Proactive vs. Reactive Security
Date: October 15, 2003Source: Computer Crime Research Center
By:
... (containing specific details on how to fix any detected vulnerabilities). Most of the Big 5 accounting firms offer this kind of service, but the price is high, and they often want to bundle many other services with a network security scan.
One of the best independent companies that offers network vulnerability scanning services is VIGILANTe. Their scanning service includes not only many tools they have developed themselves, but several other commercial and shareware tools like Nessus, CyberCop, nmap, and ISS. Their flagship scanning service, SecureScan NX, scans a network internally as well as externally.
When using an outsourced scanning service, it's important to have the scans performed at regular intervals. This is not just a one-time thing. Every company needs to decide on a "scan frequency" - how often to have the networks scanned for vulnerabilities. Once every 90 days is suggested as a reasonable minimum scan rate.
Regular vulnerability scanning along with diligent system patching can go a long way to providing a highly effective defense against system attackers.
An important additional measure that organizations can take in order to create an even higher level of network security is to engage the services of a professional security consulting company. There are many companies that offer on-site consulting services, including all of the Big 5 accounting firms, and Vigilinx, @stake, Foundstone and lots of independent professional security auditors.
The advantage of an independent security audit is that when experienced security consultants visit a company and interview critical staff members, they can discover critical weaknesses in security processes (or, indeed, the lack of such processes). Independent security assessments also involve the use of manual and automated security tools. A complete report is delivered at the end of the audit.
No discussion on proactive security would be complete without mentioning the security policy. While there are many topics that should be covered in such a policy, one of the most important concerns staff member use of computers and networks. Unless employees are given specific details on what is and is not permitted, they may inadvertently introduce a virus or worm into the network, or otherwise cause significant damage to system infrastructure.
A good source of information for companies wanting to improve their security policies may be found at: http://www.ietf.org/rfc/rfc2196.txt
Although the title of this article is "Proactive Versus Reactive Security," the two approaches are really not mutually exclusive. Every organization needs to be prepared for successful attacks (also know as intrusions), virus and worm outbreaks, denial of service attacks, and even attacks by disgruntled employees with an insider's knowledge of the systems and networks. Given today's geopolitical environment, it has become critical for every organization to have a workable Disaster Recovery Plan (DRP) as well.
Of all the "bad things" that can happen on a company's networks, the most common and most expensive (historically) is the virus/worm outbreak. Such attacks can tie up networks, cripple mail servers and disable many individual PCs. It's beyond the scope of this article to discuss the specifics of a virus/worm reaction policy. Many of the popular commercial antivirus vendors provide some insights on their websites.
As we have seen, proactive and reactive security are not opposing forces. Every organization needs to find an appropriate balance between how many resources can be devoted to proactive measures designed to deter network attacks, and how much to devote to reacting to intrusions. However this balance is addressed, it is strongly recommended that every organization have an effective patching process in place, and have networks scanned using vulnerability assessment programs. Those are the two most important components of proactive security.
Add comment
Email to a Friend
