http://www.articletrader.com/ Articles at ArticleTrader en-us http://www.articletrader.com/internet/security/basic-it-infrastructure-investments-that-cannot-be-ignored-for-an-acquired-new-business.html http://www.articletrader.com/internet/security/basic-it-infrastructure-investments-that-cannot-be-ignored-for-an-acquired-new-business.html Sun, 27 Jan 2008 00:00:00 -0600
In order to expand, most companies either grow organically or acquire new businesses. For newly acquired business, there will be a lot of groundwork need to be done to merge the acquired companies IT System to the purchaser company IT System. In IT Infrastructure areas, there are basic requirements that cannot be ignored especially if the new business is in another location or country. These requirements will assist in mitigating the risk of possible security threats from Internet such as trojans, viruses, and worms, hackers damaging business servers or worst unauthorized intrusion retrieving valuable data.

Basic IT Infrastructure investment includes:

a)Firewall

A proper firewall should have Packet filter, Stateful level protection, IPS, Anti-Spyware, Web Anti-Virus that acts as the first line of defense against any attacks, security threat from the Internet.

A Web-based firewall with easy secured configuration menu is preferred. Further, this is suitable for offices that are lack of dedicated local IT personnel. The HQ IT Experts can remotely assist in administering this firewall for the remote office. Remote administration should be via a secured HTTPS channel. Lookout for reputable firewalls that comes with built-in VPN, Web-based Application Filter (Proxy) Anti Virus and also Intrusion Protection.

b) Anti-Virus

To implement the first layer of anti-virus to protect the servers and PCs from harmful viruses, it will be advisable to setup a central Anti-Virus server in the HQ. This meant all acquired offices require are to install the Anti-Virus clients into their local servers and PCs. Management of the latest virus pattern file, scheduled scanning, and licence management will be centrally managed by HQ IT team using the central anti-virus Server.

Note: When your IT Infrastructure grows, it is better to place your servers in a proper Tier 3 or 4 Data Centre. These Data Centres often guarantees electrical and air-condition supply with a SLA agreement of 99.99%. If the HQ servers are not in a proper Data Centre, imagine a severe electrical outage may just cripple your main servers and also all your acquired companies and subsidiaries IT Systems.

c)E-Mail

Instead of investing ground up on an Industry standard communication software such as Lotus or Exchange E-Mail system, it will be advisable that the new acquired company also take advantage of your HQ E-Mail system. The acquired company only requires to install E-Mail clients and can start utilizing the e-mail for communication and data delivery (if required). The E-Mail system will also be administered centrally.

To mitigate risk further, HQ E-Mail system should be clustered for high-availability and comes with dual layer anti-virus systems, anti-spam and anti-relay mechanisms to mitigate risk of E-Mail viruses, spam and relay attacks.

d)Tape Backup System

To reduce the risk of not been able to recover data in the event of server or database failure, a proper tape backup should be implemented. It is recommended to use enterprise Backup Systems (e.g. CA, Veritas) software that comes with Open File Agent (allows to backup files that are currently still open), SQL Backup Agent (allows to backup database without shutting down the database). It will be prudent to conduct daily, weekly, monthly and yearly backups. Monthly and yearly backups should be kept off-site.

e) Telecommunication line

Option 1)

A WAN (Wide Area Network) link will provide a stable communication line given the provider will guarantee a minimum bandwidth. E-Mail replications, Business related application connections will be more predictable on a WAN line. As you have more subsidiaries and new acquired offices, you can leverage onyour numbers with your WAN provider for a better pricing and services. WAN links are costly but are stable and critical if your business relies on fast and reliable International connectivity.

Option 2)

Cost effective Internet lease line or broadband. This meant connection between the offices to HQ is via Internet. However, please note Internet connection is "best effort" where there is no guarantees of bandwidth or uptime. This is a cheaper solution that WAN.

For secure communication between the offices, I would recommend implementing VPN (Virtual Private Network) connections between these offices. This will facilitate encrypted communication between the offices.

These are basic measures that should be in place before allowing communications between these new offices and your HQ data servers. The impact is severe if security threats were to spread to your HQ and other offices from a new business via WAN or private lease lines.



--

Gabriel Ng is a professional IT Security Consultant, IT Auditor (CISSP) and author of http://www.comsectutorial.com This site is setup to provide information, recommendation on hacking prevention, controls to minimise security threats from viruses, trojans, spywares, hacking based real life experience while conducting security assessment and penetration tests.

Source: http://www.articletrader.com ]]> http://www.articletrader.com/internet/security/importance-of-security-assessment-during-company-merger-or-acquisition.html http://www.articletrader.com/internet/security/importance-of-security-assessment-during-company-merger-or-acquisition.html Sun, 27 Jan 2008 00:00:00 -0600
Confirmation if there are already existence of trojans, worms, viruses, spywares in the office servers and PCs. In the event there are very damaging viruses or trojans, these threats can infect your network and possible spreading via e-mail, ftp and network sharing drives. Further, they can also be transported via portable hard disk, USB Thumb drives, DVDs, CDs carried by office personnel.

Confirmation if there is a firewall. Firewalls provide more flexibility and capacity expansion in the network design. If there is a business requirement to have Internet facing servers, a firewall will allow creation of separate network segment to house these servers and at the same time provides network security.

Assurances there are no weak points in the network e.g. modem connecting to the servers and PCs. This can be the backdoor for intruders to penetrate the office network.

Other security controls such as confirmation if wireless network is encrypted, unnecessary services running in the servers, authorized personnel have access to critical data (Not everyone!), non business software which may have viruses.

Existence of a Security Policy

The responsible IT personal can then provide more information on the state of IT security in the offices. Further, a more detailed proposal if additional/reconfiguration servers, applications and equipment such as UPS, Gen-Set, Fire Suppression System to better support the business.

A more detailed study to review if the existing servers, storage systems are capable to support the current business requirement and future expansion.

This is my view of a Security Assessment based on my experience of setting up IT strategies of merging companies. Of course there will be a lot more information to review once the on-site audit/assessment is carried out. An IT Auditor/Security Consultant can then provide a more precise recommendation on the most feasible plan for the merger.



--

Gabriel Ng is a professional IT Security Consultant, IT Auditor (CISSP) and author of http://www.comsectutorial.com This site is setup to provide information, recommendation on hacking prevention, controls to minimise security threats from viruses, trojans, spywares, hacking based real life

Source: http://www.articletrader.com ]]> http://www.articletrader.com/internet/seo/is-firewall-and-anti-virus-adequate.html http://www.articletrader.com/internet/seo/is-firewall-and-anti-virus-adequate.html Sun, 27 Jan 2008 00:00:00 -0600
I will not cover the essential of firewalls. These are a must or else anybody can sail through the network. It is like a house with the front door wide open with a sign, rob me !

Assumed Firewall, Anti-Virus installed..... What about folders and files ? Are you sure those sensitive files are not able to be accessed by all of your office staff but only trusted Sr. Managers or yourself. Say a technical savy personnel happen to have some knowledge of hacking, high possibility that your most valuable data in your server may be compromised.

Further, the vendor that installed the server and application, does he/she has the admin password ? What services are installed in the server ? Intruders may exploit the services vulnerabilities to gain access into the server.

It is difficult to to know where or who is the Intruder. Are they the intruders from the Internet only ? These are attackers that need to break into your firewall and IPS (Intrusion Prevention System) before getting their hands on the servers. There are those that can break into even the most advance security systems. Fortunately, the numbers are not many. However if they are your personnel, temporary staff, vendors, contracts, dispatch personnel. This will be easier as it is an insider job. Someone that have knowledge of your application, server or network. You will never know.

Windows Hacking Checkout this video on how a basic penetration is done using Windows. http://www.youtube.com/watch?v=sSHIVCkqrlw There are many more ways of doing this for those with Linux/Unix machines.

So what to do ? I have observed banks and large companies taking the trouble to view every folders, files in their servers and ensure only authorized IDs are allowed to access these servers.

For example, to check world writable files and directories in Unix servers and output to a file for analysis, use this command:

Check world writable files and directories. find / -type f -perm -22 -exec ls -l > /home/Gabriel/worldfiles.csv \; find / -type d -perm -22 -exec ls -l > /home/Gabriel/worlddirectory.csv \;

I will cover more on Unix security in my coming article. Windows Hardening - part of Security Assessment As for Windows, use DumpSec ACL to retrieve the relevant files for analysis and Nmap, Nessus for services. I have conducted security assessments for a number of companies and they were surprised to find IDs of staff that have resigned still active in their servers. Worst still, most of the files that contained critical data are also read and writable by everybody. If the person with ill intention did what the video above demonstrated, he/she may have access to these files already.



--

Gabriel Ng is a professional IT Security Consultant, IT Auditor (CISSP) and author of http://www.comsectutorial.com This site is setup to provide information, recommendation on hacking prevention, controls to minimise security threats from viruses, trojans, spywares, hacking based real life

Source: http://www.articletrader.com ]]>