NETWORK SECURITY PLANNING AND ADMINISTRATION
Today's information networks contain more and more information that is vital to corporate operation and survival. On top of this importance, almost three-fourths of all systems security problems originate from within the organization. InfoSENTRY Services works with customer organizations of all sizes to evaluate the security of their networks, develop realistic and useful security plans, and manage network security operations.
The following engagement profiles demonstrate the range and scope of our experience working with large and small organizations to strengthen and administer network security.
A Legislature in a large midwestern state embarked in 1996 on an implementation of an enterprise-wide network to connect multiple LANs serving over 750 client workstations. The project involved providing public Internet access to the networks. InfoSENTRY Services prepared a security plan for the network after several weeks’ on-site interviews, site visits, documentation reviews, and process walkthroughs. During preparation of the plan, the project team uncovered several major security problems in existing systems and assisted state staff in immediate problem resolution. The plan included recommendations and action timetables for organizational changes, security awareness programs, physical security enhancements, application changes, and network design enhancements.
A government agency in a Mid-Atlantic state decided in 1994 to implement an Internet anonymous ftp server as a means of providing public access to many of its calendars, reports, and other public documents. An InfoSENTRY Services partner directed the design, development, and management structure of the agency's Internet access program using a Unixware server that receives periodic data feeds from a larger enterprise network. Among the many elements of the program were plans and operation guidelines for data integrity, electronic mail security, and double firewall protection between the Internet access providers network (based on a SUN platform and the agency's DEC VAX-based production system.)
A Federal agency had no systems backup strategy or operations for its numerous Local Area Networks (LANs). The networks connected over 2000 UNIX, MS-DOS, Windows, and Apple clients and servers, as well as Digital VAX minicomputers serving as network hubs. After a catastrophic hardware failure and significant data loss in 1994, an InfoSENTRY Services partner worked in a response team to design a backup strategy, write programs to carry out periodic backup operations from clients and servers to tape storage, and implement backup operations across the networks. The project produced sufficient documentation for the agency's staff to maintain all backup operations after implementation.
An infoSENTRY
Services partner was responsible for designing a Public
Access process in 1995 that allowed outside parties (vendors, customers,
and public citizens) to dial into company data systems and retrieve information
they desired. Of course, system security was a major concern because of the
possibility that, once logged into the system, users could take unauthorized
exits to any other area of the system. The dial-in process was elaborate
and allowed access to Mainframe, Mini-Computer and Client-Server platforms.
There were two essential ingredients to the plan.
System Firewall: The operation had an elaborate security mechanism restricting dial-in users to specific transactions in specific applications. When those actions were complete, the exit process insured that the user was always returned to the outside of the system, disallowing any unwanted deviations into other parts of the system.
Single Point of Entry: The system had several different points of entry resulting from the installation of modems on many different system components. This flaw was an immediate security threat, addressed by centralizing all points of entry into an elaborate Point of Entry system. This system received all requests for all dial-in access and performed all security checking, attached all authorized routing permissions, and insured that the session terminated with a complete detachment from the system. The system has been a substantial boost to company productivity and has insured that the security of the system and its data has remained intact.
An organization section that installed an Internet site in 1996 through a parent organization’s in-house service bureau. The client feared that the existing service bureau lacked sufficient firewall protection and controls. InfoSENTRY Services planned the external penetration effort and carried it out over a three-day period. The resulting report and recommendations, based on the successful penetration effort, led to development of additional security steps at both the corporate service bureau and the client organization.
infoSENTRY Services conducted a security audit in 1997 for one of the largest arts funding and management organizations in the United States. The audit contained twenty specific findings and recommendations, divided into immediate and long-term categories of action. The agency continues to implement the immediate recommendations and uses continuing consulting advice from infoSENTRY principals.
A Federal Defense agency contracted with infoSENTRY Services in 1997 and 1998 to prepare an industry standard configuration management plan (CMP) for its Microsoft NT-based networks. The networks connect over 750 workstations in a Metropolitan Area Network environment. In addition to preparing the CMP, infoSENTRY Services staff structured a configuration control board (CCB) and assisted the agency in implementing that control group.
Contact InfoSentry Services at 919.839.2671 or
E-mail Network Security
Consulting
Return
to the InfoSentry Home Page
The names of all hardware, software, and network applications are trademarked or copyrighted by their respective manufacturers or owners.
Rev. 02.10.98