Self-Assess, Then Get Advice
Before calling in the experts to perform a vulnerability assessment of an enterprise network, there are a few basic steps IT managers can take to improve security.
Keep current with updates to security softwareespecially Secure Sockets Layer, virus protection, operating system patches and digital certificates. IT managers often overlook this simple security measure.
Be sure to review audit logs on a regular basis to look for signs of potential trouble. Require employees to use alphanumeric, case-sensitive passwords, and mandate that they be changed frequently.
Dont forget to use the security features that are built into products. Denial-of-service attacks can be avoided by monitoring and filtering Internet Control Message Protocol, User Datagram Protocol and bad-source IP addresses at the firewall. Most e-mail clients support digital certificates that can be used to sign and encrypt e-mail, keeping sensitive data from prying eyes.
Stay current on potential security threats. Carnegie Mellon Universitys CERT Coordination Center offers a free security advisory mailing list at www.cert.org/contact_cert/certmaillist.html. The National Institute of Standards and Technologys Computer Security Resource Center also covers a variety of computer security issues at csrc.nist.gov.