|
Overview
The classic definition of information security states that the goal is to protect information from possible breaches in confidentiality, integrity, or availability. Attacks come from many different places. Exposure to threats is all around us. Increased connectivity to the Internet results in more threats. These threats, combined with the vulnerabilities and weaknesses of our systems, result in a potential risk to the infrastructure.
Information security is not a standalone process. Security is not a separate entity, but should be considered as a critical element of your business operations. More importantly, information security is more than just a product you install on your network. Technology is an important aspect of security, but two other areas also require consideration. Security is comprised of technology, processes, and people. Each element is a critical point of the information security triangle. A change in one of these areas affects the other two. For instance, if a company applies new technology, such as a wireless LAN, they need to consider how the introduction of this new technology affects the processes (business or technology) involved and the people using (or operating) the technology. What this means is that an effective security approach goes beyond just applying technology. An effective security infrastructure addresses not only the technology, but also the process affected and the people involved in the use (or management) of the technology. People manage technology devices and security configurations; this is where many security problems reside. Unfortunately, people are the weakest link when it comes to information security.
THE SECURITY TRIAD
Information security can be implemented in a number of different ways. The main focus of information security is to protect an asset from a breach in confidentiality, integrity, or availability. Confidentiality means that the information or the asset remains available only to the authorized individual or process. Integrity refers to making sure that there are no unauthorized changes to the asset either by authorized or unauthorized individuals. Availability means that the information or asset is available when needed. Diagram 2 shows the typical representation of the "layered" or "ring" security architecture model. The outside ring provides the perimeter security. It is possible to have multiple rings that protect the inner layer. The inner layer represents the information or asset we wish to protect.
DEFENSE IN DEPTH SECURITY
Some people like to think of security as a hard candy with a soft filling. That is, hard security on the outside and soft security on the inside. The old way of thinking is that all that was required to implement a secure environment was a hard outside. That would prevent all attacks to the inner circle. This approach does not consider one important factor. It addresses only potential attacks from an external source and not a potential attack from an internal source.
Implementing effective security architecture requires more than just a hard shell to protect from external attacks. Information security goes beyond addressing just technology. A collaborative approach to endpoint security should include systems management tasks such as configuration and patch management. In the past, when the focus was on perimeter security, companies believed coordination between their security and systems management organizations was unnecessary. However, with the new focus on end-point security, coordination between security and systems management organizations is critical to ensure effective security solution.
What is Endpoint Security?
Perhaps we should answer the question: What is an endpoint? The term endpoint has been used in a number of different ways. For this whitepaper, an endpoint is an individual computer system or device that acts as a network client. Some common endpoints are desktops, laptops, application servers on the network, and personal digital assistants (PDAs).
Endpoint security includes all of the measures (with respect to process, technology, and people) taken to implement security concerning endpoints. These measures include determining the risk required to protect endpoints to protecting the network from the endpoints themselves. Endpoint security also includes the management and administration of these security measures, including risk management and reporting.
The term "host security" usually refers to a host system that includes configuration management, virus protection, host intrusion detection/protection, and some firewall capabilities. However, this system is only effective if it is configured correctly. This host security configuration might be able to provide some reasonable protection from the outside layers, but will fail when facing attacks from areas invisible to the outer network security layers, such as attacks from "inside" the network.
|
