Categories Internet & Networks

Continued from Fixing the Problem

In both of these scenarios, the proper solution is to consider the system as a whole from the start, before actually designing and implementing security features. Technology fixes, such as securing Web servers and configuring firewalls, are one part of the answer, but building effective security mechanisms requires a top-down approach.

The intrusion methods described here require some level of sophistication and persistence on the part of the attacker, but they are quite possible to undertake in the real world. To a business, the fact that such attacks may be difficult to implement should be weighed against the financial value of information potentially exposed as a result of an attack. This process is a fundamental part of designing a security policy and requires more than a technology-focused approach.

A holistic approach to system security should be a way of life for anyone concerned with preventing unauthorized access. By avoiding the temptation to focus on individual technologies and access points and examining the system as a whole, companies can identify many previously undiscovered risks and build a more secure IT environment.

More Internet & Networking

Published as Enterprise Computing in the 5/25/99 issue of PC Magazine.

Related Links
• Denial-of-Service Attacks -- PC Tech
• Internet Security Standards -- PC Tech
• Internet Security: Disarming the Net -- PC Labs Reviews
• Network Antivirus: Defend Your Network -- PC Labs Reviews
• Network Manager -- ZD Products
• Network Administrator Courses -- ZDU