You are here  IT Management Risk Management

Don't overlook critical network infrastructure systems

Wednesday 07 March 2007 12:00
Most network administrators and IT governance committees (if you're lucky enough to have support for one) include servers and applications within their response plans. That's fine and dandy, but you cannot overlook supporting network infrastructure systems and other critical systems that would cause just as many problems during and after a security breach. Be sure to consider the following systems for the scope of your incident response plan:
  • Firewall(s)
  • Router(s)
  • T1 CSU/DSU systems
  • DSL routers
  • Ethernet switches
  • Wireless access points and bridges
  • Phone switches
  • VoIP call managers and related systems
  • Laptops, PDAs, smart phones and mobile drives (that undoubtedly contain sensitive information)
  • critical workstations belonging to groups such as IT, HR and executives
  • VPN or Terminal Services servers

These systems are often compromised, leading to a breach, so make sure you're looking beyond your Windows domain controllers and IIS Web servers. And don't forget about any Linux, NetWare and midrange/mainframe systems.


Plan for a security breach, step by step

  Introduction
  Step 1: Define what "breach" means to your business
  Step 2: Don't overlook critical systems
  Step 3: Know who to contact and have that information available
  Step 4: Develop a simple yet methodical set of response steps
  Step 5: Get input from others affected by a security breach
  Step 6:Keep your momentum going

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.