Computer Security   The 10 Domains of Computer Security

Risk - that's what it's all about. When you connect your computer to a network, you accept some amount of risk that the computer will be misused, or attacked. Minimizing that risk is the goal of an effective Computer Security program. ASUS EEE PC 1005HAB REPLACEMENT LAPTOP LCD SCREEN

There are ten distinct areas in computer security. Most people just think of Network Security as that's what grabs all the headlines: "Russian Hackers Break Into Pentagon." Network security is only part of the whole computer security picture. Here are all ten areas: iphone 4 digitizer replacement video

1. Access Control Systems and Methodologies

This domain is concerned with letting authorized people into your systems, and keeping the unauthorized users out.

2. Telecommunication and Network Security

This domain covers firewalls, proxies, network protocols.

3. Security Management Practices

This is the administration of your security, which includes Senior Management suport of a Company Security Policy. Do you revoke accounts when an employee leaves, or can they still access the system two years later? Don't laugh - we've seen this. it also covers role-based access control (RBAC) and discrete access control (DAC). It also covers risk management.

4. Application and System Development Security

This domain deals with secure application development. An example of poor design is where URL manipulation reveals company secrets, or other peoples account information.

5. Cryptography

Everything you ever wanted to know about cryptography.

6. Security Architecture and Models

This domain deals mostly with computer hardware and operating system srchitecture. It also covers some of the access control models used in the military and in business.

7. Operations Security

This domain addresses how to deal with the threats to your systems.

8. Business Continuity and Disaster Recovery Planning

Covers how to continue running your business if your computer systems are damaged or destroyed.

9. Law, Investigation, and Ethics

This domain covers the legal ramifications of securing your systems as well as the importance of preserving the crime scene if a computer is compromised.

10. Physical Security

This domain covers physical security, including controlling physical access to the computer and how to protect it from natural and manmade disasters.

Securing a Wireless LAN   For more information

For maximum Wireless LAN security, implement the follwing steps:

1. Turn on WEP (Wired Equivalent Privacy)
2. Change Your Default Password
   • Use a Strong Password
   • Change it Frequently
3. Close Your Network (If Possible) - Turn of SSID Broadcast
4. Change Your Network Name
5. Move Your Access Point
6. Use MAC Control Tables
7. Install and Monitor Arpwatch (Not Available for Legacy Operating Systems, like Microsoft Windows)
8. Use a VPN (Virtual Private Network)
9. Perform Site Surveys
10. Use Static IP Addresses
    • Remove DHCP
    • Change the default network number (usually 192.168.1.0)
11. Turn Off File Sharing
12. Install a Personal Firewall
13. Put Wireless Network in the DMZ

Wireless Security   Wireless LAN Best Practices

To provide the best protection for your wireless LAN network from attack, the following best practices are recommended:

1. Educate employees about WLAN risks, focusing on:
   • Threats from the unauthorized attachment of access points (APs), also known as rogue APs;
   • Use of WLAN cards in ad hoc mode, especially when in public areas or any building with a perimeter less than the WLAN broadcast range;
   • Connect only to known APs; masquerading APs are more likely in unregulated public spaces.
2. Deploy personal firewalls on all computers. Use local/corporate network security policy to enforce their continuous use.
3. Actively and regularly scan for rogue APs on the network using available WLAN management tools, such as NetStumbler, AirMagnet, or AirDefense.
4. Change default management passwords on APs.
5. Change the default Service Set Identifier (SSID) on all APs, and prevent the APs from broadcasting their SSIDs. This enables users to easily identify the AP to which they are connecting and only present the necessary credentials.
6. Turn on and use Wired Equivalent Privacy (WEP). It provides basic-level protection against the drive by snooper or unintentional visitor. WEP should always be used with other measures.
7. When deploying 802.11X infrastructure to implement dynamic WEP, configure the session key update for at least once per hour to minimize the chance of key repetition.
8. Avoid placing APs against exterior walls or windows.
9. Reduce the broadcast strength of the AP when possible to keep it within the necessary area of coverage, and avoid coverage of unintended areas such as parking lots.
10. When planning network design, use 802.11X-based port authentication for wired switches and hubs to inhibit future addition of unauthorized, user-attached APs.
11. When using a Virtual Private Network (VPN)/firewall solution to protect WLANs, use IPsec-based VPNs with secondary authentication.

References   For more information

Enterprise Solutions for Wireless LAN Security, Wi-Fi Alliance, Available: http://www.wi-fi.com/opensection/pdf/whitepaper_wi-fi_enterprise2-6-03.pdf, February 6, 2003

Securing your Wi-Fi. Network, Wi-Fi Alliance, Available: http://www.wi-fi.com/OpenSection/secure_the_network_setup.asp?TID=2

Securing your Wireless Network, Practically Networked, Available: http://www.practicallynetworked.com/support/wireless_secure.htm

Exploiting and Protecting 802.11b Wireless Networks, Extreme Tech, Available: http://www.extremetech.com/article2/0,3973,34635,00.asp

Arpwatch, Security Focus, Available: http://www.securityfocus.com/tools/142

We Can Help   For more information

Our security assessments use Industry-Standard techniques, and address all of the above security domains. Obviously some will probably not pertain to you, but you may be surprised to find out how vulnerable your data really is. Remember, 75% of the dollar loss from all attacks came from employees (Source: SANS Institute)

Feel free to e-mail or call us at 623-203-1760 for a no obligation consultation.