Oct 09 2008

Avoid These Security Blunders

Make one of these three common missteps, and you're asking for network trouble.

As state and local government IT leaders focus on network security, it’s worth knowing which security practices can foul things up. What follows are three common security mistakes, and how they can hurt you.

Mistake #1: Forgetting the human element

Solid perimeter security is a foregone conclusion at most organizations, which leaves those inside the network as the greatest remaining threat. Improve user security awareness with education and training. Old standbys such as hallways posters don’t have much impact, so try something new. For example, if you’re worried about phishing attacks, launch one on your staff to learn who needs some one-on-one training.

Old advice may no longer be relevant. Re-evaluate your security training program to see what could be dropped and what could be added. A small investment here can have a big payoff in incidents avoided.

Technologies that you may not have been able to afford in the past, such as single sign-on or token-based authentication, have come down in price and are now more widely available. Take advantage of products that help users behave more securely.

Mistake #2: Ignoring security logs

Organizations of all sizes are being saturated with security products, including firewalls, mail and web security gateways, virtual private networks, intrusion prevention/detection systems, and a whole raft of host-based solutions such as antimalware and personal firewalls. All of them generate copious amounts of information, most of which is ignored.

Now is the time to collect these logs into a central server and use automated tools to scan for relevant information. With products ranging from freeware tools for Linux to commercial security event/information management, there’s a product to fit every size network and budget.

Examine your security logs regularly — or, better yet, let your computer scan them — to alert you to problems and errors. This critical step will help you identify security incidents before they become a problem.

Over the long term, log monitoring and analysis gives you a window on the security posture of the network. System designers have long compensated for a lack of network visibility by simply overengineering whatever and wherever they can. As budgets tighten, greater familiarity with your network will let you target your spending on the areas that need improvement. By taking control of your security log data, you’ll know which products are working for you and which are redundant, don’t work, are improperly configured or have become deactivated.

Mistake #3: Layering instead of refactoring

“Refactoring” is a trendy term among programmers; it means that you’ve improved the inner workings of something (an application, a subroutine, a library routine) without changing it on the outside. Programmers refactor to clean up poorly written code or bad design. From the outside, it all looks the same, but the result is a faster, more reliable and more easily maintained program.

Security managers should take the refactoring approach. Step back occasionally and ask, is this still the right security architecture for my network? If you’ve grown four host-based security products, it might be time to collapse them into a single product. If you’ve got security appliances littering your network, you might consider moving to unified threat management or another consolidated security product.

Don’t be reactionary or vendor-driven in your security posture. Don’t simply add a new tool or package in response to a new threat. Instead, allocate some of your time to refactoring. Look ahead to see how you can build a security architecture that will smooth potential performance bottlenecks, increase system availability and reduce operational costs in time and money.