By David E Stern, CISSP
By all accounts, the financial situation for 2009 is not going to be pretty. Organizations are cutting budgets across the board and IT Security certainly isn’t immune. While I certainly would never turn away increases in staffing or capital budget for new equipment, I do see some great opportunity for IT Security in these tough times. IT Security spending has consistently grown in the past 5 to 8 years putting lots of new technology into the field.Â However, no matter where I look, I still see the same gaps in the walls that I saw 5 years ago in terms of how security systems are operated and how security organizations are run. In 2009, the information security community needs to focus inwards, and focus on cleaning up some of its worst lingering messes.
Invalid internal SSL certificates
How many times have you logged into the web (SSL “protected”) management console for your SIEM or Antivirus server and quickly clicked through the little popup warning that the system’s certificate is invalid? We are all guilty of this practice. Generate valid certificates and install them on every web based management console under your control. Send out emails to other infrastructure management teams in the organization explaining the issue and offering to provide them with valid certificates as well. Finally, make sure that the expiration date on the certificate is noted on a shared calendar.
While writing this article, I looked through my browser bookmarks and found a number of IP addresses where DNS names should be. Every system needs to have a forward and reverse DNS entry. This is basic housekeeping that will result in less system errors, better performance, and make troubleshooting a lot easier. Oh, and it also necessary for certificates to work properly.
You cannot protect something that you don’t know you have. Asset management is certainly not a traditional IT Security function. However, without accurate asset lists, IT Security cannot run complete vulnerability scans and cannot assess newly discovered threats. It only takes one un-patched machine to compromise a network. Get together with the desktop and server support teams and talk it over.
Go into your data center and find your most critical firewall. If you needed to swap it out today, would you be blocked by tight cables running across its face? Could you easily trace the power cables back to the power strip? Will you “jiggle” another fiber patch while replacing this unit? Clean up your racks in planned change windows before its too late.
Next month, we will continue to look at ways to turn those 2009 lemons into lemonade.