USER ACCOUNTABILITY: DEALING WITH EXTERNAL THREATS
It is always good to remember that a user should be responsible in the use of his access rights to systems and the information stored in such systems. The user should always be accountable for his/her actions especially if this results in unauthorized access or any other threat to the systems of the company.
It may be easy to deal with threats from within the organization but what if the threat comes from an external source and therefore is not bound by any of the accountability policies concerning IT security that may be in place. One way of dealing with this situation is by setting up a firewall system.
'A firewall is a system or group of systems that enforces an access control policy between two networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one, which exists to lock traffic, and the other that exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don’t have a good idea what kind of access you want to permit or deny, or you simply permit someone or some product to configure a firewall based on what they or it think it should do, then they are making policy for your organization as a whole.' (The Internet Firewall FAQ)
Firewall systems are considered the first line of defense between an internal network (ex. of companies but also private networks) and the outside world, especially if the connection is to the Internet. It should be set up not only to allow certain operations to occur (mail delivery, file uploads/downloads, etc), but to make it difficult or impossible for a hacker on the outside to use the firewall to penetrate the company’s internal systems.
FIREWALL SYSTEMS REQUIREMENTS
Firewall systems must support features that will do the following:
- Prevent unauthorized users from accessing the internal network.
- Log its activities.
- Be easy to administer.
- Provide alarm mechanisms.
If a firewall system will be deployed to secure the access to the Internet, the way the firewall system is set up must reflect the security policy of the organization. The security policy must address, as a minimum, the following questions:
Who is or will be the organization's Internet service provider (ISP)?
What is the Internet service provider's security policy? Is their network secure?
Will firewall systems be used to secure the connection to the Internet? If so, what type of firewall system?
What is the firewall system architecture?
What is the policy on IP addresses?
Is the organization's IP address space a registered IP address?
All entry and exit points to the Internet need to be identified. The firewall network architecture must be defined to control authorized inbound and outbound connections.
What is the policy for inbound access to systems?
Which specific protocols will be allowed to access nodes on the internal network?
What is the policy on outbound access to nodes on the Internet?
Do remote offices or branches connect to the home office?
If so, are remote offices directly connected to the Internet or is their access to the Internet through the home office?
If there is a direct connection between the remote office and the Internet, verify that if the security of the remote office is compromised, the security of the corporate network is not compromised.
Are there external networks that are not trusted?
Are there external networks that do need access to the internal network via the Internet?
More often than not, organizations that have been victims of Internet attacks do not have security systems implemented properly, if at all or perhaps even those who put too much trust in a vendor’s claim that the Internet connection was absolutely safe.
Some safeguards against Internet attacks are the following:
- Do not connect computers or entire networks, which contain your critical information (e.g. financial, confidential, privacy) to the Internet.
- If possible restrict the way to the Internet to just one single point of connection.
- Do not store your password or identification number on your hard disk and protect it from unauthorized access.
- Create a password policy as well as a systems access/security policy
- Check and update your list of user accounts.
- Install a firewall system and an intruder detection system.
- Do not download files or open emails which you do not trust.
- Install anti-virus software and update it frequently.
- Be aware of shared files that might be uploaded by unauthorized persons.