.gif) |
|
 |
| Network Security |
Many companies find that managing the security of their computer systems provides a
rather unique challenge. While almost everyone agrees that measures need to be taken to
prevent attacks on information resources, most organizations lack the experience and
expertise necessary to successfully manage and address the threats and risks to their
information resources. Netbriar provides a variety of network security services to
help your organization manage the security of your network.
Position, Policy, Procedures
Without a set of adopted security policies and procedures, how can your employees know
what level of security they should be implementing within your organization? Netbriar
has extensive experience helping organizations develop and implement real-world security
policies that define your position on information security, acceptable use, intellectual
property, and other crucial security issues. Netbriar can help you answer questions such as:
- Who represents the greatest threat to our network? Internet-based attacks? Hostile insiders? Former employees?
- How should Internet servers be deployed?
- How should our firewalls be configured?
- Who owns the information within our organization?
- How can we implement a policy of "least privilege" within our network?
- What constitutes acceptable and unacceptable use of the Internet from within our organization?
- Who is specifically responsible for the security of our servers? What measures should they take to secure our servers?
- What specific steps should we take to secure new servers?
- Who provides oversight for the security of our network? How do we know how secure our network is?
Assesment
- What vulnerabilities could an attacker use to gain access to my network?
- What do I need to do to fix these vulnerabilities?
- What is the best way to proceed with fixing the vulnerabilities?
- What should I do to prevent these types of vulnerabilities from reoccuring?
What vulnerabilities could an attacker use to gain access to my network?
Every operating system and software package contains flaws or bugs of varying degrees of
severity. Attackers use these flaws to obtain unauthorized privileges. For instance,
an attacker may use a flaw in a piece of web server software to gain access to a database
and retrieve credit card numbers. It is crucial for you to understand what vulnerabilities
could be exploited on your network, and make sure that they are resolved as soon as possible. The goal of Netbriar's Network Security Assessment is to help you understand exactly how an attacker could get into your systems, and exactly how to keep them out.
What do I need to do to fix these vulnerabilities?
Software manufacturers usually provide security patches to their products that partially
or completely resolve the flaw that attackers exploit. In some cases, the vulnerability
is not the result of a flaw, but of a misconfiguration. It is crucial to know exactly
how to go about fixing each security hole that is discovered in your network. Netbriar
provides detailed information, including step-by-step instructions, on how to resolve
significant vulnerabilites.
What is the best way to proceed with fixing the vulnerabilities?
It's great to know what security issues you have, and how to fix them. Unfortunately,
as many organizations have discovered, it's extremely difficult to resolve all of them
at once. In many cases, hundreds or thousands of minor vulnerabilities may be
present, and fixing them all immediately simply isn't an option. Netbriar helps by
prioritizing and organizing our findings to help you understand what absolutely must
be fixed tomorrow, and what might be able to wait until next week. For organizations
without the necessary IT resources to resolve all of the discovered security holes in a
timely manner, Netbriar can also provide training and project management throughout
the process, as well as additional expertise in securing technologies.
What should I do to prevent these types of vulnerabilities from reoccuring?
Fixing problems today doesn't necessarily mean that they won't reocur tomorrow. The same
security holes that we're seeing today are nearly identical to holes we saw a few years ago.
Very little changes except the details. It is important to identify what general and
specific steps can be taken to lower the risk that the next iteration of the same flaw
will give an attacker a gateway into your network. Network, policy, and procedure changes
can reduce the long-term risk to key information systems. Netbriar recommends these
changes and explains why they make long-term sense to your organization.
Engineering
Netbriar performs a variety of security engineering services that assist customers with
securing their network and implementing new security technologies. In the case of large
customers with thousands of servers distributed across the world, and a large body of
talented IT professionals, the best use of outside expertise may be to define detailed
procedures on configuring and deploying network infrastructure. The internal IS
professionals can then implement the detailed procedures and interface with outside
expertise in the event that complications occur. Many other organizations may lack
either the time or the in-house expertise necessary to address these issues. In these
cases, it may be more efficient to utilize outside expertise to handle the actual
configuration and deployment of network infrastructure.
Education
If it were possible to boil all information security vulnerabilities down to a single root
cause, the easiest cause to identify would be inadequate security education. Why do vendors
continue to have different versions of the same security problem pop up every six months in
their products? Their developers have not been educated adequately on how to develop secure
applications. Why do system administration teams improperly configure servers, enabling
attackers to break into those servers? The system administration team has expertise in
keeping systems running, not defending those systems against hostile attackers.
Security technology vendors traditionally offer a wide variety of courses on how to use
their security products. Unfortunately, these classes are specific to the individual
product in question, and rarely address key issues such as:
- How do I use this product in conjunction with the other products I have deployed in my network?
- How does this work in *my* environment?
- What do I do when Connection X to Location Y goes down?
Netbriar can tailor security training on a variety of technologies to the specific needs
of your organization. Whether it is a half-day class on a new technology or a more intensive
training program for staff members, we help your staff gain the skills they need to manage
the security of your network.
|
|
|
