Insecurity of Network Security
grow more dependent on technology, the concern for the state
of network and Internet security also grows. Corporations
today rely on their "always on" networks for everything
from housing confidential and corporate information to the
connecting of mobile users, to running business-critical operations.
As a result, IT administrators are put in the position of
guarding and maintaining the very livelihood of the corporation--Hardly
an easy task when faced with skeletal IT departments, limited
budgets, resistant users, and unsatisfactory applications.
recent survey of IT professionals revealed that only 8% of
them were "extremely confident" in the security
of their networks with a majority rating their confidence
as "somewhat". With corporate networks possessing
the very fate of an organization, I would think keeping it
secure and having absolute confidence in that security would
occupy the highest priority, and it seemingly is.
Every day companies are making investments in the security
of their network through the purchase and deployment of solutions
addressing particular security concerns. The problem arises
when they only secure areas that have caused problems in the
past and do not provide proactive protection for the others.
This reactive method to network security has a tendency to
only result adequate protection for a single area and an extensive
collection of "stand-alone" solutions that can result
in compatibility problems and manageability annoyances such
as administering to multiple consoles and different points
of contact for technical support.
True Internet and network security is found through a combination
of proficient administration and a defense in depth strategy.
Solution wise, network security is a process of layers. Each
network layer needs to not only work together cohesively but
do so in the most secure manner possible. If not implemented
correctly, however, this can result in cumbersome security
processes (i.e. multiple authentication requirements), consistent
updates of all security components, (which if made by different
vendors can ensue compatibility problems) and scalability
issues. Further it is of the utmost important that IT administrators
have the resources they need to sufficiently maintain the
system. Overworked administrators have to re-prioritize essential
security activities such as checking logs or keeping up with
the latest security patches, which results in easily avoidable
vulnerability being unseen and exploited.
With fears of viruses, malicious code and hackers keeping
administrators up at night, the network security plan for
many of today's largest corporations is in desperate need
of an overhaul. The best solution for these organizations
would be to find a comprehensive platform providing all the
security and productivity requirements of the corporations
in a cohesive, easy to manage, system. Replacing a series
of complex, vendor-specific, security applications with a
single streamlined system will succeed in providing higher
network and administrator efficiency resulting in the minimization
of debilitating and often overlooked security threats.
Wreski, CEO Guardian Digital, Inc.
Content and Policy Enforcement
Digital Content and Policy Enforcement (CAPE) Center
is a unique multi-tiered, email defense system. Distinctive
in its approach, CAPE brings together the most technologically
advanced open source developments, a multitude of standards-based
security solutions, and the ingenuity and security expertise
of Guardian Digital. Providing bulletproof system defenses
from blended email threats and corporate policy violations,
Guardian Digital CAPE Center is a critical component
to Guardian Digital Secure Mail Suite. Comprehensive
spam, virus, and corporate policy protection at each
application layer presents organizations with all the
tools they need to continually keep email communications
productive while at the same time delivering greater
system efficiency, consistently higher levels of protection,
and dramatically reduced operational costs.
more about Guardian Digital Content
and Policy Enforcement Center
Policies, Procedures & Products: Finding the Right
Digital's CEO Dave Wreski shared his expertise with
Processor editor Douglas Schwartz on the state of security
today and the best way to defend corporate networks.
I know passwords are a first line of defense to
ensuring privacy, how can I chose a hard to crack password?
A. Most people chose passwords
that are easy to remember, however, when choosing a
simple password such as a pets name or favorite sport
team, the chances of someone else figuring out that
password increase greatly. A strong password should
consist of a combination of numbers, letters and symbols.
It is important to avoid using passwords that contain
any part of your name, initials, user name, or any other
personal information that could easily be guessed. Also
try to avoid words from dictionaries, and using numbers
in sequence order, as common words and number sequences
can be easily identified. Instead try using special
characters, mixed with numbers and upper and lower case
Although a strong password is important, it is equally
important to create a password you can remember. Try
using acronyms or an easy to remember non-sense words
as the basis for your password.
Behind the Shield editors encourage their readers to
submit questions. The most frequently asked questions
will appear in future issues. We look forward to answering
all your inquiries! Email us at firstname.lastname@example.org
Digital In the News
Linuxsecurity.com: Linux and National Security
The May 2004 Behind the Shield Industry Note written
by Guardian Digital CEO Dave Wreski was chosen as a
feature story by Linuxsecurity.com editors this past
& Tips from Experts
name services (DNS) is a vital web application allowing the
translation of domain names to IP addresses. Although a seemingly
simple function, DNS servers are vital to the proper operation
of web services, making it a prime target for hacker attacks.
Unfortunately many corporations do not secure DNS servers
as adeptly as they should, leaving it open to some of the
most common and easily exploitable network vulnerabilities.
Protecting your DNS server with some simple tips will help
mitigate security vulnerabilities and help eliminate successful
your DNS version current by implementing vulnerability patches
the moment they become available.
the standard sever security procedures to DNS servers including
removing unnecessary services and keeping security patches
your DNS server in your DMZ and make sure it is provided
the full protection of the firewall to block unwanted traffic
before it can pose a threat.
operations that may be performed on your server to only
those that are necessary.
diversified DNS servers to minimize the effectiveness of
denial of service attacks. If resources permit, have multiple
servers positioned in various locations to ensure a single
attack does not affect both servers so that vital operations
are not fully effected.
Digital is pleased to provide Behind the Shield readers with
informative expert advice on what network security really
means. Each month a new topic of interest will be chosen to
supply you with useful tips and information not offered elsewhere.
This month we will have a brief discussion DNS security.
Through national and multi-national partners like Code 511
in France, Guardian Digital is able to provide their productivity
and security solutions to customers worldwide.
511 is France's premier source for computer security solutions
and consulting services. Catering to a wise-range of industries,
with clients in defense, banking, and insurance, Code 511
works with partners from all over the world to deliver powerful
computer security solutions, fitting to the individual needs
of each and every customer. With 10 years of security expertise,
Code 511 found Guardian Digital to be an ideal partner based
on their unique and highly effective strategies to Internet
and network security and their dedicated focus to partner
and customer support.
information on Code511, please visit their website at: www.code511.com