November 01, 2001, 4:04 PM — Once you've secured the machines in your
installation, it's time to secure the remote accesses to your site.
The usual method of installation security is to secure the remote
access, and then to secure the systems if time and energy allow. But
consider that, until you've inspected and secured each host, you don't
know what kinds of access each host is allowing.
If a host has a modem and allows packet passing (it's acting as a
router), that system is making your whole network vulnerable. The host
need not even pass packets. If it provides network services, it can be
compromised. Once compromised, the hacker can manually access the
network and break into other machines. Putting a firewall in place at
the corporate Internet connection will solve no problems, and will
give you a false sense of security. So, for an
installation that is about to gain access to the Internet, consider
these steps in turn:
- Secure each machine that is connected to the network
- Install the firewall to throttle access
- Enable the Internet link
- Continuously monitor the link, and periodically re-check network hosts
If your management has succumbed to the hype and wants an Internet
connection immediately, you'll have to fight a rear-guard action.
Install the firewall and permit only a minimum complement of protocols
through, and initiate an internal sweep of systems. First check for
modems that could allow outsiders to gain access to the internal
hosts, and control them if possible. Follow up with a security audit
of all of the hosts.
At this time in the operation, it is important to establish
connectivity and security guidelines throughout your installation. If
you've nailed down each modem, and have secured the Internet
connection, and have secured each system, you currently have a
good level of network security. Do your users know that connecting a
modem to a machine could be a "bad thing"? Do they know to get the
modem checked out by security or system staff, and any external access
approved? If not, your well-spent time and effort could be wasted the
moment they turn on that modem.
Those of you without Internet connections have reason to worry as
well. Most security problems are caused by internal agents,
not external. Can you trust users (and even system administrators) in
other divisions of your company that have network connections into
your machines? If your user machines and the corporate financial
system are connected via a network, are you sure you should be
trusting your users to stay away from that interesting data?