Preventing Breaches in Data Security
Introduction to Data Security
Organizations require data security to protect sensitive information from breaches. Many organizations are subjected to external security requirements. Companies that accept credit cards must abide by the Payment Card Industries Data Security Standard (PCI DSS). The PCI DSS is a series of security checklists an organization must comply with. Public companies must be compliant with the Sarbanes-Oxley Act which, like the PCI DSS, requires that these organizations take steps to protect sensitive data from breaches. Even for organizations that are not subjected to external requirements, there are plenty of best practices that allow network administrators to avoid breaches in data security. The Center for Internet Security or ISO 27001 are examples of security frameworks.
Defense in depth provides the best approach to data security. There
are two major pieces to the security puzzle: perimeter security and internal security. Perimeter security protects the network from external threats like hackers. Internal security ensures that threats from within the network do not result in breaches in data security.
Perimeter Data Security
Perimeter data security is where most IT organizations focus their efforts. One key element of a perimeter security plan is a firewall. Firewalls block unwanted traffic from entering a network and even prevent internal traffic from getting out when necessary. Intrusion detection applications or appliances are designed to sniff network traffic for the signatures of an intrusion from an external source. Hackers trying to get into a network using trojans or other malware applications can be stopped by a combination of firewall and intrusion detection.
Other perimeter tools like vulnerability assessment applications probe the network and its host looking for unpatched servers and workstations or the firewall looking for known problems that an IT organization can fix. VPN solutions allow users to connect remotely without exposing sensitive data to the Internet. Establishing a DMZ permits an organization to put customer-facing resources like web servers onto the Internet while maintaining data security.
Internal Data Security
Insider threats must be considered when trying to avoid breaches in data security. IT adminstrators and other users already have access to sensitive data inside the firewall. As a result, the layers of defense in depth must extend all the way to the desktop. Anti-virus and host-based firewalls on each desktop protect the organization from user activity that can introduce malware and viruses to the network. At the server level host-based intrusion detection applications and file integrity monitoring protect the systems that store the data.
Centralized logging applications and security event management systems collect log data from the network devices, servers and other pieces of the infrastructure, index it and correlate it. This allows IT security to watch for specific security events of interest and report their findings to management. Centralized logging also provides a place for security to perform their forensic investigations in the event that a security breach does occur.
Ultimately, one of the weakest layers in data security is the end user. Social engineering, browsing compromised websites, and phishing are some of the threats to which users expose sensitive data to breaches. Each organization must have a security policy in place detailing what users can and cannot do within the network.
Security training must be delivered to ensure everyone understands what the security policy is for and why it is important to abide by those rules. Basic rules like “Don’t write your password on a sticky and put it under your keyboard,” may seem like common sense but must be emphasized just as much as rules preventing users from downloading and installing applications from the internet. Segregation of duties policies clearly define user roles and what resources are available to a given person and what they can do.
Buecker, Axel; Andreas, Per; Paisley, Scott; Understanding IT Perimeter Security, IBM Redbooks, November 2009, retrieved at https://www.redbooks.ibm.com/abstracts/redp4397.html
Curtin, Matt, Kent Information Services, Inc. Reproduced on Interhack.net, at https://www.interhack.net/pubs/network-security/
WindowSecurity.com, Network Security White Papers, retrieved at https://www.windowsecurity.com/whitepapers/
Image Credit: jscreationzs / FreeDigitalPhotos.net