- Greg Gray, BOHH Labs Senior Software Engineer
While being proactive about security has always been a choice in the realm of web application deployment, it is only in recent years that it has become a priority over just reacting to security breaches. Too often we don’t discover the problem until after we have been hacked. This blog post will investigate methods for attack prevention rather than cleanup.
More and more we are seeing job postings for IT Security Managers. This is an important step in the development of a proactive security approach. Committing time and resources to the problem makes it clear to everyone up and down the organizational chart, and to the board and stockholders, that security is a high priority. It also ensures that there is consistent leadership for securing the company’s resources.
So, what does the IT Security Manager do? First and foremost, working closely with other management entities and IT personnel, they establish the policies for maintaining a secure work environment. This includes policies for passwords, application access permissions, workstation application restrictions, etc. These policies establish the baseline for everyone’s contribution to the company’s security. These policies must also include IT’s role in policing the policies and, with Human Resources’ contribution, procedures for dealing with violators.
While these policies are being developed and implemented, the Security Manager should also focus on what is necessary for the IT staff to implement the policies. One way to divide up the responsibilities is into several groups, for example: workstation, network, and development.
The workstation group is responsible for ensuring workstation policies are enforced by using a set of tools specific to this task. Virus protection, scans for unauthorized software, port scanning are some examples.
The network group is responsible for protecting important systems from attacks from outside the business and inside the business. Auditing is a primary line of defense and include such tools as Nessus, Nmap, SAINT, lsof (list open files). Monitoring tools are also important to the network group. Some tools will report attacks as they occur, such as: TripWire, LogCheck, and ZoneAlarm
The development group has a key role that encompasses the entire spectrum of attack vectors. This begins with the deployment process where the integrity of the software build is critical. Applications should be contained in their own isolated environments so that one compromised application doesn’t affect another.
Possibly the most important protections to be put into place involves the protection of customer data. This is the root of the data security problem. Data encryption with keys, tokenization, and newer approaches, such as BOHH Labs’ Secure Data as a Service, are necessary to ensure data integrity and prevent its dissemination to the world after a successful data breach.
The IT Security Manager will also need to remain vigilant for old and new attack vectors via up-to-date cyber security threat reports. Each of the security subgroups should watch for old and new attacks pertaining to their areas of support.
After all new policies are in place, or maybe even before the policies are in place, the IT Security Manager should engage with a company that does independent security audits. The results may uncover areas that no one thought would be an issue or, they thought it was another groups’ responsibility.
Vigilance is key to preventing data theft and protecting customer and company resources. The successful effort may go unnoticed. It’s a “no news is good news” situation. But at the end of the day, when the reports to the company directors shift from reporting the number of breaches to reporting the number of failed attacks, the ideal of a Proactive Security Approach may be fully realized.