• Choose a category
• All
• Classic-Fiction

■ Use a file transfer client that employs both authentication and data transfer encryption.

■ Don’t allow anonymous access for both reading and writing; allow it for only one or the other.

■ Use a separate system for writing from anonymous Internet users.

■ Monitor file size and usage quota limits.

■ Don’t allow users to employ the same logon credentials as their domain logons.

■ Regularly scan all files on the sharing system for malware.

■ Don’t enable execution privileges for file-sharing visitors.

■ Don’t store confidential, private, proprietary, or other forms of highly valuable data on the server that allows remote or anonymous users to exchange files.

■ Regularly back up all files stored in the file-sharing server.

■ Periodically check that your file-sharing server has not become an underground illegal file exchange repository.

■ Consider setting a maximum file size of 10MB (or whatever is reasonably appropriate for the types of files shared).

■ Consider requiring that all files be uploaded in an archived state (via a ZIP, RAR, or ARJ compression/archiving tool).

■ Consider requiring that all files be password locked.

■ Consider requiring that all files be encrypted.

A file-sharing system can be a method to prevent e-mail being used as a malware carrier. However, file sharing itself is not a 100 percent secure option either. Taking the proper precautions will help reduce the likelihood of abuse.

Working with IDSs and Honey Pots

Intrusion detection systems (IDSs) can be outstanding security assets, but it is important not to rely too heavily on them. There are numerous drawbacks to IDS solutions that are often downplayed to the detriment of those implementing them. An IDS is only as good as its programming and detection mechanism. Also, like an antivirus solution, an IDS needs to have its signature database regularly updated and its engine patched. An IDS will not detect all attacks (not detecting an attack is known as a false negative). Nor will all IDS alerts be for actual malicious events (this is known as a false positive). It might be necessary to have a staff member monitor the IDS and investigate every alert produced.

The following warnings and suggestions will help you get the most out of an IDS:

■ IDS systems can be hindered by switched networks if not deployed properly. This includes either deploying the IDS off the mirror or audit port of the switch or deploying remote sensors in every disparate network segment.

■ An IDS or a sensor should be located in every subnet and in every security zone, including the subnet on the other side of your most external firewall (such as on the Internet link itself).

■ A network IDS should be deployed as a separate stand-alone system to give it full access to the processing and storage capabilities of the host.

■ IDS systems should not be configured to retaliate against intrusions or attacks; at most, a malicious session should be disconnected.

Often the use of an IDS will warrant the discussion of what to do about a discovered intruder. Initially there are two options: disconnect or watch and learn. Disconnect stops the attack from continuing. Watching and learning often involves a honey pot or padded cell environment. Such environments raise the issue of enticement versus entrapment. Discuss this issue with your legal department as the specifics and ramifications are complex.

Incident Handling

Incident handling often means a criminal investigation. Whenever a criminal activity is suspected, back away from the environment, leave it as is, and contact law enforcement. Unless you are instructed by law enforcement to perform actions to gather evidence, do not do anything. Your actions in looking for, collecting, or analyzing evidence can be easily thrown out of court. This inadmissibility is due to your lack of official training in forensic investigations, your conflict of interest, and the likelihood that you will violate the rules of evidence and/or the chain of custody.

Internet Common Sense

In light of the