Network Computing: Best Practices in Network SecurityMar 18, 2000, 15:26 (0 Talkback[s])
(Other stories by Frederick M. Avolio)
"Information systems security. Computer and network security. Internet security. It's a complex world, and growing more so every day. With these changes, some truths and approaches to security remain the same, while others are new and radically different. Developing a sound security strategy involves keeping one eye on the reality of Internet-speed changes in threats and technology, and the other on the reality of the corporate environment. Purchasing security devices is easy. Knowing how and what to protect and what controls to put in place is a bit more difficult. It takes security management, including planning, policy development and the design of procedures...."
"Between the vastness of this space and the services available, there are countless potential avenues of attack. Attackers don't even have to be particularly smart, skilled or patient to develop an attack. Through the ease of "user friendly" software, and with the ubiquity of methods for simple file distribution, anyone with a computer is a potential at- tacker. No special skills are required. Launching attacks is within the reach of anyone with a mouse...."
"Security is an investment, not an expense. The challenge is to get this point across to upper management. Investing in computer and network security measures that meet changing business requirements and risks makes it possible to satisfy changing business requirements without hurting the business' viability. Properly secured servers let corporate information be shared with salespeople in the field and with business partners. Improperly configured systems lead to data loss or worse."