How to Secure your data.
It is not enough to group users and apply security and permissions. You should do the following as well.
* Configure security on applications, files
* Configure system default users security
* Secure physical environment and computers
* Group users in different specific groups and implement security
* Avoid using generic logins
* Monitor and audit your security logs regularly
Is Your Security Solutions Fragmented?
Just because you have installed IDS, Anti-virus, and Firewall, doesn’t mean you have secured your network, data, and files on your infrastructure.
You need to do more. You must know the flow of the data, where it comes from and which road it takes, and how it gets to the destination. You need to know who access the data, who modifies the data, and keep your eyes on the data at different stages to detect any unusual activities.
Your IDS, Anti-virus, Firewall might do a great job as individual, but your goal is to make sure all you individual security solutions work together and enhanced your overall security.
Think of the big picture, your ultimate goal is to secure your network, files, and data. What tools do you need to make it happen? How can you integrate different security solutions into one to give you secure environment and yet provide acceptable performance.
Where Else You Could Implement Security
You may have installed some of the following security measures already, or maybe you have not. It is good idea to review them and be sure you have done what you could.
* Network Layer – Firewall
* Application Layer – Proxy
* Network Layer – NAT
* Physical Layer – STP Cabling
* Network Layer – IDS
* Network Layer – IPSec
* Application Layer – Web Server configuration
* Network Layer – Just enough services and ports, DoS
* Application Layer – Anti-virus for Email, DoS
* Transport Layer – SSL
* Network Layer – Network Scanner
* Application Layer – XML, DCOM
Not every organization needs all the security listed above, and in some case these are not enough. It depends on organization what they want to protect and how important information is to their business.
What is Security Management?
Take care of the following and you should be in good shape with your security management.
* know what risks are out there and how to manage them
* make sure you have written security policies and are enforced
* classify your information and secure them accordingly
* you must have procedures and standards to clarify what needs to be done
* without proper security organization, who knows what to do
* users, IT staff, and management must be educated about security.
With a little bit planning, you could manage your security the way you want.