Q&A - Can a system or network be too hardened?

security.itworld.com |  Security

I recently had the opportunity to interview the authors of two of the books in the "Hardening" series, which is a well-respected series of books from McGraw Hill and Osbourne. Roberta Bragg, author of "Hardening Windows Systems" and Wes Noonan, author of "Hardening Network Infrastructure" offer their views on security.

Brent: In your opinion, what are the greatest threats facing the security of organizations today?

Wes Noonan: Without question the greatest threats are worm-driven denial of service attacks. While rarely resulting in loss of data, they can easily take an unprepared organization down for a day or longer.

Roberta Bragg: I see immense threats in three primary areas: SOHO users - because they lack an understanding of security requirements and the skills to secure their environments which makes them an easy target for compromise and use against others; unsecured wireless networks because they are so often used as portals for attacks and spam; and finally, the risks of mobile systems which are often less secure than their network-bound counterparts and expose the organization to larger threats arising from remote access, infections via VPN connections and just plain theft.

Brent: Is there an 80/20 rule in hardening networks and systems? If so, what are the simple steps organizations can take to mitigate large amounts of risk?

Wes Noonan: Yes, I believe there is an 80/20 rule. To make it work for you, try this: First, implement a patch management system. Second, implement a comprehensive network and host-based virus protection system. Third, enforce a strict network perimeter including ACLs, content filtering and VPN restrictions to control what comes in and goes out of your network.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question