Securing Linux: Part 1
machine off. The worst part is that it's our attitude that keeps on telling us
"Hey among those millions of computers on the Internet, surely the chances
that our network will get broken into is remote." Trust us, don't bet your life
on it.
No two organizations have similar security concerns. Thus, it makes no sense
having a common framework for comparing the policy framing scenarios among any
two corporate. For all of us, our data is precious and we will go any length to
see that redundancy is maintained in the form of daily incremental backups and
maybe restricting access to the systems containing that precious data.
Then why do numerous organizations have no strategy when it comes to drawing up
a security policy and implementing it? Maybe some do not want to go the extra
mile in framing a security policy. Maybe some system administrators is so
overworked that they find implementing and enforcing a security policy, a waste
of time. Rather than speculating on the possibilities of not having a security
policy in place, let us figure out what it takes to get one up.
Whatever the nature of the business a company is in, almost every company has an
extensive network that at some point is connected to the outside world. Probably
the only connection between the Internet and the Intranet is the proxy services
that sit between the two. The gateway may also be masquerading as a mail server
or fax server. The list of services running on the gateway is endless. But in
this whole scenario of having to provide all these services to the internal
staff, what kind of security measures have you put in place to ensure that your
internal network doesn't become a playground for any cracker? The cracker might
use your network to launch DOS attacks on a site.
Framing and implementing a security policy requires a lot of thought and
debate to be put into it. You should not wake up to its need after having been
hit.
It requires a collaborative effort by the system administrator as well as the
users. Certain rules and regulations should be strictly engraved into the
working of every employee. Alternatives and compromises have to looked at before
finalizing on major issues and freezing the whole thought process. Laying down
the framework and implementing the security measures are not the end of the
whole process. Employees must also be made to understand that following these
- « first
- ‹ previous
- of 4
- next ›
- last »