Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   Original Source:    http://www.unisys.com/ OnlineSecurity and Unisys to present on Global Risk: POST 911 OnlineSecurity and Unisys Electronic Security Solutions Every organization connected to the Web faces the risk of hackers stealing sensitive data or causing denial of service attacks that make Web sites temporarily unavailable. Organizations also encounter viruses and worms, such as Code Red and Nimda, that can cause e-mail servers to crash. Despite a recent uptick in hacker attacks and the ongoing spawning of viruses, businesses haven't taken the steps necessary to guard against eak-ins and espionage, according to Information Week Research's 2001 Global Information Security Survey. That survey was taken before the September 11 terrorist attacks. It is highly probably that since the attack, like many other organizations, the Information Week survey respondents have reassessed their security programs. "Security" is a oad term that covers many areas - physical security, enterprise security, data security, and business continuity to name a few. Here we address network and information security. Protect Data If your servers or network are connected to the Internet, you face two concerns. First, you must protect your data from theft or destruction and you must make sure that your systems can't be disabled. Second, you must prevent your systems from being compromised and used as a launch pad for hacking, distributed denial of service, or other types of cyber attack. Although most hackers deface Web pages, there are increasing incidents of hackers who delete files or deny service. In addition, hackers have started to enter a site in order to change data stored on servers. For example, a hacker entered the Yahoo! site and altered a number of news stores, inserting phony quotes and erroneous information. Minimize Impact of Attacks It is possible to prevent these types of attacks. And, your preventative program doesn't need to be complicated. The first step is to re-examine your security policy to see what changes should be made to adapt to today's new environment. For example, is it still adequate to update virus signatures weekly? Would it be more appropriate to update the signatures daily or even frequently throughout the day? Here are other things to consider: Re-examine policy statements governing access for employees, partners, and suppliers. Conduct vulnerability assessments, including penetration testing of servers and networks. Following the assessment, review the results and set priorities for patching any holes - tackling the most critical first. Ensure that the latest versions of software, bug fixes, and security patches are installed on critical systems. Upgrade firewalls and intrusion detection systems. Increase the level of monitoring to go beyond static devices such as firewalls to include 24/7 real-time monitoring. Explore stronger access controls. Go beyond user names and passwords; use biometrics - such as fingerprint scans at the PC level - to assure that users are authorized to access an application or conduct a transaction. Provide personal firewalls to employees who use a VPN to access e-mail or the company Intranet. Limit outside data feeds from Internet sources so that hackers can't use your servers to create back doors into your systems. Implement encryption technologies to protect electronically transmitted data as well as stored or archived electronic data. Cyber attacks will continue. The Computer Emergency Response Team (CERT) Coordination Center estimates that the number of Internet attacks will double in 2001. Not every cyber attack will be an act of cyber terrorism. However, unintended eaches can seriously damage a company's reputation and adversely impact revenue generation. Cyber terrorism is an issue facing all organizations. It is important to understand this threat and take steps to limit vulnerabilities.