Monday, January 3, 2011

【 Weak current College 】 10 ways to reduce the internal network security risk 】



Now internal personnel to the company's security threat is not negligible. Recent reports indicate that internal damage to the company at all hazards incidents have increased from 80% to 86%, but more than half of them occur in the Terminal employees. No doubt, have permission to access the corporate system of internal employees most likely to be mislead into those fraudulent or dangerous links. But in all of the employees, IT staff have such access. Therefore, IT audit should be concerned about the many ways to confirm the risk. Below we give you the control and reduction of staff on administrator fraud.

1.IT security policy

Managers should review those capable of managing privileged accounts (such as a domain administrator account, the application administrator account, a database administrator) IT security policies to protect the security policy exists, but also clear access is processing, verification and certification, to ensure that these policies are subject to regular review. Otherwise, you're essentially non-existent administrative privileges to access basis. In the absence of the relevant report, the administrative privileges account policy is incomplete. Privileged account password audit reports often involves the following issues: password when update, update failed, what, and in a shared account, individual users how to perform a task, and so on.

Formulation of strategies should have a goal: to be able to terminate the obvious non-defense of user activity. To ensure that all employees, contractors and other users aware of its responsibility, and IT security strategies, methods, and their role in keeping related guidance, etc.

2. the "superuser" account and access

Learn about the company and user access-related exposure is very important. Should decide to have the access privileges of the account and the user's staff, and gain access to the network, application, data and management functions of access have higher powers of all the accounts list. Including usually neglected all computer accounts. From here, make sure that user access can be checked, and make sure it has the appropriate license. A good method is to examine user access on a regular basis, and decided that data and system of the "owner" has been expressly authorized.

3. account and password configuration standards

To ensure that all of the administrator account in accordance with policy updates. In particular, should not exist the default password settings. For those who have sufficient resources for the default account and password for the user, the information is very rich. There are a number of safety account, the account name is the password, this is Pandora. Setting password length is also important to disable some obvious temporary account is also very clever.

4. access to password controlled

The power increase of the account and password for access to the administrator. The reason may be obvious, but shared access to password have not always under control. Offline records or open access, such as an e-mail containing a password, it should not exist. Even if an encrypted password file is insufficient. In the worst case, the password for the password file is not under control.

5. service account ("machine" account)

The server can be promoted and used for various purposes of evil. These accounts typically are not assigned to a human user, and are not included in the traditional authentication or password management process. These accounts can be easily hidden. Administrators should guarantee service accounts only have the necessary access rights. These accounts should be regularly checked, because they often have the superuser. The number of users are numerous, but also many unused account also requires attention.

6. high risk user and role

There are a few companies actively to monitor certain roles, these roles on the enterprise will cause very high risks, enterprise monitoring discovered the potential of "unacceptable". Many enterprises have some risk is extremely high in key roles. For example, a purchasing manager for a position may be able to access sensitive data to another competitive company. In this case, the access is authorized, but the existence of the abuse. Status, duties of rotation as well as set the appointment time is dealing with high risk of an important programme. Note: IT security experts usually belongs to the role of high risk.
7. safety awareness project

Any employee or user could cause a threat. Implement a can handle all the elements of a security awareness program, and cannot guarantee that its enforcement is imperative. There are many programmes to ensure that all users have read and agree to the rules and policies. One such tool is called when a user logs on to a signature on a warning message that asks the user to confirm their consent to and select the window of "reception" or "agree" check box.

8. background screening

Background screening is to seriously ask employees some wording to strict questions to reveal their specific behavior and attitudes of danger signal, for example:

· Unauthorized or unusual work experience: leave the work of suspicious reasons, long-term causes have not been employed by the

· Fraud: in some fact (such as education and previous employment relationship) for false statements

· Personality/attitude problem: with colleagues or managers of a bad relationship

· Defeat, prestige, suspicion, unable to accept the changes, etc.

9. event logging

Security event logging provides real-time transparency in the use and activities. Accurate and complete user and activity logging for event analysis and development of additional security measures is essential. Gets the access methods, access and past activities is very important. In order to guarantee adequate records, you should consider upgrading to a higher risk areas and use of the service record.

10. the evidence

Managers should be familiar with the use of different storage devices, if there is any suspicious signs, you should have a "fingerprint" of the level of knowledge of sufficient knowledge. This can be the cookie data, hidden operating system data, etc. From corporate system gets key file and place it into the Flash memory is a very simple matter, these Flash devices can be disguised as digital cameras, personal digital assistant (PDA) or mobile phone, etc. There are a number of investigators from mobile phones to gather and analyze information, because this kind of devices can include voice messaging, text messaging, address file, telephone number and the number of missed calls, received calls, etc. If there is any suspected illegal activity, in respect of the relevant evidence, should be retained until the final result.

No comments:

Post a Comment