Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Network Box guide to forgotten security defences

Network Box : 11 September, 2009  (Technical Article)
SQL Injection attacks and the vulnerability of P2P add-in applications are the subject of advice from Network Box in its "forgotten security defences" information series
Companies are protecting themselves from high-profile threats such as malware attacks, but leaving themselves vulnerable from the 'forgotten security defences', according to new advice from managed security firm, Network Box.

In the first in the company's 'Forgotten Security' series, Network Box advises organisations to pay closer heed to the applications used within the business. Increasing numbers of applications, including web-based applications, are used by businesses. This has led to a greater number of SQL Injection attacks (injecting code into a trusted application to make it do something it shouldn't) and vulnerabilities in 'social' or rogue applications (such as P2P) that are often inherently insecure, as they are not built with business purposes in mind.

Network Box's advice to IT managers is to review the number of applications used across the business regularly, and test them for vulnerabilities, failures and correct use by employees. The advisory gives IT managers a checklist of applications and processes to monitor, covering security processes, productivity, connectivity, configuration, hard disk error monitoring, CPU temperatures, motherboard cooling, and network errors,.

It also gives practical advice to IT managers, including:

* Monitoring applications:

Monitor your users and review the applications they use as part of the ISO9001 process or about once a quarter. Set clear user guidelines and policies covering which applications can and which can't be used within the business, and how, and enforce that policy

Test for vulnerabilities in applications. You can use automated systems, such as securityspace.com that does perimeter tests for you

Ensure that you have a way of checking if operating systems and applications have been patched. Secunia.com provides a free service that allows you to run a test and find out what is not up to date

* Monitoring security systems:

Always consider what security systems you need, how you are going to monitor security, and what needs to be monitored, when you put it in place

* Monitoring hardware - warning systems

Agree at what point a warning becomes critical and implement a warning system that you can monitor effectively. For example, you might chose to receive a warning if the CPU temperature on a piece of hardware reaches 40, but a 'critical' alert when it reaches 60, depending on the hardware in question

Ensure there is a system in place to alert you to warnings: by email, screen or sound, or all three

If you are monitoring a large number of devices consider the server load. Monitoring can become quite processor intensive if mishandled or misconfigured

According to Simon Heron, Internet Security Analyst at Network Box, companies often take measures to protect themselves against what he calls the 'high profile' threats, but leave vulnerabilities in the applications or hardware that are used every day: "Companies are becoming much more aware of the security threats they face. As a result, we often find that the high profile threats, such as viruses and insider attacks are protected against, but that the performance of applications and hardware have been forgotten. Often it is the most obvious things that are overlooked, and that can bring down a network. There are very simple, inexpensive steps to put this right."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo