Keeping Your Business Safe from Attack: Monitoring and Managing Your Network provides readers with the information they need to securely implement a network based around Microsoft products. The book is be split into two major focus areas -- securing against threats from the outside world and securing against threats from the inside world. Each focus has its own set of requirements, and the book provides approaches for each area, including, but not limited to, anti-virus, VPNs, spyware, DMZs, content filtering, Browser Helper Objects, patching, quarantining, intrusion detection, and event notification.
"Enemies are so stimulating." So goes the quote from Katharine Hepburn. Of course, you might not share her point of view if you’ve had to put in some long hours at the office cleaning a virus out of your network, but overall I think the statement is an accurate one. Enemies are stimulating, in the sense of forcing us—as business owners, network administrators, or skilled professionals—to think creatively and comprehensively about how to defend our systems and our assets against attack from those who would do us harm.
And believe me, your network is destined to be attacked. Sometimes it's just for a sense of accomplishment; other times the motivations are financial in nature. Whatever the case might be, attacks are going to be directed at your network one way or another. You don’t need to look any further than a PSINet Europe study, originally reported in January 2003, to know this to be true. The study tested how long an unprotected host plugged directly into the Internet would last before being attacked. Through the course of this study, the host in question was maliciously attacked 467 times in the first 24 hours—nearly 20 attacks an hour, or one every 3 minutes.
Securing your network doesn't need to be a mystery; it’s not something you should feel intimidated about. I’ve spent a long time helping my clients secure their networks and not one system I’ve built in the past 5 years has been exploited. Leading researchers such as Carnegie Mellon University and the Gartner Group both agree with me on this point: Good security is obtainable on today’s OSs and applications through proper implementation and management of your network assets.
Gartner Group, at the company’s October 2001 Symposium/ITxpo conference, stated that “About 90 percent of security breaches occur because attackers take advantage of software that IT staffers have either misconfigured or failed to patch.” Carnegie Mellon agrees with Gartner on this point as well but taking the numbers even higher, stating that 99 percent of all reported intrusions "…result through exploitation of known vulnerabilities or configuration errors, [for which] countermeasures were available."
Throughout the pages of this eBook, I have two main goals in mind for you, the reader. My first goal is to help you get secure. We’ll take a look at several network security techniques designed to protect you from threats from the outside world, including building a network with a proper demilitarized zone (DMZ), using VPNs for secure remote access, blocking hostile traffic with firewalls and proxy servers, and filtering unauthorized or malicious content. Security, however, is a constantly moving target. No "security nirvana" exists that, once you have it, makes you 100 percent secure and never have to think about it again. Quite on the contrary, the world of security, and the threats to your assets are constantly evolving. But with the right tools and practices, I’ll show you how to easily keep on top of things so that you can stay secure from threats from the outside world.
Threats don’t come from just the outside world, though. Unfortunately, many threats to a network these days come from the inside world—the world of desktops and end users who exist behind the firewall in a highly trusted network space. Whether attacks from the inside world are intentional, they represent a real threat in the world today. So, we’ll look at several techniques to protect you from your internal users who could cause you harm, including limiting users' ability to access external email and Web mail systems, detecting misconfigured workstations and quarantining them until they can be trusted to reside on your network, and techniques for protecting desktops from some of the latest types of browser threats, spyware, and other nasty malicious software that is trying to enter your network.
Finally, whenever the capabilities exist, I will show you how to monitor security problems that arise on your network so that you can be aware as soon as possible and take action. Proper security management needs to be a very pro-active task, so keeping on top of your systems is just as important as deploying secure systems in the first place. It's my hope that by the end of this eBook you’ll see that good security is a goal that not only you can obtain, but that you'll be enthusiastic to start to put some of the practices to work within your organization.
— Doug Toombs
A strategic IT consultant with more than 10 years of experience in LAN and WAN networking