GhanaLink Logo Advert Space Animation
Home | Search | Contents | Feedback | PeopleChat | See a Pastor
Items
Kente Band
Business/Investment
Tourism
Weather
Cars
Technology
Education
Religion
Health
Entertainment
Gorvernment/Politics
Learning/Research
Sports
Home Ownership
GhanaLink (internet access)
Internet Directory 		Learning & Research

We begin our learning & research page with an article culled from the March/April 2001 issue of the magazine, Computers in Africa.
Make your Network,Hack-Proof
Ernst & Young recently put together a course in anti-hacking security & the company's Johannesburg based hacker experts & course presenters,Lannon van Rooyen, Justin Williams & Stieler van Eeden, when asked to draw up a list of the top ten anti-hacking security tips came up with the following;

* Know what you have & its value.
Build an inventory of hardware,software,operating systems,databases & applications.Estimate the value of your assets.If you do not know the worth of information & systems to the businessyou do not know where to place your resources.

* Physical Security
Make sure physical security is tight.Does not help to protect the software if you can walk out with your server.Keep in mind that over 60% of all attacks are internal.

* Keep up to date
New Security loopholes appear daily.Patches to fix these loopholes appear almost as regularly.If you miss one, you are open to attack.Answer is to monitor the security sites daily egs;
Vendor Sites:www.microsoft.com, www.ibm.com
Portal Sites: http://packetstorm.security.com, www.tlsecurity.org.
Underground sites: www.attrition.org, www.hack.co.za

* Intrusion Detection System
Your network should have an Intrusion Detection System (IDS).Without one, your network is a sitting duck for hackers.Write up an incident response plan to deal with incidents.

* Firewall
A firewall is your first line of defence.Without a firewall you have no idea who is coming onto your network or what is going out.

* Education
Uneducated users can be manipulated into betraying your network secrets.
Without education they cannot be held accountable for their actions.Network administrators must have an in-depth knowledge of the products they are using & the possible areas of attack.

* Encryption
If it is important & travelling across a network (not just the Internet), encrypt it! A sniffer , a program that eavesdrops on a network examinig all traffic on that network segment, is a hacker's best friend.Easy to install, easy to maintain, difficult to trace.

* Policies & Procedures
Your employees know what to do if there is a security breach, but will new personne. know what to do in six months time ? Your network was secure six months ago but do you have any idea of what it looks like now ? Strong policies & procedures ensure the long life of your security installation.
Policies should coverchange control & should ensure the accountability of users by telling them what they may & may not do.Your security policy document should also make it clear to users that they cannot expect privacy of email & web use.

* Documentation
You should have all the necessary manuals & make the best use of them.

* Logging & Reveiw
You have the IDS.Make sure it is logging attacks.The key to logging is to only log those thingsthat you need to do, log them only once & to reveiw them daily.Somebody should be ensuring that the administrators are checking the logs daily & are not tempted to miss the occasional one.Ensure that there is a backup administrator to fill in when the chief administrator is on leave or off sick.
Others
Contact Us
MessageBoard