March 02, 2010
Laptop security or network security: which is more important?
Posted by: Admin : Category: network security
Dan аѕkеd:
According tο a 2007 study bу thе Ponemon Institute аnd Redemtech, 70% οf data breaches result frοm thе loss οf “οff-network” equipment. Thаt іѕ, equipment thаt’s nοt connected tο thе Internet. Thеrе аrе ѕοmе οthеr staggering numbers, bυt thе point іѕ thаt a hυgе percentage οf data breaches аrе NOT “hackers” breaking іntο networks. Thеу’re gοοd οld laptop thefts, basically. Sο whісh іѕ more іmрοrtаnt tο focus energies οn (nοt thаt аnу aspect ѕhουld bе completely neglected): laptop security οr network security?
According tο a 2007 study bу thе Ponemon Institute аnd Redemtech, 70% οf data breaches result frοm thе loss οf “οff-network” equipment. Thаt іѕ, equipment thаt’s nοt connected tο thе Internet. Thеrе аrе ѕοmе οthеr staggering numbers, bυt thе point іѕ thаt a hυgе percentage οf data breaches аrе NOT “hackers” breaking іntο networks. Thеу’re gοοd οld laptop thefts, basically. Sο whісh іѕ more іmрοrtаnt tο focus energies οn (nοt thаt аnу aspect ѕhουld bе completely neglected): laptop security οr network security?
March 2nd, 2010 at 9:04 am
Hello;
I think that given the statistics, laptop security is more important. My guess is that the reason the network security is more effective is because professionals are charged with keeping the network safe … the security of the laptop is left to the user.
Perhaps installing the Linux operating system on a laptop might make it more secure? The file systems are automatically password protected by the operating system.
Thanks for the info!
Bill
March 4th, 2010 at 10:35 pm
You need to focus on BOTH! As soon as you get tunnel vision on any aspect of security, some ******* is going to hit you from the sidelines.
You are correct that most data breeches are due to stolen or lost laptops. That’s a simple fix, though, with modern hard drive encryption products. Once a laptop is encrypted it’s useless to anyone who doesn’t have the appropriate IDs and passwords. Even moving the hard drive to another machine won’t allow anyone to access the data on it.
Most network breeches are actually from the inside by an authorized user. For this reason it’s critical that you include security in your basic network design criteria and document user access authorizations in writing!
Of course, any Internet-facing systems need to be hardened against attack. They should also be sand-boxed in a DMZ with firewalls between the DMZ and Internet and a second firewall between the DMZ and the internal network. You must ensure that security patches are applied as needed but don’t just blindly apply patches without testing. And don’t apply security patches that are not needed; for example a SQL injection patch isn’t required on a web server that serves up static pages and isn’t connected in any way to a SQL database.
Also consider IPS/IDS. Snort is your friend here. You need to be aware of any suspicious activity on your networks and follow through on any alarms. Most alarms will be something innocent, but as soon as you get complacent something is going to go bust. Make SURE that someone is reviewing the logs frequently and documents that review.
Also, consider *********** testing, both internally and externally. If you’re like most systems admins, your first *********** test will leave you crapping in your jeans and working overtime to patch the holes. Make sure that the testing trips your IPS/IDS alarms reliably and fine-tune as needed to ensure good alarms and minimize false alarms.
Finally, do NOT fall into the trap that one OS is inherently more secure that another. ALL OSs have security vulnerabilities in their default installations that need to be addressed. I’ve lost track of the number of Linux systems running Apace and MySQL that were trounced by simple attacks that should have been avoided if the admin knew what he or she was doing!
Information security is a multi-faceted area that must focus on all potential threats simultaneously. Your systems ARE being hammered from all directions and it won’t matter how good your laptop security is if an Internet-facing system is compromised by a SQL injection attack that exposes your customer data to an attacker.
March 7th, 2010 at 11:10 pm
Dan,
You seemed to already know the answer. Study’s certainly show an overwhelming lack of security as it pertains to hardware. And as companies navigate towards lighter, cheaper and faster laptops, major breaches will continually occur as a result of laptop theft. Even still, protecting a network from outside criminal hackers and from malicious internal employees is essential. I suggest doing a search on “laptop tracking” is a great source of information regarding protecting hardware.