With the rise of the Internet, information has never before been so readily accessible both to authorized, and unauthorized individuals. Data security has become a prime concern. Gone are the days when security simply involved the guard who would patrol the corridors. In this information age, computer networks can receive upwards of 20,000 network events per second.
Such a number is impossible to manage manually and requires the use of complex data security protocols designed to allow authorized access while preventing those without a legitimate purpose. Network events must be processed and handled via the established rules. Additionally, regular reviews of network events allows the Chief Information Officer (CIO), or Chief Security Officer, to determine if there are zero attacks, isolated incidents, or a coordinated plan of attack designed to tear down a company’s network.
Data security event processing allows the CIO to handle network events automatically based on predetermined criteria. This rule-based system is designed to block known vulnerabilities and ensure that authorized events are allowed to take place with as little delay as possible. While seemingly simple in concept, the practical application of rule based event management has far reaching effects and can often be manipulated by those familiar with network management.
Attacks can come in many forms, from the simple nuisance to the experienced hacker. A Denial of Service (DoS) attack is used by hackers to slow or shut down a network by sending repeated connection attempts with the intent of overloading system resources. These repeated connection attempts can wreak havoc on networks and destabilize the interconnectedness of office computer systems.
While no system is perfect, there are some Best Practices that will reduce the likelihood of an attack or at least assist in preventing them from recurring. These practices should form the basis of your company’s computer IT policies.
1. Keep audit trails. It is imperative to maintain network logs that show what was done, when, and how. These logs allow the CIO to analyze for patterns. Without proper documentation, it is much more difficult to determine concerns such as how long an attack has been pending or whether or not it came from inside or outside.
2. Review system logs at least once every 30 days. Regular reviews allow the CIO the opportunity to spot trends. Often hackers will test a network’s vulnerabilities before launching a major attack.
3. Test the system from the inside as well as the outside. Many companies allow both Internet and intranet access to their system. A strong Internet security protocol may prevent external users from performing illegal tasks, but they may not be sufficient to prevent an attack from the inside. By shoring up security on all fronts, the CIO can reduce the likelihood of all threats.
4. Maintain records of network settings. The strongest network is only as good as its settings. When key systems are disengaged for updates or tweaked by staff, vulnerabilities may arise. By having written policies regarding settings, you can ensure the system is set as intended.
This list is by no means all inclusive, but gives you a good base to begin data security best practices. For your business and the trust of your clients, it is imperative that those 20,000 events per second are being monitored in real time.
Find out if your information systems are at risk
Post Photo Courtesy of CarbonNYC