This can be done by self-assessment with the following questions. Has the weakest link in the network security been identified? Can you delay addressing the threats to your network's security? Are network security attacks mundane, random and unplanned activities with no motive? If the answer to any of the above questions is yes, organizations must have a positive answer to the following questions. Is a risk management system in place? Is there a real-time update of the threats that the network is exposed to? If an answer is negative, the organization in all probability is sitting on a time-bomb waiting to explode.
It can well be reasoned that security threats and network attacks are not mundane happenings, and can be controlled using the existing security structure. Also, one can reason that if the existing security structure has prevented all the attacks on the network so far, there is no need to upgrade it or invest more to acquire new tools to improve security preparedness. These are compelling points and certainly undeniable facts. The problem is that though the reasoning is valid, the facts that provide base to this reasoning are distorted and incomplete. The fact is that network attacks are incidents with a frequency much higher than what is reported. Organizations prefer to conceal security breaches and attacks on their network to avoid bad publicity and hold back the information from other potential attackers. Network attackers and network attacks are however 'improving' with each passing day because of the lack of counter-measures on the part of many organizations.
Most organizations are aware of the hazards of delays in acquiring the tools needed to aid security preparedness. However, these hazards are seldom taken into consideration, and initiatives for the enhancement of network security preparedness are usually put on hold.
Breaking the inertia
The network security in most organizations is outdated. Yet, there is often little and sometimes no investment for improving the security preparedness. The few hired individuals are often not trained or lack the expertise to tackle real-time network attacks. In some cases there are trained individuals with proper expertise, but they are not equipped well enough to combat security attacks. It is thus the responsibility of the organization to break the inertia of relying on outdated security systems.
Laying the foundation
Besides physical security checks, the following are the essential components of good network security. The aspects are critical for proper security preparedness:
Discussion & monitoring: This is the most important aspect of organization's security. Awareness is the key to upliftment. Hence a security breach must be clearly defined and effectively propagated to all employees. The implications of even a small negligence on the part of the employees must be made known to them. Security breaches must be monitored, and security policies must be developed in accordance with the organization's functionality.
Review: Once security policies are developed, the next step is to review these policies to enhance as well as fine-tune them, and add new functionality. Existing policies must be examined and assessed to ensure that they prevent any security breach. Reviews can be done in the following two ways.
A technical review of policies can be performed by incorporating a security solution or monitoring tool such as automated audits and automated vulnerability assessments. The non-technical review can be conducted by developing or incorporating security solutions that would enable the organization to monitor compliance with various processes such as ISO 27001, COBIT and ITIL.
Risk management: This is another factor which is underestimated, yet it plays an important role in developing strong security preparedness. It can be done in various ways and on different fronts. Some of the common guidelines to establish a good risk management structure are:
- Conduct regular, periodic as well as random security meetings with key stakeholders to evaluate the security scenario.
- Through inspection of the network's physical layers at various checkpoints, avoid security breaches, identify loopholes, and plug them with immediate solutions.
- Ensure proper authentication, access and monitoring of user activities to prevent network attacks with the aid of a network security solution. This practice equips you with tools to identify, monitor, combat and quarantine any attack on the system in real time.
Once these points are taken into consideration, other things fall into place in terms of security preparedness. Then it remains only a question of fine-tuning the above parameters according to your organization's specific needs to achieve a secure network that can handle any attack.
About the author: Shomiron Das Gupta is the founder of NetMonastery, a group specializing in DDoS defense, intrusion analysis and high end security consulting.
This was first published in July 2010