|
Distributed architectures
are prone to vulnerabilities unthinkable in monolithic host/
terminal systems. Desktop systems can contain sensitive information that may be at some
risk of being exposed and must therefore be protected. Individual users may lack general
security savvy or awareness, and therefore the underlying architecture has to compensate
for those deficiencies. Desktop PCs, workstations, and laptops can provide avenues of
access into critical information systems elsewhere in a distributed environment because
users require access to networked servers and services to do their jobs. By permitting user
machines to access a network and its distributed resources, organizations must also recog-
nize that those user machines can become threats if they are misused or compromised. Such
software and system vulnerabilities and threats must be assessed and addressed properly.
Communications equipment can also provide unwanted points of entry into a dis-
tributed environment. For example, modems attached to a desktop machine that’s also
attached to an organization’s network can make that network vulnerable to dial-in attacks.
There is also a risk that wireless adapters on client systems can be used to create open net-
works. Likewise, users who download data from the internet increase the risk of infecting
their own and other systems with malicious code, Trojan horses, and so forth. Desktops,
laptops, tablets, mobile phones, and workstations—and associated disks or other storage
devices—may not be secure from physical intrusion or theft. Finally, when data resides
only on client machines, it may not be secured with a proper backup (it’s often the case that
although servers are backed up routinely, the same is not true for client computers).
You should see that the foregoing litany of potential vulnerabilities in distributed
architectures means that such environments require numerous safeguards to implement
appropriate security and to ensure that such vulnerabilities are eliminated, mitigated, or
remedied. Clients must be subjected to policies that impose safeguards on their contents
and their users’ activities. These include the following:
■
Email must be screened so that it cannot become a vector for infection by malicious
software; email should also be subject to policies that govern appropriate use and limit
potential liability.
■
Download/upload policies must be created so that incoming and outgoing data is
screened and suspect materials blocked.
■
Systems must be subject to robust access controls, which may include multifactor
authentication and/or biometrics to restrict access to end-user devices and to prevent
unauthorized access to servers and services.
■
Restricted user-interface mechanisms and database management systems should be
installed, and their use required, to restrict and manage access to critical information
so users have minimal but necessary access to sensitive resources.
■
File encryption may be appropriate for files and data stored on client machines (indeed,
drive-level encryption is a good idea for laptops and other mobile computing gear that
is subject to loss or theft outside an organization’s premises).
352
Chapter 9
■
Security Vulnerabilities, Threats, and Countermeasures
■
It’s essential to separate and isolate processes that run in user and supervisory modes
so that unauthorized and unwanted access to high-privilege processes and capabilities
is prevented.
■
Protection domains should be created so that compromise of a client won’t automati-
cally compromise an entire network.
■
Disks and other sensitive materials should be clearly labeled as to their security classi-
fication or organizational sensitivity; procedural processes and system controls should
combine to help protect sensitive materials from unwanted or unauthorized access.
■
Files on desktop machines should be backed up, as well as files on servers—ideally,
using some form of centralized backup utility that works with client agent software to
identify and capture files from clients stored in a secure backup storage archive.
■
Desktop users need regular security awareness training to maintain proper security
awareness; they also need to be notified about potential threats and instructed on how
to deal with them appropriately.
■
Desktop computers and their storage media require protection against environmental
hazards (temperature, humidity, power loss/fluctuation, and so forth).
■
Desktop computers should be included in disaster recovery and business continuity
planning because they’re potentially as important as (if not more important than) other
systems and services within an organization for [or in] getting their users back to work
on other systems.
■
Developers of custom software built in and for distributed environments also need
to take security into account, including using formal methods for development and
deployment, such as code libraries, change control mechanisms, configuration manage-
ment, and patch and update deployment.
In general, safeguarding distributed environments means understanding the vulnerabili-
ties to which they’re subject and applying appropriate safeguards. These can (and do) range
from technology solutions and controls to policies and procedures that manage risk and
seek to limit or avoid losses, damage, unwanted disclosure, and so on.
A reasonable understanding of countermeasure principles is always important when
responding to vulnerabilities and threats. Some specific countermeasure principles are dis-
cussed in Chapter 2, “Personnel Security and Risk Management Concepts,” in the section
“Risk Management.” But a common general principle is that of defense in depth.
Defense
in depth
is a common security strategy used to provide a protective multilayer barrier
against various forms of attack. It’s reasonable to assume that there is greater difficulty in
passing bad traffic or data through a network heavily fortified by a firewall, an IDS, and a
diligent administration staff than one with a firewall alone. Why shouldn’t you double up
your defenses? Defense in depth (aka
multilayered defense
and
diversity of defense
) is the
use of multiple types of access controls in literal or theoretical concentric circles. This form
of layered security helps an organization avoid a
monolithic security stance
. A monolithic
or
fortress mentality
is the belief that a single security mechanism is all that is required to
provide sufficient security. Unfortunately, every individual security mechanism has a flaw
Distributed Systems and Endpoint Security
353
or a workaround just waiting to be discovered and abused by a hacker. Only through the
intelligent combination of countermeasures is a defense constructed that will resist signifi-
cant and persistent attempts of compromise.
Do'stlaringiz bilan baham: |
