|
|
| Other
Network Elements
|
| Are
your 'other' boxes being targeted
by would-be intruders? |
| It's
easy to pretend that Unix and
NT are the only operating systems
on our networks. But many boxes
which reside on the network
aren't servers... and aren't
Unix, NT, or Mac. They're the
traffic cops. Routers, async
switches, engines. If their
security is compromised, the
entire corporate network - and
all the machines connected to
it - are at risk. |
| There
are also OTHER machines out
there. Boxes which are unique
to a particular industry: For
example, the telephone companies
are responsible for, of course,
dial tone: The central office
switch, or C.O. When you pick
up your home phone, the central
office is the computer which
provides you dial tone... usually
before the handset reaches your
ear. |
| The
electric companies have machines
unique to them (S.C.A.D.A.),
banks (E.F.T.), investment firms,
manufacturing, gas, water and
other industries all have systems
unique to their environment
and charter. These machines
are, effectively, the life's
blood of each company.
|
| Regardless
of your industry, you should
be auditing these machines. |
| Audit
items should include the local
consoles being secured and residing
in a restricted-access room,
administrative-level access
only, and the system should
employ strong authentication
(token card) if possible for
remote access. The system administrators
should be well trained on the
system security features and
logging/accounting/audit should
be enabled if the CPU can handle
the load. |
| While
it's true there's a zillion
Unix and NT machines to keep
your audit schedule busy for
the next 20 years, remember
to question what the 'other'
boxes are on that network diagram.
Ask if there's a modem on it,
check the wiring closet for
confirmation. Rattle the door
to the room where the machine
lives. Look to see if the hinges
on the door are on the outside
(which can easily be popped
out and the door removed from
the frame). |
|
