Anonymous
SecQuorum
SecQuorum: "peace of mind is the privilege of the cautious"
Skip Navigation Links
Security
< What is Security?

I worked for a company in Paris as a contractor for 8 months once which had me documenting all of my work to a level I should have had it published but for my love of trees I may have settled for a cup of cool water for my pen.

Of course we do need to document to keep a track of what has been done but not at the expense of the work that needs to be done. Stop thinking about tomorrow as there is another tomorrow after that. Security is a foundation subject that needs to be thought through, is that a contradiction to my statement about tomorrow? In fact no, don’t build a system then try and secure it. So back to my heading ‘What is Security’? Everything that holds information, data stuff, you need to control its access and viewing.

Firewalls are no longer the answer because by default if you secure one area with an IPS Firewall clustered to a fail over Firewall with backup Firewalls, barbwire and a Rottweiler hacker will just find a cable and tap into it, if the price is good enough information hackers will do anything.

So my rule of thumb is, what are the stakes for the data you are holding to the cost of the security or the publicity damage that could be caused to your company? For example the American Navy, Microsoft the CIA all have the ultimate resources to throw at security, do they have problems?

So let’s bring it back down to earth and talk about security for your company and what you should really be thinking about but with a tactic not thought about by most, think from the middle of your network out.

Rights Management Server (RMS) this is an easy and a free way to really secure data, good use of your Active Directory can bring solid security to your company. Control your access to the internet and give everyone low grade user rights, use the ‘Run As’ command instead, patch your computers, that’s even free now with WSUS. Invest in ISA Servers which is a great way to control internet access and works well with a content filter like Surf Control, WebSence or my favourite the SonicWall filtering CFS. Lock all Servers in a no window room with only one solid fire door try to secure the cables as much as possible but it still has to plug into a PC so there is a weak spot but it’s in the inside of the building so a good old secure building will help.

Firewalls, sure we need them most Corporate Firewalls today are good. Well that’s it then the system is secure! In fact we are missing one ingredient to the mix here aren’t we? The internal network.

Linux is said to be more secure than Windows well I’ll stick my neck out here and say it’s not! Why, well the average Linux Servers in most companies is in command mode and the engineers who build these are more experienced often old UNIX engineers who know what they are doing. Look at it this way how many support companies are out there that do MS products to Linux support companies? The general MS Engineer can be a little less experienced to others so the final point to Security is the person on the keyboard making the changes and the direction from above to drive the team to their mission.

Managers should follow up on changes made to a system and ask why we need to do this, questions need answers and explanations - this is a healthy thing to do.

So what do we know, well in summary security can cost less than people think, don’t just throw money at it, talk about it get advice, think, plan, document then action. So did the company in Paris have it right in the first place? Yes, but they had 56 offices around the world and if you have a credit card then it goes through their system for sure, did they take risks? I think not, the level of engineers was excellent and the CIO, well it had to make sense before you put it in to action then he followed everything up!

So if you are a small company or a big fat global company the formula is the same. Think twice, get advice if it makes sense to you then weigh up the price of the change to its real value which is the end goal.

My final point is how do you know the ‘Security Specialist’ is a security specialist? Well, ask basic questions, ask for a CV of the companies who they have worked for in the past, ring them and ask for yourself, why not your security is at risk here!


SecQuorum is a leader in the UK and France providing IT solutions and services to business and the public sector, , offering world-class consulting, technology and outsourcing. We offer a true end-to-end approach, from advising you on your IT strategy to implementing technology solutions and managing your IT infrastructure.
© 2006 - SARL SecQuorum: Siret 489 601 948 00024.