Information Technology Security
 Computer Security:
Computer security and network security are issues that face every business in the new economy. Security issues are the primary reasons given by companies when asked why they have not implemented some form of e-Commerce. Network and security administrators are concerned about hackers, crackers and virus outbreaks on a daily basis. Internet credit card fraud continues to concern consumers as well as undermine online merchants. Some experts even argue that the Internet as we know it is fatally flawed and a radically new approach is required.
A solid computer security and network security implementation protects your company's valuable information resources, including business data, confidential information, hardware, and software. By selecting and implementing appropriate safeguards, computer security and network security can support your company's objectives by protecting physical and financial resources, its reputation, legal position, employees, and other assets, both tangible and intangible. Computer security and network security are sometimes viewed as a collection of draconian rules and procedures on users, managers, and systems. However, practical computer security and network security procedures and rules are needed to protect your assets and to insure your company stays in business.
While many of us will never meet a hacker or "cracker", we are very likely to encounter a computer virus. A computer virus can be defined as "A self-replicating program containing code that explicitly copies itself and that can "infect" other programs by modifying them or their environment in such a manner that a request submitted to an infected program may be a request to an evolved copy of the virus." A computer virus has the potential to disrupt work, irreparably damage or delete data, and even stop your company "dead in its tracks".
A malicious application does not have to cause explicit damage (e.g. deleting or corrupting files) in order to be classified as a "virus". The term virus is loosely used to describe many types of malicious programs (malware). Viruses can be further categorized as worms, Trojan Horses, and a variety of other classes. A virus can be packaged as an executable (.exe) file or in other script files (e.g. .com, .bat, .pif, cmd, or .vbs). Be aware that what constitutes a "program" for a virus may include a lot more than you think--don't assume too much about what is or isn't a virus, nor about the true capabilities of a virus!
Network Security Guidelines:
Your network security infrastructure should typically involve a distributed database, auto-polling of network devices, and a dedicated node generating real-time graphical views of network topology changes and traffic. In general, network security employs a variety of tools, applications, and devices to assist IT Managers in monitoring and maintaining networks, and to make the appropriate business decisions based on this information.
The network security structure should be based on the ISO network management model which is the primary means for understanding the major functions of network management systems. The five pertinent areas of the network security system management service are:
- Performance Management:
Involves three main steps:
- Performance data is gathered on variables of interest to the decision-makers.
- The data is analyzed to determine normal (baseline) levels.
- Appropriate performance thresholds are determined for each important variable so that exceeding these thresholds indicates a network problem worthy of attention.
- Configuration Management
Monitors network and system configuration information so that adverse effects on network operations can be tracked and managed.
- Account Management
Measures network-utilization parameters so that individual or group uses on the network can be regulated appropriately.
- Fault Management
Detect, log, notify users of, and (to the extent possible) automatically fix network problems to keep the network running effectively.
- Security Management
Identifies sensitive network resources (including systems, files, and other entities) and determine mappings between sensitive network resources and user sets, monitors access points to sensitive network resources, and log inappropriate access.
Network Security Services:
A solid plan for your company's IT department is fundamental. You can't meet your organization's goals if they aren't tied to your department's projects and objectives. For many IT decision-makers, the amount of time it takes to develop such a plan and the process required to complete it, makes IT Security, IT Strategies and Compliance daunting tasks.
ZoneCast's Network Security services include:
|
 Zero Knowledge Penetration Testing:
|
|
Scheduled Vulnerability Scans:
|
|
• Gathering relevant system information
• System information extraction
• System mapping against known vulnerabilities
• Exploit identified vulnerabilities
• Management report summarizing our findings
• Technical report and suggested solutions
|
|
• Automated scans on a predetermined schedule
• Pro-active alerts of detected vulnerabilities
• Security infrastructure recommendations
• Monthly or Quarterly reports (Optional)
|
|
Full Security Assessment:
|
|
|
|
• Introduce Disaster Recovery Planning concepts
• Define the scope of the engagement
• Security vulnerabilities scan
• Operational analysis
• Implementation
• Reporting
|
|
|
|
