What is a Security Policy?
http://searchsecurity.techtarget.com/definition/security-policy says : "A security policy is continuously updated as technology and employee requirements change. A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made."
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html says: "a policy would be some form
of documentation that is created to enforce specific rules or regulations and keep a structure on procedures.
","in the context of ‘security’, is simply a policy based around procedures revolving around security" and "a
disaster recovery policy is a set of procedures, rules and plans revolving around having a disaster and how
to recover from it. "
-Description of how the company plans to educate its employees about protecting the company's assets
-Explanation of how security measures are carried out
- Procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made
- Specific rules and regulations and keep a structure on procedures
-Like a disaster recovery policy, how to recover from a disaster
So basically a security policy is what a company should have, a black-and-white of information which the company would include its education plans for the employees about safeguarding company's assets. Also, it would serve as a backup plan, of how security measures are enforced, such as having credentials or personal authorisation methods. Finally, it should be able to improve on its effectiveness and make sure that any flaw would be corrected.
Sunday, 29 April 2012
Common Networking Attacks Threats and Solution
A Network attack can be defined as a threat, intrusion, denial of service or other attack on a network that will try to bring down your network by crashing it or to corrupting it. The attacker might not only be interested in exploiting software applications, but also try to obtain unauthorized access to network devices or classified information.
In most organizations, every email, web page request, user logon, and transmittable file is usually handled by a network device. Under some setups, telephone service and voice messaging are also handled by network devices.If attackers are able to control these details, they have already successfully dealt a network attack. Network attacks cut across all categories of software and platform type. Some examples are: Spoofing, Sniffing, Mapping, Hijacking, Trojans, Denial of Service(DoS)
In most organizations, every email, web page request, user logon, and transmittable file is usually handled by a network device. Under some setups, telephone service and voice messaging are also handled by network devices.If attackers are able to control these details, they have already successfully dealt a network attack. Network attacks cut across all categories of software and platform type. Some examples are: Spoofing, Sniffing, Mapping, Hijacking, Trojans, Denial of Service(DoS)
Spoofing
Any internet connected device sends data containing its origin and destinations. Such internet data packets carry the sender's IP address as well as header/encapsulation data. If the attackers were to have control over the application interpreting the internet data, they can then easily modify the device's protocols to place an fake IP address into the data packet's address. This is known as IP spoofing, which makes any information or data appear to come from any source. With a spoofed source IP address on a datagram, it makes it difficult to find the original sender.
Solution to Spoofing
The countermeasure for spoofing is ingress filtering. Routers usually perform this. Routers will check if the IP address of incoming datagrams are able to be reached by that interface. If the source addresses that are known to be reachable via that interface, data are considered legitimate. If the source address is not in the valid range, then such packets will be dropped.
Sniffing
Packet sniffing is the intercepting data packets which are going around a network. A sniffer program works at the Ethernet layer with network interface cards(NIC) to capture all traffic traveling to and from internet host site. In addition, any of the Ethernet NIC cards that are in promiscuous mode will be picked up by the snifprogram, including all communication packets floating by anywhere near the internet host site. A sniffer placed on any backbone device, inter-network link or network aggregation point will therefore be able to monitor a whole lot of traffic. Most of packet sniffers are passive and they listen all data link layer frames passing by the device's network interface. There are dozens of freely available packet sniffer programs on the internet. The more sophisticated ones allow more active intrusion.
The key to detecting packet sniffing is to detect network interfaces that are running in promiscuous mode. Sniffing can be detected two ways:
- Host-based : Software commands exist that can be run on individual host machines to tell if the NIC is running in promiscuous mode.
- Network-based : Solutions tend to check for the presence of running processes and log files, which sniffer programs consume a lot of. However, sophisticated intruders almost always hide their tracks by disguising the process and cleaning up the log files.
The best countermeasure against sniffing is end-to-end or user-to-user encryption.
Source: http://ayurveda.hubpages.com/hub/Types-of-Network-Attacks
Source: http://ayurveda.hubpages.com/hub/Types-of-Network-Attacks
Subscribe to:
Posts (Atom)