition. However, one thing we know for certain is that the threats are becoming more organized, more advanced, and more focused on obtaining one thing: information the attacker can sell.

What do they want? Anything that personally identifies you or can be used to ultimately get to a source of money…. this includes your social security information, address, credit cards, bank information, driver’s license, passport, your customer information, phone numbers, email addresses, social networking accounts, etc.

The use of malware, viruses, or phishing attacks is merely a means to an end of stealing something from the unsuspecting user or business owner that can be sold. With the introduction of new methods of communicating on the web – Web 2.0 – the attacker has that many more ways to ultimately get to your bounty of valuable information.

To further aggravate the problem, the same open doors that attackers use to work their way into your business are the same doors that you, your friends, or your employees may be using for intentional or unintentional use of your network.

Fortunately, taking a strategic view of security will place you on the right road to managing this risk. More specifically, keeping an eye on your network in the same manner that you keep an eye on your front door is going to keep you out of trouble and attuned to the network usage of your business.

For small and medium business, Internet access is a necessity. We need it for email and legitimate business purposes such as web-based accounting, software updates, business information, sales, and engineering. However, that same network pipe can also be used to provide access to a number of additional applications, sites and services that are not critical to your business, and may actually be impeding your business.

Sure, everybody wants to stay abreast of news and sports, but streaming data from ESPN (for example) may be too much for your little network to support, in addition to the critical daily needs of your business. In addition, time on Facebook and Farmville may be pleasant distractions during a busy workday, but do you really want your employees being distracted by status of their friend’s pages all day long?

Although you may consider these web-applications free, they are really an indication of an open door to the Internet through which your employees are spending their time (and your money). In effect, when they are playing Farmville on your network, YOU are the one that is partially buying the farm.

But this is not a criticism of Facebook or Farmville. Business owners need to be aware of the use of their network because it is through other, more mischievous applications, that your employees may be the unwitting contributor to leakage of company data, loss of control of their email, or infection of their PC with a bot that could be used for a variety of data collection activities.

Best practices calls for knowing your network, knowing who is using it, and knowing what it is being used for. Lock down Internet access to those applications that you know you need. Do this by implementing web-filters, spam-filters, and content-filters (for both incoming and outgoing) where your business network connects to the Internet. Then, and only then, should you consider loosening your network policies to allow access to less-critical categories of web applications such as social networking, sports sites, and the like. Furthermore, pay special attention to the actual applications that are being used such as streaming, peer-to-peer sharing, instant messaging, or file transfer. By including a method of monitoring these activities from your company onto the network, you are following the same good business practices you use for monitoring your products being sold, revenue coming in, and costs.

If you are not watching who is coming and going through your network, you could easily be buying the security farm and just not knowing about it until it is too late.

Reposted from the eSoft Security Blog

What’s hot on Infosecurity Magazine?