Seeing to the Health of the Body Corporate
1 - 2 min read
Apr 01, 2002
Most security strategies are primarily defensive. The plan is to stop attacks at the front (firewall), back (server) and/or bedroom (desktop) doors. This plan has zero tolerance for failure because it has no component for dealing with and diagnosing successful attacks. So when the inevitable breach occurs, so do the 2 a.m. phone calls, 24-hour work details and extensive system scrubbing and reconstruction. A more broadly-based approach will help you and your staff regain your sanity--and maybe even your lives.
Once you get past defense, your plan must include tools--such as a health monitor--to recognize a sick system. The recent SNMP-vectored ASN.1 attack demonstrated that even routers and hubs need watching. Monitoring is not a new idea, and many security programs include server examinations. However, health checkups are best performed regularly and on every system--not just the ones that appear to be most at risk. What would it take to know that an executive's system has been compromised and is busily seeding disease throughout the body corporate? In answering that question, take care not to devise a health program that is too cumbersome, too frequent or too intrusive. If your network fitness plan is any of these things, it simply won't be used and the funeral processions will march on.
The third critical element of a network health program is treatment. Remedies should not be limited to patch programs that excise the infection 24 hours after the contagion has spread, since that length of time easily could be lethal to a business. A broad approach includes the option to totally rebuild a system--be it a critical server, the CEO's notebook, or a clerical workstation--in one hour at most. To be a successful part of the total security framework, treatment, just like defense and monitoring, takes commitment, planning and the appropriate repair tools.
The link for this article located at Network Computing is no longer available.
