Corporate Security
by Ashot Oganesyan K. - SmartLine, Inc. - Tuesday, 25 February 2003.
Corporate security is an important issue for every company, no matter how large or small. However, the nature and focus of corporate security have changed dramatically in the last 10 years. Most current businesses use digital technologies, computers, e-commerce solutions, wireless devices and other recent innovations to run more efficiently. Unfortunately, these also pose a threat to system integrity with security breaches being reported regularly. The focus of corporate security is changing to include these new ways of doing business, and so has the budgets of security departments and agencies. In fact, billions of dollars are spent each year on electronic corporate security solutions intended to fight off hacker attacks, control data access and to make information transfers safe. What most people fail to realize is that statistically over 80% of security breaches are caused by insiders - most often employees.

Usually, the goal of intrusions is to obtain valuable information, databases, research data, sales reports, marketing statistics, HR records, etc. The information can be sold and/or used by the perpetrators. Once information is located and duplicated, there are two ways to "carry" it out. The first is to transfer it via the Internet. The second is with physical media: floppies, CDs, external drives (ZIPs, USB drives, and many others), etc.

There are two approaches to solve this problem. The first way is to cut off Internet access and remove all devices that can be used to transfer information (floppy drives, external drives, etc.) This approach is expensive, difficult and impractical for the majority of companies. The alternative is inexpensive software solutions. There are very few such solutions on the market right now and only two or three that deserve attention.

DeviceLock from SmartLine is a one solution that gives network administrators control over which users can access what devices (floppies, serial and parallel ports, Magneto-Optical disks, CD-ROMs, ZIPs, etc.) on a local computer. You do not need to physically remove, uninstall or block any hardware. All you need to do is install the software and assign the appropriate privileges to each user. What you get is full control over which users or groups can access devices depending on the time of day and day of the week, protection against accidental or intentional disk formatting, viruses, Trojans and other malicious programs that are frequently introduced from removable disks.

PortsLock, also created by SmartLine, gives you protection behind a firewall. While most companies are obsessed about possible hacker attacks, Network World reports that between 80 and 90 percent of security breaches originate from within the corporate firewall. An average security breach costs almost a million dollars.

Once PortsLock is installed, administrators can assign permissions to TCP/IP connections, just as they would in managing permissions on an NTFS partition of a hard disk. It lets you control which users can access what TCP/IP based protocols (HTTP, FTP, SMTP, POP3, Telnet, etc.) on a local computer, depending on the time of day and day of the week. You can also set allowed/denied TCP/UDP ports and IP addresses for incoming and outgoing connections. The essence is that users do not set up rules in their applications to use the network. Only administrators are allowed to set rules so users without administrative privileges cannot bypass the PortsLock security. What's also important is that PortsLock works perfectly fine alongside other personal firewalls and routers installed on the same computer.

Spotlight

Review: Bulletproof SSL and TLS

Posted on 12 September 2014.  |  Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice - all in one place.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //