HOME Software Network Security Wireless Latest News Contact Us
 
Events | News Feeds (RSS) | Articles | New Archive  
 
 
  Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor

Network Bandwidth Monitor
NBMonitor displays real-time details about your network connections & bandwidth usage.
   
Network Access Monitoring

Network Access Monitoring
ShareAlarmPro monitors network access to shared folders and resources.
   
Product Key Finder
Product Key Finder

Product Key Explorer retrieves over 800 software product keys from network computers.
   
Network Shares Monitoring

Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy.
 
 

Network Security News

Taking Heed to NSA's Assumption on Security Breaches Is Sound First Step

December 17 2010

News Analysis: Real security depends on a belief that somebody, somewhere, will get into your network. The real question is, what do you do about it?

When Deborah Plunkett, the head of the National Security Agency's Information Assurance Directorate, said at a security conference that systems must be built with the assumption that adversaries will get in, her statement wasn't exactly a revelation. True security is multilayered, and it's designed from the top down to assume that there will be breaches. The goal is to minimize those breaches and to figure out who is doing them and where they're coming from.

A failure to compartmentalize highly sensitive information led directly to the current WikiLeaks scandal that has embarrassed the U.S. State Department and the U.S. Army. PFC Bradley Manning was able to gain access to the sensitive State Department messages because the entire secure messaging system was open to anyone who could gain physical access to the secure network. No attempt was made to limit access by individuals to what they actually needed to do their jobs. It was just an open bucket of secrets waiting to be harvested.

Now, I'm pretty sure that the NSA doesn't have any Bradley Mannings around waiting to copy some more secrets onto their Lady Gaga CD. But the point that Ms. Plunkett was making is that you have to be prepared for the eventuality that there could be someone that has been given access to a secure system that should not have such access.

Even in a system with intrusion prevention and good security monitoring, it's unlikely that Manning would have been detected while he copied those messages. He was, after all, an authorized user. And the military and the State Department were trying an information sharing process that was designed to allow access to important information without requiring that there be a formal request process—something that could take weeks, given the normal speed of the federal government.

In the case of the information sharing effort, the biggest mistake the State Department made was in allowing anyone with the proper security clearance to have access to the information. But this is likely one of the problems that Plunkett was referring to when she said that you have to assume that your security will be breached. Once you assume that this is the case, you have to design your security so that just because you've breached the network, that doesn't mean you're achieved access to anything except one set of limited data.

To make this work, you have to compartmentalize your network security system. Each user who requests access to a particular section of a secure system must be cleared for that specific system. In the case of PFC Manning, there was no rational reason for him to have access to messages regarding Russia, for example. He was at a forward operating base in Iraq.

View more news
 
  Most Popular
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking
 

 

 Sponsored Links
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com

Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

BlueAuditor - Monitor YourBluetooth Network
BlueAuditor detects and monitors Bluetooth devices in a wireless network and allows network administrators to audit wireless networks against security vulnerabilities associated with the use of Bluetooth devices. For more information, please visit:
nsauditor.com/bluetooth_network_scanner.html
 
 
Home Software Security Wireless Latest News Contact Us