The "No Network is 100% Secure" series
- Network Security Consulting -
You can pay a little now or pay a lot later
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
Why is vigilant network security so important?: The GAO recently issued a
report on the Tennessee Valley Authority network stating that the TVA was
seriously lacking in even basic network security provisions such as adequately
configured and deployed firewalls and basic anti-virus protection capabilities.
It was also noted that very little network intrusion activity was being logged
and that even the little that was captured was never actually looked at.
We say this not to slam the TVA but to make a point. Unlike your enterprise, the TVA is required by Federal law to adhere to a lengthy and strict list of security requirements. And being a Federally operated public utility, the TVA is probably more likely than your company to have adequate funds to spend as they see fit to satisfy this mandate. I don't believe that TVA's vulnerabilites to cyber attack are due to disinterest, incompetence or lack of funds. In my experience, attention to the importance of network security frequently requires a major melt-down before the issue becomes a management priority. Possibly this is true at your firm?
Unfortunately, waiting for a major disaster before taking action is not exactly the most proactive posture for forward thinking managers to take. As an IT professional, we assume that you'd prefer to defend against these attacks rather than be on the nightly news explaining to the world what happened after the fact.
Our "No Network is 100% Secure" white paper series: were designed to provide information and raise awareness of the importance of protecting IT enterprises from people and things that are out there in cyber space causing problems. These white papers contain many tips, suggestions and ideas that can be implemented for free or nearly free. If using even a few improves the security of your network our time writing them will be well spent. Even managers who think they are already snug and secure can often find information about threats that they are not protected against and various vulnerabilities that they hadn't thought about before.
We do have selfish motives, of course. Easyrider LAN Pro is a network engineering consultant company that's been doing things like site security audits and consulting in the Portland area for the past 20 years. We would certainly hope that IT professionals would keep us in mind when they have an enterprise security project under consideration. Unlike VARS who make their money selling you stuff, Easyrider LAN Pro is not a reseller and we have no desire to become one. Easyrider LAN Pro has absolutely no financial incentive for any product purchase decisions we might recommend. We work for YOU.... we do not work for software vendors or hardware manufacturers.
Even if you invite us in to do an audit and even if you implement every single suggestion we make, your network still isn't going to be 100% secure. It's a laudable goal but in our opinion is no more obtainable than enjoying sustained 100% uptime. Still... we believe that your network will benefit by us having a look-see. And even if you don't care to implement all of our recommendations or perhaps can't afford to, at least you'll know where your weaknesses are. This would probably be healthier in the long term rather than the warm, comforting feeling of sand covering your ears you may be enjoying now. :)
In the battle to protect your network: If you know the enemy and know yourself you need not fear the results of a hundred battles. -- Sun Tzu quote
Comments, feedback, corrections, amplifications and so on are always gratefully received.
Network Security Audit and PC Tune-up service
Network security white paper series:
High value sites recent hacks
More 2009 hacks in the news
Still more 2009 hacks in the news
Competency Certifications White Paper
Digital Identification Certificates White Paper
ISO/IEC 27005:2008 Standard for Security Risk Management
OpenID White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Conficker White Paper
Phishing White Paper
DNS Poisoning White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Trojan Virus Attacks White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Outsourced IT White Paper
Shelfware White Paper
Just for fun
Last modified March 25, 2009
Copyright 1990-2009 Easyrider LAN Pro