Gmail Blog

Security Principles

Posted on Monday, January 14, 2008 by Nitin

Security Principles


As eCommerce and global connectivity for business to business operations become vital on the other hand Cyber crime is becoming profitable and easy to execute day by day like Identity fraud, malicious codes, social engineering due to the abundance of attack tools out there today. In the year 2006 the damage due to malware alone was more than $13 billion which include loss due to outage and cost required to rollback its affect, labor cost.

Information is the greatest asset companies have and Information is hardly steady it always keeps on flowing. In computer security the Customer requirements and criminal methodology both keeps on changing much faster than our expectation. What people normally fail to understand is that they need to follow the principle of security and not the product itself. Security is not just about anti-virus, firewalls IDS/IPS or encryption.

The malicious hackers who have adopted ready made exploit tool due to its relative ease of use, and powerful features have a powerful weapon at their disposal.

Think of security that is adaptable.

Security is not just about anti-virus, firewalls IDS/IPS or encryption. We can do better by designing security in layers and keeping space for new possibilities. Perfect security requires broad combination of technology, training, policy, procedure and enforcement. By using a few different security products together a huge chance of majority of attacks can be eliminated. A least each company can do to keep out unwanted traffic is implementing a firewall, an IDS (intrusion detection system) and anti-virus software.

A firewall is a kind of defense at perimeter. It restricts access based on various rules. If something manages to penetrate the firewall the next line of defense would be IDS. There are several ways to classify an IDS based on the methodology it works.

NIDS: Network Intrusion Detection System is placed at a point in network where all inbound and outbound traffic is scanned.

HIDS: Host Intrusion Detection System is installed on an individual host in network. Its job is to scan inbound and outbound packets from the host and alert when any suspicious activity is detected.

NIDS & HIDS can be either signature based or anomaly based. In signature based the packets being scanned are compared against prewritten rules called signatures. Signature based IDS fails to detect new threat for which the signature is not readily available in its database. In anomaly based IDS the packets being scanned are matched against certain criteria and any deviation from normal causes a trigger to raise alert. The criteria can be based on bandwidth usage, port being used, protocol being used, number of connections, etc. Few IDS in market are also coming with application decode techniques which is advance way of detecting anomalous behavior of application.

Going further, incase something malicious manages to penetrate the firewall as well as IDS then antivirus software can act and detect malicious code. AV software are similar to signature based IDS which can prevent for know viruses. Many AV products in market are available in packages where protection from virus, worm, Trojan, spyware, adware, spam is all combined in one package.

For large network it is crucial to create DMZ (demilitarized zone) to section traffic based on restricted to less restricted zones using firewalls.

There is nothing like Perfect Security. Only the PC which is turned off and buried 20 feets under white house can be considered 100% secure.