You only have to look at the daily newspaper to see that computer-based attacks are on the rise. To make matters worse, not all attacks are well publicized.
Why security matters more than ever?
- Maintain Reputation - Today's security challenges put organizations at risk. One data breach can ruin your positive reputation with customers, investors and the marketplace.
- Protect Business Information - Information is at the core of every organization. The availability, integrity, and confidentially of critical data and assets must be protected wherever they reside.
- Meet Regulatory Compliance Requirement - Every company is subject to some sort of regulation, often related to privacy and protection of customer information. Compliance dictates strong and thoughtful security.
The attack can come from outside the organization or from inside. In fact, some studies state that as much as 70 percent of all attacks come from someone within an organization or from someone with inside information (such as an ex-employee).
Network Security - Build a network security infrastructure that inherently detects and blocks invasive software attacks and intruder access
Following describe security solutions help you with securing your network:
A firewall is a system that enforces an access control policy. Once you have determined the levels of connectivity you wish to provide, it is the firewall’s job to insure that no additional access beyond this scope is allowed. It is normally placed between a protected network and an unprotected network and acts like a gate to protect assets to ensure that nothing private goes out and nothing malicious comes in.
The firewall is also support in IPsec encryption (Site-To-Site and Client-To-Site VPNs)
Encryption helps to insure that the information within a session is not compromised. This includes not only reading the information within a data stream, but altering it, as well.
NAC (Network Access Control)
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.
Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.
When a computer connects to a computer network, it is not permitted to access anything unless it complies with a set standard, including anti-virus protection level, system update level and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the standard is met, the computer is able to access network resources and the Internet, within the policies defined by the NAC system.
IPS (Intrusion Prevention System)
IPS is a network security appliance that monitors network traffic for malicious activity. The IPS is an in-line device that is inserted seamlessly and transparently into the network. As packets pass through the IPS, they are fully inspected to determine whether they are legitimate or malicious. IPS protects against increasingly sophisticated attacks, including:
- Directed attacks
- Application abuse
IPS technology combines many to recognize and stop threats and attacks:
- Signature-Based Detection: A signature is a pattern that corresponds to a known threat. Signature-based detection is the process of comparing signatures against observed network events to identify possible incidents.
- Anomaly-Based Detection: Anomaly-based detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. An IPS using anomaly-based detection has profiles that represent the normal behavior of such things as users, hosts, network connections, or applications. The IDPS then uses statistical methods to compare the characteristics of current activity to thresholds related to the profile, such as detecting when Web activity comprises significantly more bandwidth than expected and alerting an administrator of the anomaly. Profiles can be developed for many behavioral attributes, such as the number of e-mails sent by a user, the number of failed login attempts for a host, and the level of processor usage for a host in a given period of time. The major benefit of anomaly-based detection methods is that they can be very effective at detecting previously unknown threats.
- Stateful Protocol Analysis: Stateful protocol analysis methods use protocol models, which are typically based primarily on protocol standards from software vendors and standards bodies. Stateful protocol analysis relies on vendor-developed universal profiles that specify how particular protocols should and should not be used. The “stateful” in stateful protocol analysis means that the IDPS is capable of understanding and tracking the state of network, transport, and application protocols that have a notion of state.
Remote Access SSL
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser.
Until recently IPSec based VPNs were the industry standard on which most companies relied as they provided the reliability and security required protecting sensitive company information. While IPSec continues to be the generally regarded standard for site to site VPNs, SSL remote access VPNs have recently been introduced and are quickly gaining in popularity prompting many to believe that IPSec remote access VPNs are on their way out.
An SSL VPN offers versatility, ease of use and granular control for a range of users on a variety of computers, accessing resources from many locations. There are two major types of SSL VPNs:
SSL Portal VPN: This type of SSL VPN allows for a single SSL connection to a Web site so the end user can securely access multiple network services. The site is called a portal because it is one door (a single page) that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies himself or herself to the gateway using an authentication method supported by the gateway and is then presented with a Web page that acts as the portal to the other services.
Gateway Content Filtering:
Web Security Gateway
Web threats are growing at an exponential rate, and nearly 50% of all legitimate sites are hosting malware. URL filtering solutions that rely on periodic updates to local databases cannot keep pace with these rapidly-evolving threats. In addition, the growing complexity of IT infrastructure and Web 2.0 add to the security challenge. Administrators lack timely, actionable information about how the Internet is being used.
Traditional gateway defenses are proving to be inadequate against a variety of web-based malware, leaving corporate networks exposed to the inherent danger posed by these threats.
At the same time, IT managers face economic pressure to reduce costs while improving web security.
- Web threats
- Viruses and worms
- Spyware & keyloggers
- Malicious mobile code
- Content threats
- Non-business content
Email Security Gateway
Today’s email-borne threats consist of virus attacks, spam, false positives, distributed denial-of-service (DDoS) attacks, spyware, phishing (fraud), regulatory compliance violations, and data loss.
- Blended threats
- Data loss
- Inappropriate content
- Malicious web links
- Spam and bots