CIOZone.com - Professional Network for CIOs and IT Professionals

By Simon Heron, Network Box

Companies are protecting themselves from high-profile threats such as malware attacks, but are often leaving themselves vulnerable from forgotten security defenses.

In the first of our advisory notices on "forgotten security," we advise companies to examine their applications, hardware and security systems to protect against vulnerabilities resulting from insufficient monitoring.

Most businesses are using an increasing numbers of applications, including Web-based applications. This has led to a greater number of SQL injection attacks (injecting code into a trusted application to make it do something it shouldn't), which we wrote a separate advisory on recently.

We are also seeing serious vulnerabilities in "social" or rogue applications that are creeping into businesses, such as P2P software that are often inherently insecure, as they are not built with business purposes in mind—see our guidelines on P2P.

Our advice to IT managers is to review the number of applications used across the business regularly, and test them for vulnerabilities, failures and correct use by employees.

The following actions should be undertaken regularly:

• Review all applications regularly and test them for vulnerabilities and correct operation.
• Check that all security processes are actually running. Ensure they are updating effectively and scanning properly. Check what is being scanned, and whether any changes have occurred as a result of system or user errors.
• Check continuously that you are not sending out viruses or spam from within the organization.
• Monitor VPNs to see that they are up and providing connectivity between offices.
• Check that the firewall configuration is correct and is patched with the latest version.
• Check for intrusions like username and password retries.
• If a server has hard disks, ensure there is an effective, working system in place to see if it is generating hard disk errors indicating that it might fail.
• Monitor CPU temperatures: a system running hot will reduce its life span, reducing ROI.
• For the same reason, check fans. If they stop, then areas of the motherboard may not be. cooled efficiently, causing the system to fail or to work in a stressed fashion reducing lifetime of the system. The same applies with power rails.
• Check for network errors where routers and network cards are not using the optimal settings or failing to negotiate with each other and hence network speeds are poor, reducing productivity.
• Check how busy your system is. Is it reaching its maximum throughput, and is a bottleneck reducing productivity?

In addition, we suggest taking the following steps to ensure optimal working of applications, hardware and security. Monitoring applications:

• Monitor your users and review the applications they use as part of the ISO9001 processor about once a quarter. Set clear user guidelines and policies covering which applications can and which can't be used within the business, and how, and enforce that policy.
• Test for vulnerabilities in applications. You can use automated systems, such as securityspace.com, that do perimeter tests for you.
• Ensure that you have a way of checking if operating systems and applications have been patched. Secunia.com provides a free service that allows you to run a test and find out what is not up to date.

Monitoring security systems:

• Always consider what security systems you need, how you are going to monitor security, and what needs to be monitored when you put it in place.

Monitoring hardware—warning systems:

Comment on this article

Only registered users can write comments.
Please login or register.