Networking & Security

Home Services Networking & Security

GATEWAY SECURITY

A gateway is a network point that acts as an entrance to another network. On the Internet, anode or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company’s network or at your local Internet service provider (ISP) are gateway nodes.

In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both arouter, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet.

EMAIL AND WEB SECURITY

Sending and receiving e-mail, file sharing and browsing websites may seem innocuous on the surface, but if you’re not careful these activities can open your computer to countless vulnerabilities. E-mail messages can easily be forged and they’re often used to launch malware. Malicious web sites can install software on your computer or collect personal information from your computer.

Here are a few basic things to keep in mind:

  • Don’t give out confidential information in response to any e-mail. Messages that try to persuade you to send your password or credit card number are forged, even if they appear to be from the your bank or system administrator.
  • Be wary of any e-mail attachment that you weren’t expecting (this also applies to Web downloads). It’s very easy for a computer virus to be present in an e-mail that appears to be from a friend. It is strongly suggested that antivirus software be used to scan anything that you receive in your e-mail.
  • If you receive e-mail from an address at CU Boulder which you feel violates the campus Acceptable Use of CU-¬Boulder’s IT Resources policy, it should be reported to the IT Service Center at help@colorado.edu so action can be taken. It is suggested you do not delete the message, as it can often be useful in tracking down the incident

Endpoint Security

In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops or other wireless and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.

Usually, endpoint security is a security system that consists of security software, located on a centrally managed and accessible server or gateway within the network, in addition to client software being installed on each of the endpoints (or devices). The server authenticates logins from the endpoints and also updates the device software when needed. While endpoint security software differs by vendor, you can expect most software offerings to provide antivirus, antispyware, firewall and also a host intrusion prevention system (HIPS).

Endpoint security is becoming a more common IT security function and concern as more employees bring consumer mobile devices to work and companies allow its mobile workforce to use these devices on the corporate network.

Data Encryption

Encryption uses a mathematical algorithm to scramble readable text that cannot be read unless the reader has the key to “unlock,” or convert, the information back to its readable form. This means that your sensitive data cannot be accessed without you providing a password.

It is the easiest and most practical method of protecting data stored or transmitted electronically and is particularly essential with sensitive data.

Even a single failure to encrypt sensitive data, whether through e-mail or via a stolen flash drive or laptop, can result in a security breach with criminal or civil liabilities and irreparable harm to finances and the reputation of the university.

The following items—while not a comprehensive list—are examples of sensitive data:

  • Social Security numbers
  • Credit card numbers
  • Bank account information
  • Driver’s license numbers
  • Patient and student information (HIPAA/FERPA)
  • Proprietary research and legal data

ITCS Recommends the Following Data Encryption Tools

  • Transfer and Store Sensitive Files: IronKey Encrypted Flash Drives. Secure, hardware-encrypted, tamper-resistant and password-protected. You will need to determine your storage capacity needs (e.g. 4GB or 8GB); the basic version is recommended. There are several suppliers of this device includingIronKey, NewEgg and CDW-G.
  • Encrypt a Drive:
    • BitLocker Drive Encryption. Included with all Windows 7 Ultimate and Enterprise edition PCs, BitLocker encrypts an entire drive rather than individual files. A drive can be password-protected, decrypted or BitLocker can be temporarily suspended at any time by the authorized user. Visit the Microsoft.com BitLocker page for instructions to turn on BitLocker encryption.
    • Guardian Edge Hard Disk Encryption. Guardian Edge encrypts every file on the hard drive and renders it useless if unauthorized access is attempted, especially important with computer thefts on the rise. Learn more at the Symantec Endpoint Encryption.
    • TrueCrypt. Available as a free download, this software encrypts data on most any device, including portable—and easily lost or stolen—devices such as laptops, smartphones and flash drives. Visit the TrueCrypt website to learn more.
  • Encrypt Data Files: WinZip. Good for encrypting, compressing (reducing the file size) and sharing individual files.
  • Encrypt Email Messages and Attachments:
    • IronPort. If you have to send sensitive information, such as HIPAA or FERPA data, to an entity outside of the ECU network, then IronPort is a solution for your encrypted correspondence. Learn more at the email encryption page.
    • WinZip. If your email attachment(s) contain sensitive information, then WinZip is a solution for encrypting, reducing the size, and sharing these files.

Two Factor Authentication

Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it.

According to proponents, two-factor authentication could drastically reduce the incidence of online identity theft, phishing expeditions, and other online fraud, because the victim’s password would no longer be enough to give a thief access to their information. Opponents argue (among other things) that, should a thief have access to your computer, he can boot up in safe mode, bypass the physical authentication processes, scan your system for all passwords and enter the data manually, thus — at least in this situation — making two-factor authentication no more secure than the use of a password alone.

Some security procedures now require three-factor authentication, which involves possession of a physical token and a password, used in conjunction with biometric data, such as fingerscanning or a voiceprint.

Security Information Management

Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs. A security information management system (SIMS) automates that practice. Security information management is sometimes called security event management (SEM) or security information and event management (SIEM).

Security information includes log data generated from numerous sources, including antivirus software, intrusion-detection systems (IDS), intrusion-prevention systems (IPS), file systems, firewalls, routers, servers and switches.

Security information management systems may:

  • Monitor events in real time.
  • Display a real-time view of activity.
  • Translate event data from various sources into a common format, typically XML.
  • Aggregate data.
  • Correlate data from multiple sources.
  • Cross-correlate to help administrators discern between real threats and false positives.
  • Provide automated incidence response.
  • Send alerts and generate reports.

Commercial SIM products include ArcSight ESM, nFX’s SIM One, Network Intelligence’s enVision, Prism Microsystems’ EventTracker, Trigeo, Symantec’s Security Information Manager, Cisco Security MARS and Snare. Open source SIM products include OSSIM, a product of the Open Source Security Information Management initiative, and Prelude, from PreludeIDS.

Although SIM products can automate many tasks around security information gathering and processing, they can’t operate effectively without significant effort and investment on the part of the organization in question. According to Neil Roiter, Senior Technology Editor of Information Security magazine, “Security information and event management (SIEM) products are only as good as the policies and processes they support, and the analyst resources that a company can pour into them.”