• Choose a category
• All
• Classic-Fiction

■ Watch for traffic direction, load, and performance trends.

■ Build in sufficient growth capacity in every important area of IT productivity. Monitor the consumption of this extra capacity.

■ Realize that the compromise of a workstation can result in the compromise of the entire LAN.

■ Provide clients with reasonable security that supports the security of servers.

■ Avoid the use of mobile devices that interact with the LAN.

■ Restrict the type of data that can be stored on mobile devices.

■ Treat mobile devices as an attack and malware entry point.

■ Always run cables in shielding conduits.

■ If multiple copper cables are run through the same conduit, use cables with significantly different twists per inch and use STP instead of UTP.

■ Don’t run communication cables and power cables in the same conduit.

■ Avoid running any type of cable near an EMI or RFI source.

■ Use higher-grade cables than what is currently needed for your networking performance levels.

■ Use fiber-optic cables if possible.

■ Regularly inspect every cable run for tampering or damage.

■ Replace any cable that shows wear or damage.

■ Use the shortest cable runs possible.

■ Use power conditioners for every network device.

Proper infrastructure planning is essential to long-term success of company security policy. Security should be designed from the beginning rather than being imposed after the fact. However, most of us don’t get to make the choice of when security is considered, so we must do the best we can with what we are given. Even if it’s late in the game to impose security, take the time to plan out the security strategy before starting the implementation.

Working with Security Zones

Even in a purely discretionary access control environment, security zones are important. Security zones are a form of classification. Basically, it is a designation of what portions of the company-controlled IT are accessible to which types of users. You will have at least three user types to deal with: employees, nonemployee business contacts, and external users. These easily lend themselves to the three standard security zones of intranet, extranet, and DMZ, respectively.

In addition to the basic ideas covered in the Security+ content, here are a few considerations:

■ Never place the only copy of data or other resources into the DMZ or extranet.

■ Regularly back up all data present in the DMZ and extranet.

■ Never grant access to external entities into the intranet.

■ Audit and monitor all activities in all security zones.

■ Erect strong security barriers between each security zone.

■ Public and anonymous access in a DMZ does not mean anything goes—detect and block attacks in every zone.

■ Whenever possible, deploy the DMZ so that it has no connection whatsoever with your intranet or extranet.

■ Consider co-location or site hosting at an ISP for your DMZ.

Understanding and respecting these three groups is important for a strong security endeavor. Different forms of security, different levels of access, and different types of data are present in each security zone. Making a mistake and placing the wrong element into a zone can have disastrous consequences. In the company security policy and in the deployed infrastructure, it’s essential to set clear definitions of what each security zone will entail.

Social Engineering Risks

Social engineering is quickly becoming a predominant attack method against technically savvy security environments. While no technology is foolproof, some forms of IT protection, such as encryption, are becoming so difficult to penetrate that it is in the interest of the assailant to find a weaker point of attack. The weakest point of any secured environment is the people who work and interact with that environment. Often, if an attacker can compromise someone on the inside, they can get around the protections that prevented a direct external attack. Rubber hose attack is the nickname for going directly to people to convince them to give