Computerworld - Our office is usually quiet this time of year. Our financial year-end isn't sorted out until the end of January, but once that rush is out of the way, we enjoy a peaceful few weeks planning for the next year.
I know that regardless of the plans I make, I'll have to react to changes in my company and to wider events in information security. But without an idea of what I hope to achieve, I know I'll spend my year bouncing from emergency to emergency.
I can't avoid emergencies, but there are some improvements I can make to our policies and methods to reduce our risk of being hit by severe crises.
I expect routers to become a large area of concern this year. The CERT Coordination Center in Pittsburgh, which isn't the fastest off the block with warnings these days, has released notifications about routers being used for attacks.
We already use the access control lists (ACL) within our routers to apply logical access control, a sort of cheap and cheerful firewall setup for internal segregation. We have several hundred routers of various sorts and many network staffers who can access them. This complicates the management of ACLs, particularly configuration changes.
We'll be looking at Mountain View, Calif.-based Solsoft Inc.'s Solsoft NP product to help in the management of all of our ACLs. Although we have integrity-checking on our Windows and Sun Solaris systems, we will consider installing Portland, Ore.-based Tripwire Inc.'s Tripwire for Routers and Switches to identify unauthorized changes to the configuration of those systems.
LINKS:
Every security manager should read this CERT report, published in October, about the risks of routers and denial-of-service attacks.
Here's the skinny from Islandia, N.Y.-based Computer Associates International Inc. on the evolutionary Win32.Hybris virus, which uses newsgroups to spread.
Read this alert from Atlanta-based Internet Security Systems Inc. to learn about a serious buffer-overflow vulnerability in the log-in program used by Solaris and other operating systems based on Unix Sys V.
This site includes information on the Solsoft NP security policy manager I'm evaluating.
I'm considering using Tripwire for Routers and Switches to monitor our routers, but Tripwire also offers a version that works for servers, as well as an open-source Linux edition.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
