What
is Internet Security
Internet
security is a method where by a security policy is established
for anyone planning to connect to the Internet. In its
simplistic form, it is a set of rules for your company that
details the do's and don'ts for your internal to external
communication. On a more detailed level, it can encompass
seeking legal counsel and working with local and federal law
enforcement organizations.
Since
a site security policy is the first phase in Internet
Security, a Firewall should also be considered as part of your
company's security policy. The purpose of a Firewall is to
fully implement all of the components of a company security
policy.
Security
should not be taken lightly since exposure to
Internet/Intranet threats can lead to loss of business, data,
and customers. Depending on the nature of your business, the
data that is compromised may also consist of vital customer
information. Customers that feel that your company has
compromised their data due to negligence may file lawsuits
against your company.
Therefore,
having a security policy will reduce your exposure to
Internet/Intranet threats and detail the actions your company
needs to take in the event a break in occurs. Having a set of
rules to protect your company against a break in can also
minimize your company's liability in the event a lawsuit is
brought against your company buy its customers.
What
is a Security Policy
A
security policy is primarily determined and driven by the
business nature of a company. Even companies in the same
vertical market may have differing security policies due to
the interest and priority they place on site security.
Basically, the interest in an Internet security policy for
most companies is directly proportional to their perception of
risks and threats. Perception is reality…
A
security policy is in essence, a set of procedures detailing a
plan for protecting a site's network and assets. This plan
should also include actions to take in order to minimize
threats. In addition, if an attack has been launched against
the company, a security policy should detail the procedures to
be taken to counter measure any further attacks. This counter
measure may also include contacting local or federal law
enforcement officials.
Some
of the things a company may want to consider when developing a
security plan is the following:
| Segregate
your network into sub-nets. This will help you identify
what hosts on a sub-net are of importance.
|
| After
segregating your network, determine which host(s) you want
to protect and why. Protection could include physical and
network security.
|
| Determine
what are the different types of threats and their
likelihood
|
| Most
importantly, is to constantly review your security needs
and update your security policy.
|
Finally,
it is important to mention that your company's security policy
should be a cost effective procedure including hardware,
software and personnel.
Who
Needs a Security Policy
Any
company who has a network requires a security policy for that
network. In addition, when a company connects its internal
network to the Internet, another security policy is required.
In essence, a company requires two sets of security policies,
one for their Intranet, and one for connections to the
Internet. Both these policies must be implemented in a
synergistic fashion such that both complement one another.
A
company's President, Vice President(s) and their site system
administrators require a security policy. The upper level
managers of a company must make certain that a security policy
exists, and the site system administrator(s) must make sure
that the security policies are enforced. Upper level
management must mandate that the established security policies
are executed by their company and personnel.
Why
Do You Need a Security Consultant
A
security consultant is a person or an organization that can
help your company establish a security policy and secure your
assets. Hiring the right security organization is vital to the
protection and success of your company. An Internet security
organization can help your company in the following
ways:
| Establish
a site security policy for both the Intranet network and
connections to the Internet.
|
| The
security organization can identify and implement a
Firewall for your company. A Firewall is highly
recommended as part of your company's security policy
since it will implement many of the security policy
components.
|
| Aid
in scanning and probing your network and network hosts for
vulnerabilities.
|
| Can
help your company in developing customized programs for
monitoring and logging intruder events. Logging and
monitoring intruder events is highly important for
protecting your company from possible negligence lawsuits.
In addition, it will be your company's evidence that a
break in and crime has occurred. This evidence can then be
used to provide law enforcement officials with the proper
data to prosecute the intruder.
|
| A
security organization can also provide suggestions for
contacting the proper local and federal law enforcement
agencies.
|
| A
security organization can also keep your company up to
date on Security Advisories and possible threats.
|
A
security consultant can help protect your company and provide
you company with up to date security related information.
Conclusion
To
conclude, Internet crimes and laws against these types of
crimes are beginning to get more public awareness. Internet
crime laws are also starting to become more defined and as
such, companies may be finding themselves involved in legal
issues. To minimize a company's liability, it would be prudent
for a company to establish a security policy at a bare
minimum. In addition, the implementation of a Firewall is
highly recommended since it will aid the company in
implementing many of the components of their security
policy.
Security
organizations such as Stealth Internet Services, Inc. can help
your company define and implement a security policy. Since a
security policy is just the first step in securing your
company, Stealth Internet Services can also implement a
commercial Firewall that will protect your company and
customers.
A
security organization should also collaboratively work with
your company by providing information on Security Advisories
and vulnerabilities inherent to your company's operating
systems.
For
any questions or for further information, please contact
Stealth Internet Services, Inc. at: secinfo@stealthnet.com
|