Last updated:
22 October 2006;
Supplements this
Knowledgebase Article.
Why Is System & Network Security Important?
There are those who believe that the security issues facing
home users are greatly exaggerated, and that the only entities which need to
be concerned about desktop and network security are businesses which have critical data on their machines.
And many think that only broadband users or folks with high-speed
connections need to be concerned.
Truth is, the vast majority of computer systems, including
corporate ones, are not compromised for the data they may contain.
Rather, they are often compromised for practice purposes, such as storage
space for warez, or to create remote zombies for large-scale Distributed
Denial of Service (DDoS) attacks against other networks. Compromised
systems today are even being used to send SPAM.
Most systems are not necessarily compromised by a dedicated cracker
trying a variety of remote commands until he/she successfully cracks the
system password. Instead, most attacks today are performed using automated tools which attempt to
exploit known vulnerabilities in various OSes and applications.
On a number of occasions, Internet traffic has been bogged
down by the propagation of Viruses and Worms via unpatched systems.
Among the more notable instances are
Code Red,
NIMDA,
SQL Slammer,
MSBlaster, and the
Sasser worms. Given the rapid growth of home networks, this
situation will only get worse if security does not become more important to
more people -- vendors and users alike.
Here are some additional viruses and worms of the past few
months:
There is just no excuse for not employing proper security
on your systems and network. Here are a few articles that discuss the ways
that compromised systems are being used by their attackers:
REMEMBER: Security is not simply
about protecting yourself directly -- it's also about protecting your
neighbor (and the Internet) indirectly. Don't let your computer be a bad
citizen.
Best practices include maintaining a properly
configured network or desktop firewall, as well as up-to-date AntiVirus
software, and making use of non-privileged accounts for day-to-day
activities. Best practices also include patching on a regular basis.
By not keeping up
with system patches, and by not adhering to other best practices, you will be contributing to the
proliferation of worms and viruses on the Internet, and at some point, you may find yourself
having to explain to some corporate (or government) network administrator why your system appears to
be attacking his/her network. And it won't matter if you have anything
valuable on your machine or not.
Security is not about a specific product...
Security is
not about a specific brand...
Security is not about a specific Operating
System...
Security is not just about protecting yourself from others...
Security does not end with a firewall... It is all about
layers...
Properly configured Firewall
AntiVirus with up to date signatures
Strong Passwords, which are changed
regularly, and never shared
Patching Religiously (weekly, at the
very least)
Proper use of accounts and access
lists (ACLs)
Logging and Log Analysis of security
devices
Good security practices
It takes all of these elements, collectively,
to constitute good security practices. Doing one or two of them does not
make for great security. It might make you better off than someone who isn't
practicing any of them, but it's about as useful as getting only one or two
vaccinations for your kids.
Basically, every one of these layers can
be obtained for free. And given that the Internet can be a very bad
place, there is positively no reason to avoid good security practices in
2003 -- and there hasn't been for many, many years...
To reiterate: security is not just about products -- it is about process.
Good practices will overcome deficiencies in bad products, whereas bad
process will undermine otherwise excellent products. Incorrectly
configured security devices are worse than having no security devices at
all, if only because they lull you into a false sense of security.
Here are some very thorough Microsoft guides
on securing
Servers, Desktops and
Networks...
Please take system and network security
seriously.
For all intents and purposes, consumer firewalls fall into
two categories:
The basic goal of a firewall is to regulate traffic.
Deploying a network-based firewall makes it very easy to protect your
systems from one central point. However, one of the major advantages of most
Personal (or Host-based) firewalls is that they allow you to regulate
outbound traffic in addition to inbound traffic. Most consumer-level
network-based firewalls, such as broadband routers in the $50-$150 range,
allow you to regulate inbound traffic only.
For additional protection, both types of firewalls can be
used together. This is a good example of using layered security.
If you are an avid user of P2P software, and you are not very stringent
about the software that you download and install on your machine, and you
don't keep up to date with your patches, then you are well-advised to make
use of both types of firewalls on your network.
If, however, you are very careful about the software you
download, and the email you open, and the sites you visit, then you should
have no problem getting by with just a network-based firewall.
Regardless of which product you choose, be sure to regularly check your
logs, and review your configuration. If you don't continue paying attention
to security, you soon end up with a compromised system/network.
NOTE: It is not advisable that you run multiple
host-based firewalls on the same machine, as they will conflict and
undermine each other's functionality. This is a recipe for disaster.
Here is more information about the
type of
firewalls available today.
If your machine is ever compromised, just format it and
rebuild, restoring any necessary data from the last clean backup. You can
never be sure that you've managed to clean out all the backdoors on such a
system.
Typically, when a machine has been compromised, the intruder
creates a number of additional entry points on the system in order to
facilitate an easy return. Simply fixing the original vulnerability
will not be sufficient to dislodge your intruder, who has probably gone to
great lengths to conceal his/her identity -- including disabling or
misleading any installed antivirus products.
It's not worth a recovery effort. Take your system
off-line, rebuild it, restore your data from a recent backup, and scan for all manner of viruses, worms and trojans
before putting it back online.
Then, you can put it back online -- hopefully, a little wiser than before.
Here is a
definitive guide to recovering your system from a compromised state.
|
