Kenneth M. Smith CISSP CISA QSA
Nothing can guarantee complete protection from the threats that exist on the Internet. Worms, viruses, malware and other malicious attacks are making this battle more complex every day. But it’s important to make a concerted ‘due-diligence’ effort to protect your information systems. Here is a preliminary checklist of 20 items that can help reduce your exposure to the top Internet threats.
SANS Newsletters: There are two weekly Newsletters and one monthly to choose from. The Security Alert Consensus (CAS), for example, lets you customize the content to your environment. You can choose to only receive news that pertains to the operating systems that you use. To subscribe to the SANS Newsletters, visit: https://portal.sans.org/
SecurityFocus Mailing lists: There are currently 26 lists to choose from. At a minimum, I would recommend the ‘bugtraq’ mailing list. To subscribe, to the SecurtyFocus lists, visit: http://www.securityfocus.com/archive
Incidents.org: This site provides daily updates and alerts on the latest threats, acting as an Internet Storm Center. Here you can access the latest CID Graph, probing statistics, and access the DShield Database. DShield is a system that acts as a central logging and analysis repository for IDS and Firewall logs. For more information, visit http://www.incidents.org/.
10. Keep Internet accessible hosts on a DMZ – Any host that can be directly accessed from the Internet should be in a Demilitarized Zone network, not your internal LAN. For example, web, mail, and ftp servers should be on a separate network segment that is connected to the firewall only. Firewall rules are then created to allow access to these systems from the Internet, and to allow these servers to communicate with systems on your LAN.
13. Closely guard modem remote access services – A single host with a modem connected to an analog line can completely circumvent your security strategy. Although it doesn’t get the attention it used to, finding a host running PcAnywhere with a weak or non-existent password will usually result in full access to the companies’ internal network and applications. Systems that must be made available in this manner must be closely monitored, and full auditing and logging capabilities should be enabled. Regular WAR-Dialing exercises should be performed to inventory modem usage, and to identify weak authentication requirements.
15. Categorize and segregate systems – Organize systems into categories based on their importance to the organization, and their function. Next, segregate systems into secure ‘zones’ based on these categories. This allows you to provide countermeasures that are better aligned with each systems security requirements. Additionally, more extensive countermeasures will be efficiently deployed, exactly where they are needed the most.
Copyright (C) 2004 Kenneth M. Smith