Up until this point we've covered about half of the SANS top 20. For those of you who don't know I tend to reference the SANS information security reading room. This is where you can locate information on the top 20. I occasionally will bring in some experience or talk about a product I've used. When it comes to that I may reference a specific vendor. Ok, onto the specific review.
We've covered, why you need to know what you have. Why it's important to define how you setup systems. How to protect your border network, and analyze logs of all types, and lastly controlling who get's administrative privileges. The main idea is focusing on the things you can control. Most I.T. Security professional don't want to mention some of the more nasty truths out there. There is a really good chance that if someone wants to get into your network they can. However, the SANS top 20 isn't about that. It is about stopping the majority of attacks that are using well known and understood vectors. Furthermore, it's about limiting and understanding the damage post incident. I recently read the Verizon Report for 2011. This report shows that from the time of penetration to the time data is harvested, you have a sizable window to find out. Depending on the type of attack this could be anywhere from weeks to months. This means that if you are doing what SANS recommends you can minimize the impact! Furthermore, you will know what the impact was!
Next week I will be back with an exciting new topic… Malware prevention… Until then.
No comments:
Post a Comment