Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
F E A T U R E  
Inside NIP Hype

  September 4, 2003
  By Mike Fratto


>> continued from previous page

Focus on the EndPoint

TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Patches, It's Up to You
arrow
 Executive Summary
arrow
 Focus on the EndPoint
arrow
 Web Links
arrow
 Epoll results

The closer you place security tools to vulnerable systems, the safer your data. The data that is valued by attackers resides on your network-attached desktops and servers, so you need to protect the applications that hold that data--or are gateways to it--just as you protect underlying operating systems.

These are two distinct and difficult tasks, but instead of slavishly girding your network perimeter, adopt the mind-set that you'll design with a focus on protecting assets and denying malfeasants access to where those assets reside. Here are two best practices to start you on the road to enlightenment:

• Harden the underlying OS by removing unnecessary services and applications. The remaining services should be run on nonprivileged accounts whenever possible. Removing services takes away attackers' access methods. Removing applications hobbles attackers, temporarily at least, if they do gain access to a server because tools may not be immediately available, and potentially vulnerable programs are not accessible for local-privilege escalation attacks. Oh, and keep current on patches.

HIP (host intrusion-prevention) products may help in hardening an OS. HIP products work by passing all system-level calls for resources, like file access, to an ACL (access-control list). Based on the ACL, the request is passed or blocked. Check out "HIP Check".

• Consider customized installations. When installing products, try to enforce secure installation practices. When administrative accounts are created within applications, for example, ensure that the passwords are complex even if the product doesn't enforce it. Try to understand what changes are made to the underlying system, and limit the features to those you need. Don't take default installation options.

For more on asset-based security, see "Secure to the Core".


start top   Executive Summary Web Links 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers