http://www.infoworld.com/d/data-explosion/deny-all-permit-some-367 By Matt Prigge Information Overload January 11, 2010 Corporate networks face more security threats than ever before. Whether it's the rampant spread of malware, malicious employees, or plain and simple user error, IT administrators must bend over backward to ensure that intruders stay out and corporate data stays in. Tools abound to help you secure your data, but one simple policy -- regardless of which part of your infrastructure you look at -- will invariably protect you more than any single piece of security hardware or software: Deny all, permit some. A recent reminder of the value of this policy came to me when an organization I work with was struck by a new zero-day worm. Within a few hours over a weekend, a significant portion of the Windows machines on the network had been infected. It was most of the way through the following Monday before virus detection signatures that would recognize the worm and its payload were made available and real progress was made toward combating it. Like many worms, the payload was a Trojan that would allow remote control of infected workstations and cause data leakage, but revealed no outward signs of infection or denial of service. Fortunately, the network administrator had made the decision many years ago to configure all of his border security devices to deny all traffic -- inbound and outbound -- unless it had been requested for a business purpose and specifically allowed. That policy had not been particularly popular with users, but in this case it resulted in the inability of the virus to communicate with its control server and prevented any data leakage or subsequent infections. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Jan 12 2010 - 09:04:52 PST
This archive was generated by hypermail 2.2.0 : Tue Jan 12 2010 - 09:16:30 PST