Attacks on the system security include password theft, back doors and bugs, social engineering, protocol failures, authentication failures, Denial of Service attacks, active attacks, botnets, exponential attacks including worms and viruses, and information leakage. (Fortify Software Inc., 2008); (Fortify Software, n. d.)
Servers are targets of security attacks due to the fact that servers contain valuable data and services. For instance, if a server contains personal information about employees, it can become a target for stealing identities. All types of servers, which include file, database, web, email and infrastructure management servers are vulnerable to security attacks with the threat coming from both external as well as internal sources.
Some of the server problems that can jeopardize its security include: (i) Weakly encrypted or unencrypted information, especially of a sensitive nature, can be intercepted for malicious use while being transmitted from server to client. (ii) Software bugs present in the server Operating System or server hardware may be exploited for illegal access to the system. (iii) the server and its related network infrastructure may become the target of Denial of Service (DoS) attacks hampering valid user entries. (iv) Inability to prevent unauthorized access to the server may result in vital information being read or changed by unauthorized users. (v) Once a hacker breaks into the server system, it becomes easy to manipulate or destroy other resources linked to the organization's server. External servers may also be targeted and viruses placed in the system to exploit the loopholes present in the compromised system. (Scarfone; Jansen; Tracy, 2008) vi) Non-standardized software configurations which do not adhere to the security policy of the organization. (vii) Lack of company-wide system-security policy. (viii) Server complexity is also a source of many server security problems. (ix) Failure to assign file system permissions like read, write and execute. (x) Lack of separation of privileges on the server may jeopardize the system security. For example, the role of database administrator and system administrator should be kept separate. (xi) Failure to keep logs and records. Logs and records can provide valuable information regarding the methods and means of a security breach which can be utilized for preventing future attacks. (xii) Allowing remote administration of the server without proper planning and risk analysis. One of the main server problems which lead to a compromise of system security is the use of general operating systems without proper configuration. Default configurations are aimed at user friendliness and not security. (Scarfone; Jansen; Tracy, 2008)
Therefore, it is essential to change the default software and hardware configurations in favor of a configuration which has the following features: (i) removal or disabling of unnecessary applications, network protocols and services. (ii) Installation of patches or upgradation of OS. (iii) Conducting security testing of OS. (iv) Configuration of user authentication in the OS. (v) Installation of extra security controls and applications like host-based firewall, network-based firewall, packet filtering router, mail gateways, proxy, and antivirus applications. (vi) Configuration of resource controls. (Scarfone; Jansen; Tracy, 2008)
An "Intrusion Detection System," a second line of defense for a system's security, is one which identifies an intruder who has gained unauthorized access to the computer system and can disable or foil the intrusion rapidly before any damage is done. The faster an intrusion is exposed, the more rapidly a recovery plan can be implemented and lesser will be the damage done to the system. Installing a good intrusion detection system also acts as a preventive measure discouraging potential intruders. Intrusion detection systems generate vital information about the intrusion methods which can help to make the detection system more robust. The idea behind the intrusion detection principle is that an intruder's behavior will differ from a valid user's behavior. Since this behavior may be overlapping in many cases, the distinction may be very subtle and often be blurred leading to "false positives" -where valid users are mistaken as intruders and "false negatives" - where intrusion activity is taken to be valid). Therefore, intrusion detection requires skill as well as a certain degree of compromise which may be essential in order to safeguard vital system data. The challenge lies in identifying a misfeasor, a valid user or insider trying to gain access in an unauthorized manner, and a clandestine user. (Stallings, 2006); (Trcek, 2006)
These are: (a) Statistical anomaly detection and (b) Rule-based detection. Statistical anomaly detection involves collecting legitimate user behavior over a certain time period. This data is subjected to statistical tests to determine legitimate and unauthorized behavior with a high degree of confidence. Statistical anomaly detection can be implemented in two ways - threshold detection and profile-based detection. Threshold detection involves demarcating user-independent thresholds to compute the frequency of incidence of events. Profile-based detection involves developing the activity profile of every user and employing it to distinguish between authorized and unauthorized behavior of each account. Rule-based detection involves outlining a set of rules which can be used as a benchmark for deciding intrusion behavior. This approach can also be of two types - anomaly detection and penetration identification. Rules in anomaly detection are developed in such a manner as to detect any kind of departure from past usage patterns. In rule-based detection involving penetration identification, an expert system is employed to detect unusual behavior. (Stallings, 2006); (Trcek, 2006)
Security mechanism of an organization's information system may refer to a process or device which is used to execute a security service that is present or installed in the system. There are various types of security mechanisms like physical mechanisms, logical mechanisms, pseudo-random generators, cryptographic algorithms, and one-way hash functions. Cryptography, which is concerned with the transformation of plain readable text into encrypted unreadable text or ciphertext and vice versa, is one of the most important elements of security mechanisms. Effective intrusion detection systems should be able to detect intrusion on the basis of event semantics and should be independent of the syntax, data type, platform or protocol. (Trcek, 2006); (Bace; Bace, 2000)
System security is required in practically all organizations which depend on information systems for their business and other organizational processes. However, it is common to note a lack of organized approach towards proper design and analysis of information systems development. The responsibility of system security is frequently perceived as the task of a security administrator. This means that security control mechanisms are deployed only after the system development is over. Therefore, it leaves very little choice for the system administrator or the system designer to incorporate security features in the system right from the beginning. (Tipton; Krause, 2004); (Gasser; Reinhold, 1988)
It is important that the foundations of information system security are laid when the design of the information system is being considered. A complete solution to system security can be provided by an OOSM or Object-Oriented Security Model which can be described as "a security oriented extension of the object oriented model." This should be designed and executed during the "system analysis and design stage of system development." In depth research is required in the field of system security in order to come up with a security mechanism that can address all aspects of system security. Developing security systems in distributed environments is a challenging task as it involves multiple security domains. Progress in this field is slow and needs to be speeded up. With an increase in network use and our increasing dependence on them, the vulnerability of computer systems has increased. This makes the urgency of coming up with effective security systems even more acute. (Tipton; Krause, 2004); (Gasser; Reinhold, 1988)
Bace, Rebecca Gurley; Bace, Rebecca. (2000) "Intrusion Detection"
Fortify Software Inc. (2008) "Fortify Taxonomy: Software Security Errors" Retrieved 17 November, 2008 at http://www.fortify.com/vulncat/en/vulncat/index.html
Fortify Software. (n. d.) "Seven Pernicious Kingdoms: A Taxonomy of Software Security
Errors" Retrieved 17 November, 2008 at http://www.fortify.com/vulncat/en/docs/Fortify_TaxonomyofSoftwareSecurityErrors.pdf
Gasser, Morrie; Reinhold, Van Nostrand. (1988) "Building a secure computer system"
1988. Retrieved 17 November, 2008 at http://cs.unomaha.edu/~stanw/gasserbook.pdf
Loader, David; Biggs, Graeme. (2002) "Managing Technology in the Operations
Scarfone, Karen; Jansen, Wayne; Tracy, Miles. (2008) "Guide to General Server Security
Recommendations of the National Institute of Standards and Technology" Retrieved 17 November, 2008 at http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf
Stallings, William. (2006) "Network Security Essentials: Applications and Standards"
Tipton, Harold F; Krause, Micki. (2004) "Information…
The management control area of authorize processing including certification and accreditation has been defined within Coyote Systems through the use of roles-based logins and access privileges and the use of certification of role-based access to ensure security. The company has found that through the use of role-based security authentication and the defining of rights by role, the certification and accreditation audits are far more efficient in being completed, and provide
Security Management Strategies for Increasing Security Employee Retention Design Effective Job Characteristic Model Skill Variety Task Identity and Task Significance Autonomy and Feedback Meeting Expectations Market Competitive Package Strategies for Increasing Security Employee Retention Security employees constitute the most important component of organizational workforce. It is because; they ensure the core survival of organization and its assets. However, the ironic fact is the security employees are considered blue collar workers and their compensation packages are low (Hodson & Sullivan,
Security Management The role of a security manager varies widely according to the particular organization and its needs, but despite this variety, there remain certain best practices and policies that can help maintain security and stability. This is nowhere more true than in the case of organizational loss, because while loss can mean widely different things depending on the field, the underlying theoretical concepts which inform attempts to minimize loss are
Security Monitoring Strategies Creating a unified, enterprise-wide security monitoring strategy for any organization must be based on a series of strategic goals and objectives that encompass every functional area and system of a business. The intent of this analysis is to define the objectives that must anchor a security monitoring strategy to ensure its success, followed by specific recommendations for security monitoring of each major functional area. Defining Security Monitoring Strategies For an
Security management is "described in some quarters as a function of risk management," (Bulletin 2, Part 2). Although there is some crossover with public sector security functions, such as policing, security management is generally considered a private sector domain. "Whilst private security has a predominantly commercial basis, it should not be forgotten that it does interact with the public to a considerable degree," (Bulletin 2, Part 2). Security management is
Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework