No one network and data security solution is perfect and where there are advantages, there are also drawbacks. It is also very easy to create rules that generate false positives (in other words, rules that block both valid and invalid traffic). Despite the difficulty in creating well designed custom rules, all web applications usually come with a very solid core rule set. Modsecurity, the open source web application firewall solution, boasts a core rule set that protects against the types of threats listed in the article. Out of the box it protects against generic SQL injection attacks, Cross Site Scripting, and even language specific injections.

With all that said, it is easy to see that a Web Application Firewall is a good choice when looking to supplement network and data security. Of course, I say supplement because no one device is going to provide perfect security. Security is best accomplished through layers and as great as a web application firewall may seem, it does not replace a standard network firewall, an IPS/IDS, or even thorough code checks and patching. However, when a Web Application Firewall is used in conjunction with all (or even some) of the above, it provides a new level of network and data security that greatly reduces the risk of compromise to sensitive data.

New threats emerge every day that require innovative approaches and force organizations to be more proactive regarding computer network security. And as the number of hackers around the globe continues to grow, it’s more important than ever to conduct a comprehensive computer network security assessment of your network—one that focuses on actual threats rather than an audit checklist such as the PCI compliance.

A comprehensive computer network security assessment should consist of eight steps:

1. Recognize your organization’s current digital footprint

Document your electronic footprint on Internet, both the visible spectrum as well as the IRC/ICQ message channels, and other groups. Identify and pinpoint potential areas that may be vulnerable to information disclosure or compromise by gathering all the intelligence you can about your organization, employees, partners, other stakeholders, and infrastructure the same way malicious hackers do.

2. Assess vulnerabilities of employees, partners, and other stakeholders

Once you’ve assessed the vulnerabilities of employees, partners, and other stakeholders, analyze and evaluate what you’ve learned to identify potential problems.

3. Assess the vulnerabilities of networks, applications, other IT resources

Document and analyze your entire IT infrastructure to find the weaknesses and potential problems.

4. Conduct comprehensive scanning of ports, vectors, protocols

Conduct a comprehensive scan of all ports on your network to identify the IT counterpart of open windows and unlocked doors. The most common malicious network scans search for vulnerabilities in a standard range of 300 ports on a network where the most common vulnerabilities are found. (However, you may have over 60,000 ports on your network that can be suspect.)

5. Understand how your network interacts with outside parties

Try to access your network as an outside party might. See what your network requests in terms of information and how easily it can be satisfied.

6. Probe your internal network weaknesses

Assess interaction with internal networks. Unfortunately, internal people do malicious things too.

7. Review wireless nets, including Wi-Fi, Bluetooth, RFID, rogue devices

Wireless nets, rogue devices, and removable media all present vulnerabilities. If a hacker leaves a USB flash drive containing malicious code in your lobby, someone will likely pick it up and innocently pop it into a system on the network to see what’s on it. That’s all it takes to compromise your network. Check out these recent blog posts on Wi-Fi security vulnerabilities and Bluetooth vulnerabilities and you’ll see what we mean.

8. Assess and educate employees about social engineering attacks

This includes policies around behavior, like picking up flash drives left lying around, and using social media.
This may sound like a lot of work, and it is. But hackers make it their job to breach your computer network security, and you want to make it as difficult as possible for them. Remember… they don’t play by the rules.

According to Chris, many people overlook Wi-Fi as a security threat. However, given its prevalence in vehicles, transportation systems, and other places of interest to hackers, this may not be a good idea.

Click here to view the embedded video.

Chris Roberts is the founder of our computer network security partner One World Labs and frequent speaker on security. You can see his keynote speech in its entirety at our YouTube Channel, or you can view additional excerpts here on our blog, including the two part series on Computer Network Security.

Would you have guessed someone could disable the ABS system in your car, even set off the airbag by accessing the car’s computer system via Bluetooth? Imagine what a hacker intent on harm could do to with the data stored on your smartphone.

For those of you who don’t know, Chris Roberts is the founder of our computer network security partner One World Labs and frequent speaker on security.

Click here to view the embedded video.

1. Most cloud providers don’t have a guarantee about not losing data, but given the size and scope of the larger providers, losing data isn’t likely.

2. To access the cloud, you need to use cloud providers’ specific tools, which might not be easily integrated into typical IT existing processes and tools.

3. In some cases, cloud providers charge up to 6 times more for network bandwidth than what it would cost for you to use your own network—whether or not you transfer data internally or externally. Over a three-year period, these expensive bandwidth charges could  eat up your savings.

So while the cloud in some definition or form is likely here for the foreseeable future, like any new technology solution it needs to be examined carefully.

Again, check out the article:  Cloud Security to Reap $1.5 Billion by 2015.

Click here to view the embedded video.

ASG and Hitachi Data Systems are your trusted, award-winning instructors. Contact ASG for a personalized session to get your data resilience plan equipped, launched and maintained.

• Deduplication, backup and continuous data protection
• Disaster planning and operational recovery
• Mitigate risk to critical data

Data protection and privacy continue to be a tremendous focus and risk for IT communities. While companies make great strides protecting data privacy in production application environments, they often overlook implementing similar strategies in non-production environments such as testing, development, and training.

Reliable, safe, and effective mechanisms for securing data at rest require the adoption and rigorous execution of well-defined processes for handling keys used to encrypt data and keys used to safeguard the data encryption keys. Key management is a comprehensive term that covers these controls—including the creation, distribution, deployment storage, transmission, and destruction of keys used to encipher data.

We’d love to hear what your doing to ensure the security and privacy of your data, in production or non-production environments. Leave a comment or send me an email!

In our next, and last, blog in this 5 part series on data archiving we’ll discuss establishing a data retention policy.

Cyopsis, NetApp and ASG will be hosting a seminar on how to mitigate the cyber security threat and I’m sure it will open some eyes. This event is on March 30th from 7:30am until 11:00am at the Budweiser Champions Club at Invesco Field. You can register here.

Cyopsis uses state-of-the-art forensic tools and a dedicated, secured laboratory environment to ensure compliance with industry best practices and their clients’ need to protect and preserve data. By using the most current methodology and tools and maximizing efficiency, Cyopsis aims to reduce costs and minimize disruption to client operations.

NetApp creates innovative storage and data management infrastructure solutions that accelerate business breakthroughs and deliver outstanding cost efficiency.
Hope to see you there!