Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Set Effective Security Policies at Your Organization David Strom VAR Business Technology Editor June 20, 2002.

Published byMeryl Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "How to Set Effective Security Policies at Your Organization David Strom VAR Business Technology Editor June 20, 2002."— Presentation transcript:

1 How to Set Effective Security Policies at Your Organization David Strom VAR Business Technology Editor June 20, 2002

2 My background Author of “Home Networking Survival Guide” book from Osborne/McGraw Hill Founding Editor-in-Chief, Network Computing Tested numerous networking and security products

3 Things to know before you can set effective policies Problems with existing network and applications infrastructure Issues with products and protocols Ways around the various tools that you are trying to use to lock things down

4 Who is in charge, anyway? Do you have a chief security officer? Does s/he have any real authority? Does s/he have control over corporate directories, network infrastructure decisions, and internal applications development?

5 Look at your exposure from within Network admins who have rights to everything Applications that have access to other applications Users who temporarily gain access outside of their normal departments

6 So let’s look at the following: VPN policies and choices Email policies and issues eCommerce issues Firewalls don’t protect you all the time

7 Role of integrators with VPNs Help with their rollout and configuration Help with remote support and troubleshooting Recommend equipment and configuration Include as part of overall telecommuting application

8 VPN Issue #1: Ease of use VPNs still vexing Matched pair problem Hardware or software choices not always obvious

9 VPN Issue #2: Cable providers don’t like home networks Getting static IPs can be a problem Changing MAC addresses is an issue Administering and supporting a home network is sometimes beyond their abilities or interest … Yet all cable modems come with Ethernet!

10 VPN Issue #3: Providers hate VPNs Well, maybe they are more ignorant than hate them Some don’t include VPNs in their TOS Some do everything they can to discourage their use (frequent IP changes, for example)

11 VPN Issue #4: Remote support Coordinating a VPN roll out for telecommuters can swamp a small tech support department Variations in Windows OS, and non-Windows PCs can be difficult! What if users require more than one tunnel?

12 State of VPNs Software now comes included in residential gateways like Sonic and Netgear Still too hard for the average consumer, and the average business computer user But wider support is inevitable Costs too much and requires some careful justification VPN.net: A new way of establishing VPNs

13 Email policies How accurate is your employee directory? Do outsiders have access to your email system? And for how long? Do terminated employees have access still? How often do employees copy all by mistake?

14 Making email secure Use Notes or Groupwise Don’t run Outlook, Outlook Express Use PGP or SMIME products

15 eCommerce issues Make sure you protect your enterprise network from intrusion Limit user access, isolate servers, lock down scripts, harden servers See www.nwfusion.com/netresources/0202hack1.html

16 Web/database issues Understand security weaknesses and access controls of local database users Understand web/database interaction from security perspective Understand proxy server attacks (ala Adrian Lamo) Block them CGI scripts! Who is root and what can they really do?

17 Common mistakes with payment processing Provide too few or too many order confirmation pages Confusing methods and misplaced buttons on order page Make it hard for customers to buy things Don’t make your customers read error screens

18 ConEd bill payment issue Claim they needed 100,000 customers to break even https://m020-w5.coned.com/csol/main.asp Note: lack of security, anyone with valid account number can see your bill! Try acct no. 434117168910006

19 Preventing credit card fraud Don't accept orders unless full address and phone number present Be wary of different "bill to" and "ship to" addresses Be careful with orders from free email services Be wary of orders that are larger than typical amount Pay extra attention to international orders

20 Ways around firewalls Uroam.com GoToMyPC.com Neoteris, other appliances Remote control software (PC Anywhere, Ccopy, etc.) Wireless LANs!

21 Remote control loopholes Do you even know if they are running? Do port scans for common ports that are used: PC Anywhere: 5631-2 Control IT: 799 Carbon Copy: 1680 VNC: 5900

22 Wireless LAN loopholes Do you even know if they are running? NetStumbler.com: good resource Read this article too.this article

23 Wireless VPN/firewall appliances BlueSocket ReefEdge Vernier Networks Mobility from Netmotion Wireless

24 Conclusions and questions David Strom Technology Editor VAR Business magazine dstrom@cmp.com (516) 562-7151

Download ppt "How to Set Effective Security Policies at Your Organization David Strom VAR Business Technology Editor June 20, 2002."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
PC Anywhere By: Neil Meharu Jewel Libid Pete Ramirez Lynn Hy.

PC Anywhere By: Neil Meharu Jewel Libid Pete Ramirez Lynn Hy.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Rendezvous – a DIY VPN (profiting from mobile access to the enterprise) Rendezvous Server ET bjecvalu O.

Rendezvous – a DIY VPN (profiting from mobile access to the enterprise) Rendezvous Server ET bjecvalu O.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Similar presentations

Ads by Google