Office IT Security Overview
Managing enterprise IT security is about protecting corporate technology and information assets from hackers, intruders and people with malicious intent. For most office environments this can be very challenging at the best of times.
As the discipline of IT security evolved, we have moved away from a scenario where investments in security technology were made by individual technology managers and business units in response to a specific threat or series of threats.
Today, CIOs are implementing technologies which centralise, manage and enforce the security policy of the entire enterprise, across departments and spanning all lines of business. What was once a fragmented IT security market is now consolidated into four core solution and services -
- Threat Management - is about responding to attacks and intrusions on the office network.
- Vulnerability Management - is about uncovering and removing threats as early as possible.
- Identity Management - is about authorising user and machine access to system resources.
- Trust Management - is about securely exchanging information and data over the internet.
Focused on the network level, threat management is about identifying and responding to unusual and malicious events which occur throughout the office network. Threat management systems comprise of two core components; Intrusion Detection and Security Event Management.
Intrusion Detection solutions work by monitoring network traffic, checking the integrity of important system files, monitoring network and system event logs, and could also have a "honeypot" or deception system to lure and trap hackers.
Security Event Management systems actively keeps an eye on all enterprise IT resources across the organisation, collate and filter events for analysis and automates responses to common security incidents.
By identifying weaknesses and vulnerabilities in the enterprise IT environment, vulnerability management systems provide the tools and infrastructure to remove and remediate them. Vulnerability Management solutions usually include three main components; Network Vulnerability Scanners, Firewalls and Vulnerability Assessments.
Network Vulnerability Scanners check for all potential ways or "vectors" an attacker may use to gain forced entry to an enterprise or office network, by analysing system and software configurations in use on each node of the network.
Firewalls are groups of systems that enforce access control policy between two or more networks. Firewalls have a dual role; it is the mechanism that both permits legitimate traffic and also blocks unauthorised traffic access to office network resources.
Vulnerability Assessments are conducted using tools to evaluate and monitor operating systems and application stacks for fixes or "patches" to known issues, such as security flaws, unsecured backdoors, worms, viruses and trojans.
Responsible for authenticating and authorising network-based users and machine accounts who need to use online resources and services, Identity Management (IM) solutions usually comprise of three components; Single Sign-On Authentication, Provisioning and Web Access Control.
Single Sign-on (SSO) Authentication allow using a single user ID and password combination to log onto every assigned system and resource that the user account has been set up to have access to, bypassing separate log in procedures and streamlining ID and password management for the user concerned.
Provisioning is the process of assigning and removing appropriate access rights and permissions to staff, customers, suppliers and business partners on the office network.
Web Access Control solutions enable centralised and automated management to authenticate a user, allowing the user or machine account access to network resources in the office network where permissions have been granted.
The practice of protecting and enabling activities that are deemed high risk to the enterprise is what Trust Management is all about. Using solutions and products underpinned by encryption and access control technologies, Trust Management solutions create a secure process for authorised users and machine accounts and are generally made up of two components; Virtual Private Networks and Public Key Infrastructures.
Virtual Private Network (VPN) is a private network that utilises existing public telecommunications infrastructures, as opposed to a physical private network that uses a system of owned or leased lines. VPNs maintain security and privacy through the use of "tunnelling" transport protocols and security technologies. The "tunnel" is an encrypted wrapper allowing bi-directional communications between two points reachable via a public network.
Public Key Infrastructure (PKI) is a combination of digital certificates, certificate authorities and encryption technologies that allows enterprises to protect the security of their communications and commercial transactions over the public internet.