Information security and protection of the corporate network
- From whom will we defend ourselves?
- - All of them.
- What are we going to defend?
- - Everything. How much money will it take?
- Everything. This will take all the money.
WHAT IS INFORMATION SECURITY AND NETWORK PROTECTION
As people involved in information security and protection of corporate systems for several decades, we do not believe in absolute security. Absolute safety is a rare, mythical beast, and is not shown to people.
More often than not, we have to deal with a reasonable trade-off between security and functionality. After all, information security , that is, protecting your data from unauthorized access, is not a gizmo, a trick or a piece of iron that you have installed once, and it is. It is a process that must be followed at all times, the rules of the game that are played on your corporate network. This is the middle ground between "you need to be able to work" and "should not be kidnapped."
And in order to find this golden mean, you need to answer several important questions.
FROM WHOM OR FROM WHAT ARE WE DEFENDING OURSELVES?
This is the key question. We always have to choose from whom to protect the network and information, because your resources - organizational, temporary, financial - are not infinite.
As a rule, for a medium-sized company, you can outline the following range of hazard sources:
In our opinion, this is one of the most obvious and easily eliminated threats. If we are not talking about the security of a website or other resource open on the Internet, then protecting the internal network does not pose a serious problem. It is enough to have a well-configured router, a fairly strict policy when connecting from the outside, the absence of unsafe services and reliable anti-virus protection, and the probability of hacking your network drops sharply to minimum values.
Viruses, Trojans and Using Them to Access the Corporate Network
The solution to this problem strongly depends on whether the virus attack is accidental. If it is accidental, that is, the virus is not written specifically for hacking your network.
then, most likely, a good antivirus will detect it and block it. If someone specially prepared the virus for you, then the chances of successful protection are reduced: if someone has seriously worked on the virus, then its detection may be too tough for the antivirus system. This is due to the fact that antivirus systems have two mechanisms for detecting a virus - comparison with known virus signatures (unique pieces of code), and determination by characteristic behavior. Antivirus may not know about a new virus and can only detect it by behavior, access to disks or programs.
However, in order for the virus to work, it must be somehow delivered to your network and launched. And here the problem should get in the way of instructions for working on the network, restricting access rights to resources, your network security policy.
According to statistics, hacking and gaining access to data via external networks or the Internet account for about 20%. The remaining 80% are related to internal hacks, leaks and information theft. We rarely hear that someone hacked the server, but often - that the leaving employee lost all data after "leaking" the client base.
Internal attacks are often not attacks in the literal sense - a person simply takes available information or uses software to gain access to restricted areas. It is much more difficult to repulse such an attack, but it can significantly reduce the availability of information and complicate the work of an attacker.
You can fight with a system of measures.
1. Separation of access rights. A person should only have access to where it is necessary to carry out his duties.
2. Availability and strict adherence to password policy. Passwords should be long enough, complex, and changed regularly.
3. Correct administration of the network. The administrator must be careful about his work, regularly conduct security audits, delete or disable unused accounts.
4. Using cryptographic protection tools to protect files and e-mail.
"Someone else's uncles"
Under this concept, we include everyone who can access the servers and the network without the approval of the management - security guards, various inspectors, thieves, fraudsters, bandits, etc.
Considering them as a threat, we understand that there can be two results - stopping the work of the company in the absence of operational data and getting the data into the “wrong” hands.
The first problem can be solved by creating a well-thought-out backup system, creating a redundant server, moving data or services to a remote server in the cloud, or safely hiding the server. The second task is not so creative, and, as a rule, implies the introduction of a data encryption system, special procedures such as evacuating media in the event of an "event X" and other similar things.
It is quite possible that you have some other business specifics that give rise to other dangers. And some may not be. All this is a topic for a serious conversation.
Since we now know who we are defending against, an equally important question arises.
WHAT ARE WE PROTECTING?
Unfortunately, the answer “all” does not suit us. The growth in the amount of data in an average company not busy with graphics is calculated in tens of gigabytes. In three to four years, this happiness can grow to hundreds of gigabytes, or units of terabytes.
To understand, copying 1 Terabyte over a local one hundred megabit network will take about one and a half days. That is, even backing up such volumes requires a serious approach, and it is almost impossible to merge every night somewhere on the Internet in order to have an up-to-date copy.
A simple conclusion follows from this - you need to separate really important, valuable information from gigabytes of junk. And no one can do it for you. We will try to help you decide what to do with it further in order to protect it from those inclement weather that we identified in the topic of dangers.
HOW DO WE DEFEND OURSELVES?
In much the same way as you protect your home.
Most importantly, there must be a lock on the door. Otherwise, it provokes even the most law-abiding. And the castle for each danger must be its own. Both external and internal sources of threats must visibly feel that security is being monitored here. Therefore, for a small network, the task list looks like this:
1. Using a centralized authentication and authentication system. On windows networks, this is usually Active Directory.
2. Use of reliable anti-virus software. Today, in our opinion, these are corporate versions of Kaspersky Antivirus.
3. Correct configuration of all hardware and software points of contact with the external network - routers, servers, using VPN when connecting from outside and between offices.
4. Separation of access rights to documents and resources. Implementation of the practice of control over obtaining access, when obtaining new access is possible only with the approval of the company's management.
5. Using password policies - defining the requirements for passwords and their regular change, implemented at the software level.
6. Regulation of users' work in the network. Description of permitted and prohibited actions, password policies, rules of access to certain resources.
7. Implementation of cryptographic means to protect information in case of loss of laptops or storage media, protection of e-mail.
All these measures taken together can significantly improve the level of security in the company and greatly reduce the likelihood of data breaches.
An important addition to the above is the need for regular security audits as people tend to make mistakes. And our task is to help find these errors and suggest ways to fix them.