238 Chapter 9 Business Continuity and Disaster Recovery Planning
There is a simple and straightforward life- cycle approach that can be utilized to accomplish
this task. The application of this structured process ensures that all potential user group and
information combinations have been considered. When successfully completed, this implies
that appropriate security processes and technology have been determined that allow legiti-
mate access into any of the organization’s computer and network resources. These include the
following steps that are processed repetitively until an evaluation is successful:
Identify the organization’s security issues.•
Analyze security risks, threats, and vulnerabilities.•
Design the security architecture and the associated processes.•
Audit the impact of the security technology and processes.•
Evaluate the effectiveness of current architectures and policies.•
Note that evaluation processes validate the effectiveness of the original analysis steps, and
feedback from these evaluation steps causes a renewed analysis with possible ripple effects of
changes in architecture or implemented technology.
Protecting network assets and operations is a continuing task with results that can never
be certain. When intelligently applied, protective efforts can reduce, but never completely
eliminate, the chances of losses due to security breaches. Although most network security
violations take place within corporate networks and are initiated by authorized users, most
funding for security programs is allocated to measures that guarantee that only authorized
users are allowed to access the network. These funds are also allocated to prevention and
detection of external invasions.
A primary task of maintaining network integrity involves troubleshooting the network
environment. Past results indicate that a systematic approach is the most effective. The admin-
istrator should be able to identify problems from symptoms and initiate corrective action
based on this systematic approach. If change is not managed, a great deal of time will be spent
fire- fighting instead of re- preventing. A major part of this structured approach is network
management and planning, which can be accomplished by addressing the following issues:
Data backup.•
Documentation procedures and methodology.•
Hardware and software standards.•
Network baseline.•
Preemptive troubleshooting.•
Security policies.•
Upgrade guidelines.•
59940_Newman_02Print.indb 238 2/6/09 11:42:55 AM
Maintaining Network Integrity 239
Network Baseline
A baseline for network performance must be established if network monitoring is going to
be used as a preemptive troubleshooting tool. A baseline defines a point of reference against
which to measure network performance and behavior when problems occur. This baseline is
established during a period when no problems are evident on the network. A baseline is useful
when identifying daily network utilization patterns, possible network bottlenecks, protocol
traffic patterns, and heavy- user usage patterns and time frames. A baseline can also indicate
whether a network needs to be partitioned or segmented or whether the network access speed
should be increased. The three components that must be created to establish a baseline are:
Current topology diagrams.•
Response time measurements of regular events.•
Statistical characterization of the critical segments.•
These three components require some effort in developing; however, the payoff comes
when a problem occurs in the network. A small amount of time spent each week by a number
of personnel who are assigned portions of the network can accomplish this task in a rela-
tively short time.
Security Policies
All security policies set forth in a network plan should be detailed and followed closely. The
security policies depend on the network size, the organization’s security standards, and the
value and sensitivity of the data. The security plan must include physical, network, and com-
puter security. The five most significant issues involving security of a computer network, that
should be addressed, include the following:
Identification /authentication• users are accurately identified.
Access control /authorization• only legitimate users can access a resource.
Privacy• eavesdropping is not an issue, and transmissions are private.
Data integrity• activities on a database are controlled and protected.
Nonrepudiation• users cannot deny any legitimate transactions.
Network security can be enhanced by a number of username and password require-
ments and resource access requirements. Standards for username and passwords include the
following suggestions:
Establish minimum and maximum password lengths for user accounts.•
Provide the users with the details in reference to character restrictions.•
Determine the frequency for changing passwords.•
Decide if and when passwords can be reused.•
Decide if there will be exceptions to the policy.•
59940_Newman_02Print.indb 239 2/6/09 11:42:55 AM

Get Computer Security: Protecting Digital Resources now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.