INTEGRATED SECURITY
VIRUS PROTECTION
Symantec™
Client Security
Business Pack*
Symantec™ Client Security Norton Internet Security™
Small Office Pack
with Groupware Protection
Business Pack
Norton™
Personal Firewall
Small Office Pack
Norton
AntiSpam™
Small Office Pack
Firewall – intrusion protection
against hackers
Norton AntiVirus™
Small Office Pack
Symantec AntiVirus™
Business Pack*
Symantec AntiVirus™
with Groupware Protection
Business Pack
Symantec AntiVirus™
Multi-Tier Protection
Business Pack*
Removes viruses automatically
without interrupting your work
Scans and cleans email
Privacy protection
– blocks confidential information
from being sent
Blocks new script-based viruses and prevents
worms from spreading
Protects against new viruses
with automatic updates
Stealth mode – makes PCs
invisible to other Internet users
Ad blocking
Scans and cleans
instant messages
Filters spam and unwanted
email content
Virus protection for desktops
Virus protection for servers
Content filtering
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Controls workgroup Internet access on a
small network
Virus protection for SMTP gateways
Virus protection for desktops
* Also available via the Value License Program
Virus protection for servers
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Updates automatically
to protect against new threats
* Also available via the Value License Program.
SECURITY APPLIANCES
PROBLEM SOLVING
SymantecTM Gateway Security 320
Firewall
Virtual Private Networking (VPN)
SymantecTM Gateway Security 360 and 360R
Stateful firewall that inspects at the IP and circuit layers
Gateway-to-gateway,
client-to-gateway and VPN-passthrough
Gateway-to-gateway, client-to-gateway and
VPN-passthrough 360R - includes 10 client-to-gateway licenses
Norton™ SystemWorks Premier
Small Office Pack
Supports encryption using DES, 3DES and AES.
IPsec
Intrusion prevention
Gating - blocks a specific detected event from passing through the firewall
Intrusion detection
Signature-based intrusion detection
Antivirus protection
Antivirus policy enforcement - appliance constantly queries network entities and remote users
to ensure antivirus is running and blocks or warns if not
Content filtering
Removes viruses automatically
without interrupting your work
Two user-definable URL lists (allow and deny), maximum of 100 entries each
Restores your PC to its
previous working state
Antispam
Standalone web-based management
High Availability
Scans and cleans email
Blocks new script-based viruses and
prevents worms from spreading
Yes
Yes
via external modem
via external modem or second WAN port
Monitors your PC continuously to
identify problems before they occur
Wireless access point security
Maximum recommended users / nodes
Maximum firewall throughput
VPN (DES, 3DES, AES) and WEP
VPN (DES, 3DES, AES) and WEP
50
100
55 Mbps
60 Mbps
Removes old software applications
and other unneeded files
broad range of software, appliances and services designed to help
individuals, small and mid-sized businesses, and large enterprises
secure and manage their IT infrastructure. Symantec's Norton
brand of products is the worldwide leader in consumer security
and problem-solving solutions.
Headquartered in Cupertino, Calif., Symantec has operations
in more than 35 countries. More information is available at
www.symantec.com.
IT Security for Small Businesses
Creates backup disks, restores files quickly
and clones one hard drive to another
Stores confidential passwords
and credit card numbers
Symantec is the global leader in information security providing a
▼
Optimises file storage
Load Balancing and throughput aggregation via dual WAN ports
Load Balancing
Prevent unwanted
access by intruders
About Symantec
IT Security for Small Businesses
Intrusion detection
Unfold this section to find out about Symantec's IT security products that can help to protect your business
Compare Symantec's IT security solutions to find which one
best suits your business.
Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation.
Copyright © 2004 Symantec Corporation. All rights reserved.
All product information is subject to change. 09/04
Prevent unwanted
access by intruders
Prevent unwanted
access by intruders
IT Security for Small Businesses
The book ”Prevent unwanted access by intruders. IT Security for Small Businesses” has
been produced by the marketing department of Symantec Nordic AB in collaboration with
Kundskaparna AB.
Project Coordinator, Symantec Nordic: Helene Ruda
Project Manager, Symantec Nordic: Michael Skärbo
Project Coordinator, Kundskaparna: Niclas Norling
Layout & design: Kundskaparna
Text: Bertil Myhr, Hedberg & Co. Helene Ruda and Joakim von Braun, Symantec Nordic
Editing: Lars Strömqvist, Kundskaparna. Guy Clapperton
Photography: Mats Åsman, noart.nu
Artwork: Tomas Öhrling/Info AB and Tove Hennix
Market survey of small businesses: Dynamic Markets. Vanson Bourne
Typography: SymantecSans, SymantecSerif, Webdings
Paper, binding: Geltex 130 g
Paper, end paper: Kaskad yellow 120g
Paper, insert: Lessebo linné, white 120g
Paper, dust cover: Lessebo linné, white 150g
Print and repro: Kristianstads Boktryckeri AB
Print run, first edition: 11,000 copies in Swedish, Norwegian, Danish, Finnish and English
For the UK book, special thanks to: Katherine James, Symantec UK Ltd.
ISBN 91-631-5906-6
Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation.
Other brands and products are trademarks of their respective holder(s).
Copyright © 2004 Symantec Corporation. All rights reserved. 09/04
www.symantec.co.uk
Contents
Foreword
The Company IT Environment
Wired networks
Wireless networks (WLAN)
7
Protection against Data Loss
39
UPSs and backup power
39
9
Backup routines
39
9
Backups
40
10
Protection against Intrusion
Computer room
12
Internet connection
13
and Malicious Software
43
Remote working
15
Firewall
43
Remote working on home computers
17
Hardware-based and software-based firewalls 44
Remote working on laptop computers
18
Firewall principles
45
Antivirus
46
21
Intrusion detection
47
Viruses
22
User IDs and access control
48
Worms
23
Encryption
49
Trojan horses
24
Digital signatures
50
Blended threats
25
Passwords
51
Email threats and junk mail
26
Virtual private networking (VPN)
54
Internal threats
28
Vulnerability analysis
57
Misuse of the company’s IT resources
28
Threats to Information Security
Security Products for Small
Security Rules
Designing security rules
31
31
Seven steps towards an effective
security regime
32
Contingency plan
34
Training staff
37
and Medium-Sized Companies
59
M
any small businesses struggle with security on their computer systems.
Actually that’s not quite true. Many small businesses struggle with cash
flow, they agonise over when the next payment is going to be made, why
their cash flow is so appalling, why their larger customers think an invoice paid
within 90 days is acceptable instead of the 30 they agreed. They don’t have time to
think of security in any depth – if there’s an antivirus programme loaded on every
PC in the office, that’s that.
Except of course it’s not. If you install an antivirus programme on day one and
someone writes a new virus on day two, you’re stymied if you didn’t know you had to
keep the thing up to date. If someone steals your laptop and knows or guesses your
password correctly, your customer information is available to whoever has the
machine. Those are just the things that can happen deliberately. Your staff might
install their own software on a computer you’ve provided in their home, thinking
that’s OK – or they’ve picked the word ‘password’ as their password (no kidding,
I once worked a few days at a computer magazine where the editor had done just
that; I was into her system within seconds). Hopefully you have an IT manager to
put a policy in place, but how do you make sure everyone knows about it, and what
happens if they don’t?
There’s no simple answer to a lack of resources, or the need to keep all of your
data safe when there’s no IT manager to help. But in breaking the issues down into
comprehensible chunks and therefore making people aware of the issues, and
offering practical, simple advice as to how to surmount the problems involved,
Symantec’s made a good start with this booklet.
Guy Clapperton
2004
Guy Clapperton is editorial associate and columnist to The Guardian’s Business
Solutions section. He also contributes to The Times, The Observer, The Financial
Times and Arena on business and IT issues.
7
8
The Company IT Environment
Wired networks
Almost all offices with more than a couple of staff have a local
area network, which is used to link PCs, servers, printers and
communication devices. Traditionally, this consists of a twisted
Remote
pair cable in a star-shaped network: a cable is laid from a
central connection point, often close to the computer room,
to all PCs, printers and other peripheral devices.
There have been many technologies for local area networks,
but nowadays Ethernet is used almost exclusively. Despite
being the oldest principle used in local area networking,
Ethernet has proved to be better at adapting to technological
Internet
developments than all of the alternatives – the same principle
is still used in the latest wireless networks. The speed (bandwidth) of a cable-based local area network is usually 100 Mbps,
but a variant ten times faster known as Gigabit Ethernet is
gaining ground, particularly for connecting servers and
Gateway
network devices that need the high capacity offered.
File Server
Mail Server
Desktop
9
Wireless networks (WLAN)
WLAN (Wireless Local Area Network) is a technology that is
developing very rapidly, alongside the falling price of the
equipment. Most of the cabling is replaced by wireless
connections with approximately the same range as an
ordinary local area network, which is usually up to 100
metres. Communications are routed between base stations,
often called access points, and network adapters on the PC.
However, other companies in your vicinity have the same
right so performance and functionality can be affected if
several wireless networks are installed in close proximity to
each other without coordination.
Whereas on paper WLAN is slower than a cable-based
local area network, in practice few users will notice any
difference. A generation shift is now underway with WLAN
devices increasing their maximum network speed from 11
Mbps to 22 or 54 Mbps.
From the point of view of security, WLAN is a more
problematic solution than a cable-based network. As traffic
is passed over radio frequencies, it is susceptible to virtual
eavesdropping. In principle, the radio frequencies used by
wireless local area networks can be used freely, which has
both advantages and disadvantages. The advantage is that it
is possible to install a network without requiring permission
or paying charges. However,the fact that all the other companies in your vicinity have the same rights so performance and
functionality can be affected if several wireless networks are
installed in close proximity to each other without coordination. Microwave ovens and other wireless transmissions can
also disturb WLAN traffic.
It is vital to ensure that a WLAN is secured properly. Even
if the incorporated security is not perfect, it is of course better
than no security at all. The integrated WEP encryption (Wired
10
Equivalent Privacy, a security protocol for wireless local area
networks) is easy to crack, and many simple programs can be
downloaded from the Internet that do so automatically.
A minimum requirement for WLAN security is that
information pertaining to user identification (authentication)
is transmitted in encrypted form. Companies that have been
considering setting up a VPN solution (virtual private network;
see page 52), would be well advised to implement such plans at
the same time as setting up a wireless network. By using VPN,
you can shut out unwanted listeners.
Base Station
Network Adapter
11
Computer room
A typical IT environment in a smaller office might look like the
Did you know that...?
one in the picture. A small computer room with a few server
Of the 50 worst cases of
computers: one server for storing files and shared applications,
malicious code during the
one for email and one for the website. The file server is connec-
first half of 2003, 19 used
ted to a UPS (Uninterruptable Power Supply) unit for backup
file sharing services and
power. The same room often also houses the main data com-
instant messaging applications to propagate themselves. This represented an inc-
munications equipment, for example a router for connecting
to the Internet and other external communications, a switch
for the local area network, a firewall and occasionally some
additional systems for network security.
In other words, the computer or server room houses the
rease of almost 400 per cent
main office IT systems, and vast quantities of important infor-
in only a year.
mation pass through or are stored there. Therefore, physical
security has to be a consideration. The door to the computer
or server room must be locked, the room must not be used
for other purposes, and only authorised people with tasks
Switch
Firewall
Router
File Server
12
Email Server
Web Server
requiring access must be permitted to enter the room.
Another sensible security policy measure is to arrange for the
WIRELESS NETWORKS
cleaning of the computer room to be supervised and not be
carried out in the evenings at the same time as the rest of the
premises.
Never use pre-loaded settings.
Enable WEP (Wired Equivalent
Privacy, a security protocol for
Internet connection
External threats to information security really become an
issue when the internal IT environment is opened up to the
outside world. This is almost always related to connection to
the Internet so we will concentrate on this when looking at
what you can do. However, it is worth bearing in mind that
wireless local area networks)
and regularly change the
encryption keys.
Position the access points
centrally in the building.
Restrict the connection between
the same technology that is used on the Internet applies
the wireless network and the
equally in a sealed, internal company context.
ordinary network, and install an
Firewalls and antivirus software are the most important
components in protecting against external threats. If you
extra firewall.
Be wary of visitors – a palmtop
connect to the Internet without both of these protective
computer with WLAN is easy to
measures in place, you will be exposing yourself to entirely
lose.
unnecessary risks and may be putting your company’s very
Educate the users.
existence on the line.
Restrict physical access to the
A company wishing to connect its local area network to
the Internet can choose from a range of different services and
technical solutions.
access points.
Block and penalise unauthorised
access points.
Fixed digital line
A ‘fixed line’ is the most expensive but quickest way to
communicate externally. The service provides permanent
connection with fixed bandwidth. You can often specify the
capacity of the fixed line yourself – the faster the line, the
more expensive it is. Over the last few years the price of fixed
lines has fallen rapidly.
13
ADSL
ADSL (Asynchronous Digital Subscriber Line) is a collective
name for dialup data connections that utilise ordinary telephone lines for digital transmission but offer higher speeds.
ADSL does not have the same capacity in both directions. The
speed of data received is several times greater than that for
data transmitted by the user. This is well suited to the needs
of individual users, for example when surfing the web, where
significantly more data is received than is sent. However, your
company might not have the same requirements, for example
if you needed to upload a lot of large files.
ISDN
ISDN (Integrated Services Digital Network) is an older dialup
service that utilises ordinary telephone lines for digital transmission. A standard ISDN subscription gives you two channels
of 64 Kbps each. Two or more ISDN subscriptions can be
coupled in parallel, making them appear as a single connection
with higher capacity. ISDN is losing popularity today as ADSL
services are rolled out.
Modem
An ordinary telephone modem may be enough to provide a
single user with an Internet connection or remote connection
to the local area network at the office, but modems are slow.
Another reason to drop this old type of modem communication
is that it is becoming more expensive than modern digital
network services, particularly if a modem is used by many staff
who are connected for long periods of time.
14
Remote working
Remote working with computer support is becoming all the
more common, and this has been helped by by improved
communications. As remote working often requires opening
internal systems for communication with the outside world,
several important security issues arise that must be reviewed
thoroughly.
Generally it is difficult to maintain the same high level of
security at a remote PC as in the office. You need to reduce
exposure to security threats and the possible consequences of
remote working, rather than trying to emulate the protection
levels in place at the office. First and foremost, the amount
of important data saved and stored on a laptop or home
computer should be minimised.
The most fundamental consideration is that the computer
you are working from is in line with to the company’s security
policy as regards installed security technology. The type of
security you need depends on the type of remote working – do
you need access to the entire office’s IT resources, or do you
just need email? Are you using a laptop computer, or are you
working from a home computer?
15
SECURE REMOTE WORKING
Inform staff that the company’s security policy
also applies when working remotely.
Ensure that everyone working remotely has
the right technology installed on their
General precautions
• Be careful with confidential material;
• Do not allow other family members to use
your work computer;
computer. For remote working, it is essential
to have antivirus software, a personal
(distributed) firewall, and VPN functions
unlocked. Always ensure that the password-
allowing you to log on to the company’s
protected screensaver is on when you are not
network securely. Bundled solutions are now
using the computer;
available that comprise all this functionality
• Be especially attentive when you are in
(e.g. Symantec Client Security for Small
airports or hotels. Ensure that your
Business).
computer is out of sight and locked away;
Establish rules on how employees should
manage remote working, e.g.:
• Not working with company information on any
computer other than a work computer;
• All connections to the company network must
be via VPN;
•
• Never leave your computer unattended or
• If anyone steals your computer, immediately
inform the IT manager and your boss;
• If you download programs or files from the
Internet, check through them before installing
them;
• Do not install software that you do not have
The computer must be protected with both
a licence for. Check that the company has
antivirus and a personal firewall.
approved the program you want to install
before you do so.
16
Communication is a weak link whenever someone is working
away from the office. Dialup modem connections are still
commonly used to connect remotely. Often in an office,
several modems are connected in a group to the local area
network. A simple and effective measure for raising the
security level is call-back, where users first dial up and identify
themselves, and are then disconnected. The modem at the
office then automatically calls back the (approved) number
Did you know that...?
In May 2000, the LoveLetter
worm appeared. The worm
where the remote worker is located, after which work can
sent itself to the addresses in
begin. Modem traffic is also relatively simple to encrypt.
the MS Outlook address book.
Increasingly, modem traffic is being replaced by other,
higher capacity network services. The natural solution in
many cases is to use VPN technology (Virtual Private
Networking) to create secure connections over the Internet.
It overwrites files on local and
network drives, attaches and
hides files, and attempts to
This requires special software to be installed on each
download a Trojan to steal
connected computer.
passwords. LoveLetter managed to spread so successfully
Remote working on home computers
Home computers are often shared by the whole family. This
differing usage can cause problems, such as an increased
because users believed they
were receiving an email love
letter.
threat from viruses and intrusion. Therefore it is a good idea
to separate home and work computers completely at home too,
and this principle is becoming even easier to implement as
prices fall. However, those responsible for information security
cannot rely on such a principle entirely, as it is impossible to
check whether it is being adhered to.
It is often hard to set limits on what constitutes private use
– for example, there are few employers who would think of
banning short family email messages to and from the work
address. Nevertheless, every company asking its employees to
work remotely needs to put in and enforce some guidelines on
how its technology may be used.
17
Remote working on laptop computers
Remote working and laptop computers go hand in hand. An
increasingly common variant is for laptops to completely
replace desktop computers at the office, and for laptop
computers to connect to the office local area network using
docking stations at every desk. Docking helps to make a
laptop more comfortable to use by connecting it to a proper
keyboard and larger screen.
This is a practical solution, but also the most problematic
from a security point of view. Laptop computers are easier
to steal, can be lost, and expose the company to a far greater
risk of losing vital information than systems that remain
within the company’s four walls the entire time. Therefore the
18
requirement to backup data becomes even more important, as
does the need to work in a way that reduces risk. For example,
it may be possible that staff can connect remotely and work
on the server at the office the whole time. In this case, they
should save their files there rather than just on their own
computer. If this isn't possible, another possibility is to
synchronise the content of the local hard disk with the server
or with the PC at the office afterwards.
One alternative that provides a higher level of security
than laptop computers is to use removable hard disks, so that
only the hard disk needs to be taken out of the office.
Removable hard disks are less susceptible to theft and easier
to keep secure. Another type of portable data memory that is
quickly gaining in popularity is 'flash memory' that connects
to a computer's USB port. The rapid development of memory
chips with ever greater capacity means that they can now
store over a gigabyte in a format that easily can fit in a
pocket. Memory sticks have no moving parts and are therefore more durable than removable disks but there are security
implications. Portable memory must be scanned for viruses
and worms in the same way as other local and network drives.
19
20
Threats to Information Security
Who is a threat?
‘Hackers’ and ‘crackers’ are the two terms usually used to label
those involved in computer intrusion. However it is easy to use
the neutral term 'intruder' regardless of who is trying to get
into your systems.
Most intruders scan large parts of the Internet searching
for systems that are vulnerable. When they find them, they gain
entry very easily, regardless of whether it is to an international
organisation or a small mechanic’s workshop. Don't kid yourself
that you can avoid attack just because your company is small
and unknown. Everyone is affected to the same extent.
It is difficult to lump all intruders together, as they have
such disparate aims. Many intrusions are carried out more or
less for a laugh, or in any case not with the aim of damaging
the system itself. There are various examples of cases where
intruders have sabotaged the websites of well-known companies
or public authorities and replaced the home page with a web
page poking fun at the organisation for its poor security or
other alleged shortcomings.
Intrusions where money is the direct motive are uncommon,
but on the other hand, it is this type of intruder that can cause
the greatest damage to a company.
Information security is a matter of protecting against
internal threats just as much as against external ones. These
might include users who are authorised but who exceed their
authority and come across sensitive or valuable information.
21
Viruses
When information security is brought up, viruses always
enter into the discussion, but this was not always the case.
Viruses were a theoretical threat from the very beginning, but
there was a time when experts actually debated whether or
not what would become known as viruses could pose a real
danger to systems and networks.
However, the debate was concluded in 1984 when the
researcher Fred Cohen coined the very term computer virus.
He presented an experiment proving that harmful computer
viruses were a realistic possibility. According to Cohen, a
computer virus is a program that ‘infects’ other programs
by modifying them so that they contain a copy of the virus
program. In other words, it is a program that can reproduce
Did you know that...?
itself.
As early as the late 1980s, viruses were a nuisance factor
At the height of its spread,
for computer users. To begin with, they spread through files
the Blaster worm was infec-
on infected diskettes. In 1995, the first macro virus appeared,
ting as many as 2500 compu-
which exploited macro functions in common programs,
ters every hour. Worms are
spreading increasingly rapidly, resulting in overloaded
particularly the word processor Word. They spread through
infected Word files, and could infect users of both PCs and
Macintoshes.
When viruses began to be combated systematically by
networks, sluggish network
antivirus utilities, virus writers fought back by developing
traffic and blocked Internet
polymorphic viruses that alter appearance when they are
access.
copied. However, this problem was solved rather quickly.
Despite the fact that over 70,000 viruses have been created,
relatively few have actually succeeded in spreading and
infecting users. During these early days, they were often easy
to remove and as they spread slowly, it was not necessary to
update antivirus software more than once a week.
22
Worms
Today hardly any traditional viruses are released at all. Those
who used to write viruses have now turned to worms instead.
A worm is a program, similar to a virus, that spreads through
networks either locally or over the Internet. Worms can
spread without any human intervention between servers on
the Internet, and propagate by transmitting exact copies of
their malicious code to other computers, which is then run
automatically. Worms can appear in the form of blended
threats (see below) and in their simplest form they are not
destructive, but cause damage by overloading affected systems.
Most worms to date have spread via email and have
required active user participation by double-clicking attached
files. However, many worms now spread automatically by
exploiting known security loopholes. They are increasingly
exploiting instant messaging services such as MSN Messenger,
Yahoo Messenger, ICQ, Internet Relay Chat (IRC) and file
sharing programs such as Kazaa.
The spread of worms does not only affect the infected
companies. Sometimes the flood of worms is so great that
connection to the Internet as a whole can become extremely
slow.
23
Trojan horses
Trojan horses, or Trojans, are actually a type of hacker tool.
In contrast to worms and viruses, Trojans cannot spread
themselves. Just like the Trojan horse of mythology, Trojans
are not what they seem. They can take the form of ordinary
computer programs that appear useful or interesting, but
conceal malicious code. Often this disguise is so appealing
that the recipient is duped into accepting the Trojan or
someone will download the program themselves from the
Internet. Once in place, the Trojan can invite intruders or
perform operations such as opening a backdoor to the
Internet so that an intruder can take control of the system.
Many Trojans steal passwords or install code that copies every
stroke on the keyboard to a hidden file. This information can
then be sent to a hacker.
Other Trojans are designed to attack other people’s
computers using so-called Denial of Service (DoS) attacks.
If the attack is successful, the targeted computers become
overloaded and cannot communicate with other computers.
More and more Trojans now spread by being automatically
downloaded to a user visiting a web page. The page contains
hidden instructions that download the Trojan and start it on
the user’s computer without them noticing. All the user sees
is that they are reading a web page. It is therefore very
important for all users to have up-to-date antivirus programs
and personal firewalls.
24
Blended threats
By themselves, worms, viruses and Trojan horses can be highly
damaging, but combined they can wreak even greater damage
to servers, workstations and websites. These so-called blended
threats use a combination of mechanisms to achieve wider,
faster distribution and cause more serious damage. Usually they
consist of a worm or Trojan horse that also exploits security
loopholes in operating systems or other programs.
One of the best-known blended threats was the Nimda worm,
which in September 1999 spread to over two million servers and
personal computers in a single day. Blended threats spread much
more easily and faster than ordinary worms, as they require no
active participation by the user. All it might take is for you to
visit an infected website or for your own computer to be set to
preview email messages.
Another example of a blended threat was Blaster, which
appeared in August 2003. Blaster did not make use of email, but
scanned the Internet for computers that had not been ‘patched’
against a known security loophole in the Windows operating
system, and used this to propagate.
To counter blended threats, protection must be introduced
at several levels. A threat that targets several weak points
simultaneously cannot be dealt with by a single security tool.
Just having an antivirus program is no longer sufficient; you
should combine antivirus, firewall and intrusion detection
technologies to put a stop to the spread of such threats.
25
Email threats and junk mail
Most security threats on the Internet are spread by email. If
‘infected’ messages slip past security measures and end up in
your inbox, it is still relatively easy to deal with the problem.
It is simply a case of detecting the infected message and
deleting it completely without opening it, and above all not
opening files attached to the message.
Antivirus programs deal with email threats effectively,
both on the user’s computer and on the mail server, provided
that they are correctly configured and updated. If your
company does not have its own mail server but relies on an
operator or service provider for email handling, it is wise to
choose a service that scans all traffic to filter out viruses and
junk mail. Even if your Internet service provider has its own
antivirus measures, users’ computers should also have
antivirus installed, as infections can be spread not only
Did you know that...?
directly over the Internet but also via instant messaging or
downloaded files and programs from the Internet.
During the first half of 2003,
the number of attacks rose
have shown that over 50 per cent of all email communications
by an average of 19 per cent
today consist of junk mail. Programs and services are now
to 38 attacks per company
compared to 32 attacks per
26
A growing problem today is spam, or junk mail. Studies
available specifically to tackle junk mail, for example Norton
AntiSpam. The program uses tools such as lists of approved
senders (white lists), lists of known junk mail distributors
company during the same
(black lists), and knowledge of the way of typical junk mail is
period in 2002.
structured in terms of vocabulary and headings.
EMAIL USAGE
Do not open attached files in messages from
unknown senders
If you do not recognise the name in the ‘From’
field, do not open the attachment.
Check with the sender
If you receive an unexpected message, or an
unexpected attachment from a known sender,
it may contain a virus or malicious code. Many
worms are spread via the address book in email
applications. Such messages are often given
away by a strange subject line or the name of
the attachment. Often it is a humorous message
encouraging the recipient to view a picture or
read an attached text file. Always request
confirmation from the sender before opening
such messages or attachments
Check the entire file name of attachments
Hidden file name extensions can dupe recipients
into opening infected email attachments. Always
ensure that the email application displays all file
extensions of attached files. Viruses and worms
may be contained in files that appear on screen
as images, typically with the file extension .jpg.
These have a hidden extension such as .exe or
.vbs appended to the file name, which means
that the attached file is not an image at all but
a program that is run when the attachment is
opened.
Beware of false virus warnings
False virus warnings are also known as ‘hoaxes’.
This is a type of chain letter that leads users to
believe that they have received a virus and encourages them to forward the warning to everyone they know. Symantec Security Response
(http://securityresponse.symantec.com) features
up-to-date information on real security threats
as well as false virus warnings.
Do not open junk mail
Junk mail (spam) disrupts work and fills inboxes,
but can also be a threat in another way. Email
containing junk adverts can also be used to carry
viruses and worms. For the sake of security, you
should delete all advertising messages with unknown senders immediately without opening
them.
Disable message previewing
Many email applications are able to show the
contents of a message in a separate window as
soon as it is received, without requiring you to
click on the message in the inbox list. Even if
most security threats spread by email use
attached files, there are examples of messages
that can infect as soon as they are opened,
even if they are opened automatically. It is wise
to disable message previewing for the inbox in
your email application.
27
Internal threats
AVOIDING MISUSE OF
INTERNET AND IT RESOURCES
Employees also constitute a risk, as do other people who have
access to a company’s premises or data network. It may be
that someone is out to harm the company or steal informa-
Restrict access to network
tion, but more often than not the problem is down to sheer
services that are not needed
ignorance or to someone who shouldn’t have access to infor-
by everyone. Disable services
mation managing to get hold of it. It is therefore important to
and functions that are seldom
establish a firm foundation for the security regime by training
or never required.
Set out clear rules on how
employees. The combination of a straightforward security
policy, well-trained employees and good routines ensure that
employees are allowed to use
everyone can follow the guidelines. This reduces the risk of
the Internet for private use,
unintentional damage as well as that caused deliberately.
and ensure that all employees
are informed about the rules
in force and any sanctions
that will apply.
Ensuring internal information security requires, by and
large, the same measures as the general security regime.
Sensitive information must never be accessible to all staff,
only to those who need it.
Use content filtering to block
access to undesirable
material on the Internet.
Follow the official guidelines
Phishing
Phishing, a fairly new but rapidly evolving phenomenon,
on how employees’ Internet
uses social engineering techniques to attempt to steal
use may be monitored.
personal information, including bank and credit card details,
via email. Recently, many Internet users have been subjected
to phishing attempts, when they received email messages that
were designed to look as though they came from legitimate
organisations such as banks. Fraudsters employ various
techniques that make it impossible for people to see that
the Web links they are encouraged to click on lead them to
illegitimate Internet sites. Once at these sites, they are
tricked into answering questions that are supposedly from
the company, but that actually result in the customers
disclosing confidential information on their accounts to
fraudsters.
28
Misuse of the company's IT resources
Computers and the Internet are work tools and should be
treated accordingly. How can misuse be stopped, and what
measures should be put in place to help? Before tackling these
issues, it is important to ask yourself the opposite question:
whether and in what way an employer has the right to
monitor employees in order to discover misuse. This is the
most sensitive of all policy issues.
There are technical solutions for restricting Internet
misuse, which if correctly applied may reduce the need to
monitor employees’ use of the Internet. Internet misuse can
be prevented using content filters, which block access to
undesirable or unauthorised content and websites. Content
filtering functions are available in many firewalls, but are
not usually enabled by default. The disadvantage of content
filtering is that some legitimate content and websites risk
being blocked, and it is unrealistic to expect it to work without
certain ‘side-effects’ and irritation among users
29
30
Security Rules
Designing security rules
So many users have themselves been directly or indirectly
affected by security issues that dealing with these problems
has become an everyday task for them. For this reason, many
users now have a broad awareness of security issues that they
Did you know that...?
would scarcely have if the threats had been less common than
they are today.
In the average company, 9.5
For IT managers and bosses, this means that they can
million log files and alerts
expect an understanding of the security regime, and a willing
are generated each month
and informed staff. Security can never be satisfactory if all the
by firewalls and intrusion
effort goes into building up technical solutions and routines
that only affect managers and IT personnel. It is equally
detection systems.
important to have a good policy as well as a strategy to deal
However, on average only
with information security issues.
two threats are so serious
A successful security regime depends on management
realising that a functioning IT infrastructure is critical to the
as to require direct intervention..
business. It is the responsibility of management to decide on
a security policy that is:
• feasible to implement and for employees to follow;
• concise and easily comprehensible;
• well-balanced between offering sufficient protection and
maintaining productivity.
As every company is unique, there are no two sets of rules
that are identical, but the process of designing a successful
security policy can often be structured in the same way.
31
Seven steps towards an effective security regime
1. Identify and evaluate information resources
What information exists within the company? Where is it
located? What value does it have? What would happen if it was
lost? Only when you know the value of your information can
you determine the scope of the resources you should employ in
protecting it.
2. Identify threat profiles
Where is the potential security problem? Evaluate the likelihood
of an incident occurring, and what consequences this would
have. Threats can be both external and internal
• External threats – e.g. viruses, worms, Trojan horses, hacker
attacks, aggrieved former employees, industrial espionage.
• Internal threats – e.g. dissatisfied employees with knowledge
of or access to vital data. Staff who use email and the Internet
in the wrong way may also constitute internal threats.
However, you should not forget that the majority of incidents
are mishaps caused by sheer ignorance.
3. Assess the risks
Calculate the likelihood of an incident occurring and the extent
of the potential damage. Data loss, integrity problems, liability,
undesirable attention, lost confidence among clients, owners
and partners, as well as the cost of repairing security loopholes,
must also be evaluated.
4. Share areas of responsibility
In smaller companies, it is natural for management not only to
bear the ultimate responsibility, but also to deal with practical
security issues themselves. On the other hand, it is not obvious
that the IT manager is also the right person to direct the overall
security regime. Instead it is a good rule to distinguish between
32
the technical and the administrative responsibility. In slightly
larger companies, it may be appropriate to appoint a
SECURITY POLICY
contingency planning group with overall responsibility for
identifying potential threats against the company. Key
members would include the network administrator, the finance
manager, a legal representative, a member of the board, a
human resources manager and an information/PR manager.
Scope. What will the security
policy cover? What is not
covered?
Responsibility. Who bears the
main responsibility internally?
5. Establish the security policy
Formulate a policy in coordination with the company’s other
guidelines and rules, as well as the contract of employment.
These documents should therefore comprise specific information on networks, IT platforms, user responsibility and
organisational structure. This avoids having to revise the
entire policy to reflect changes to the organisation. The
changes can instead be made in the relevant documents.
Aim. What is the aim of the
policy?
Security regime parameters.
What security level will/should
the company maintain?
Support, coordination and
control. Who will carry this out?
How will it be carried out?
Security levels and protective
measures.
6. Implement the policy
The policy must clearly define who is responsible for security
as well as who owns specific systems and information. The
Rules and guidelines. Which
rules apply to employees/
managers, and how will these
be communicated?
vital components in implementing the policy are:
Information and training.
• Compliance – establish a process to ensure that the policy is
Rights and obligations for both
adhered to and be clear on the action that may be taken if
someone breaches or ignores the policy.
• Responsibility – designate a person responsible for IT
security.
• Financing – ensure that the budget allows the security policy
to be followed.
users and system administrators.
Contingency planning. What
happens when the alarm sounds
and the contingency is realised?
Who is responsible for what?
What routines are in place to
mitigate the damage?
Annual review. Does the policy
7. Follow up and monitor the policy
All staff have a responsibility to comply with the policy and
need updating? What requirements have changed? How well
is the policy being observed?
consequently it must be read by everyone. The policy should
also be updated regularly to reflect changes to the organisation
or culture.
33
Contingency plan
It may be hard to imagine the worst possible scenario, precisely
because the assumption is that the risks of a real catastrophe are
very small indeed.
However, such a conclusion is often based on wishful thinking.
Assume for example that the company suffers a break-in and all
the computers are stolen – a scenario that is not at all improbable.
The aim must be to restore normal operations as quickly as
possible; in order to achieve this, good preparation is essential.
A contingency plan will therefore be closely linked to the
company’s information security policy.
Faults and computer crashes, both system- and networkrelated, affect all companies sooner or later. Fortunately most
of these disruptions are slight and short-lived, and are generally
resolved by normal servicing and support measures. But if
important data is lost or vital systems are down for longer
periods of time, business operations are affected more directly.
The break-in example demonstrates that even a small company
Did you know that...?
needs to prepare itself for an acute crisis situation. Larger
companies prepare for contingencies by putting backup solutions
The number of cases of
system standing by to take over at short notice if the worst
‘backdoors’ to IT systems
actually happens. Such solutions are however seldom available
increased by almost 50 per
for a small office, or would incur costs that could not be justified.
cent during the first half of
2003. The most remarkable
First and foremost, effective contingency protection requires
good backup routines. Therefore planning should not only
require regular backups to be made, but should also test data
attempt to steal confidenti-
restoration from backup copies. The process of restoring the
al data was Bugbear.B,
contents of the systems can also be simplified by so-called image
which specifically targeted
management. This entails measures such as saving copies of
banks and financial institutions.
34
for IT operations in place, which involve having a complete
malicious code that opens
the entire contents of hard disks. In a crisis situation you can
save a lot of time by restoring the system from this copy rather
than having to install all the software from scratch.
Companies can also outsource as much work as possible relating
to the operation of vital systems, leaving as little as possible in
terms of sensitive computers and data on their own premises.
CONT
INGE
NCY P
LAN
For example, a small company would do well not to have its
own web and email servers, but to purchase these in the form
of services from operators, web hotels or other consulting
firms. More and more of the most common IT systems can be
rented. The suppliers in this new service market are normally
called ASPs (Application Service Providers). They offer a broad
spectrum of services for such applications as financial control,
customer care, payroll and many more.
CONTINGENCY PLAN
• Set up a crisis group comprising representatives of the various departments of the company: finance, human resources, management, IT,
information/PR (the same working group as for
security policy; see page 33).
• Establish the aim of the plan. Is the aim to
protect certain information or other resources?
Is it to maintain certain business processes? An
understanding of the over-riding objective will
help the IT department to devise a strategic plan
determining the priority of the resources to be
protected.
• Carry out a complete inventory of the IT
tools, resources and tasks required to maintain
business operations and preserve the critical
functions as outlined in the strategic plan.
• Perform a risk analysis. Assess the financial,
technical, legal and operational harm that
could be caused by a security incident. The risk
analysis should include consequential damage
to customers and the company. You should
also analyse specific security threats and the
damage these can cause to the various departments.
• Draw up an action plan. Examine scenarios
involving various security threats and the
effects these would have. For each scenario,
determine who should be involved, responsibility, any costs incurred, etc.
• Plan B. Even the best contingency plans have
their shortcomings. Try to identify these and
develop alternative solutions.
• Communicate the plan. The plan will only be
effective if employees know and understand
both the plan and their role in it.
35
THE ACTION PLAN
The contingency plan will vary depending on
• Service providers and partners. Security
what type of security incident arises.
should be a vital component in every contract
For example, a virus attack might affect the
with suppliers and partners, especially if you
company’s operations in a different way to a
share information through an extranet or have
DoS attack. As there are many different security
a VPN connection between the companies.
threats, the plan should be flexible. All plans
IT should assess how a security breach in a
should nevertheless include the following:
partner’s/provider’s network would affect the
• Loss of data/information. This may be
caused by power cuts, viruses, hackers, etc.
company.
• IT resources. If a security incident occurs,
Prepare by backing up information on systems
IT may need to take on extra personnel. Be sure
and the network. Ensure that a policy is in
to identify in advance consultants that can be
place for the person responsible for performing
called in.
backups, including the type of media to be
used and how often they are to be carried out.
• Hardware backup. Companies that have their
own servers may require backup servers if
anything should happen to the primary server.
A backup power unit or UPS is an important
component of any contingency plan.
• Press. How will you deal with questions from
journalists? Who will comment on the matter?
Draw up a strategy.
• Budget. An incident may incur expenses over
and above what is included in the normal
budget. Clarify who determines whether a
situation is a contingency and can therefore
approve the use of the funds set aside.
36
Training staff
STAFF
TRAINING
Many security problems are the result of carelessness,
ignorance, or human error. The security policy, regardless of
how well formed and comprehensive it is, will only work in
practice if it is known to and complied with by the people it
affects.
It is a good idea to split training into a general module
Remember to say why, not
just how. By explaining a
problem and providing a
dealing with issues affecting everyone and another module
solution, it will be easier
that informs staff more specifically how they should use the
for the users to take in the
security utilities available. This requires particular contribu-
information.
tions on the part of those who will be taking administrative
Repeat the training several
responsibility, such as assignment of user rights, operation of
times. Explain important
firewalls, backup management, etc.
points and precisely why
Carrying out training internally in the form of a seminar
or classroom course underlines the importance of the security
they are important.
Draw up a checklist of the
issues, and will build up an awareness of security that is
most important points in the
based on, and also strengthens, staff loyalty.
security policy and display it
It is a good idea to spread the training over time. This
at strategic points (drinks
emphasises the fact that the company is operating an ongoing
vending machines, lifts,
security regime and that awareness among employees is as
etc.).
important next year as it is next week. Changes to systems
Make reference cards for all
and operations may also provide grounds for new training,
employees that they can
as well of course as new staff joining.
have to hand at their desks.
Ensure that the IT security
policy is accessible for
everyone.
37
38
Protection against Data Loss
UPSs and backup power
UPS stands for Uninterrupted Power Supply. As a minimum,
all systems with servers should have a UPS. It protects the
system and data from damage in the event of a power cut.
The unit contains batteries that cut in and supply the server
with power. A single UPS unit is designed to provide backup
power for at least 30 minutes, which is sufficient time to allow
the system to be shut down in a controlled manner. For longer
periods of backup power, a larger unit is required.
A UPS device should not be confused with a backup
generator that can run computers continuously during a
power cut. This requires a ‘mini-power station’ that is usually
driven by diesel generators, a very costly solution that is
normally only accessible to large computer centres. The cost
of a UPS unit is within the reach of most companies, with
prices ranging from a few hundred pounds.
Backup routines
Technology is seldom of particular importance for a good
backup solution. Performance only becomes a factor that
needs to be taken into account if you have very high demands
for accessibility or unusually large volumes of data in relation
to the size of the company. The most important thing is to
design good backup routines. You can either perform a full
backup copy (of programs and data) or only back up data files.
The advantage of performing a full backup is that you can get
back on your feet quickly after an incident, and that you
39
maintain any settings you may have changed in programmes
since they were installed.
Managing daily tape changes is a simple task, as is checking
the backup log to see whether the process is working normally.
Responsibility for the backup routines should therefore lie with
the IT manager or a specialist. However, you should remember
to regularly test whether you can restore content from the
backup copy.
Backups
Backups are a fundamental tool in ensuring information security.
Backups are simple to set up and do not incur any prohibitive
costs. A network server always has space for a backup device
BACKUPS
Designate someone responsible for performing
backups.
All vital changeable data should be backed up
daily.
Make backups both on servers and on users’
hard disks.
Regularly test whether information can be
restored from the backup copy.
40
Ensure that you have an ‘image’ copy
(a complete copy of the content) of all hard
disks available. This vastly simplifies the task
of restoring the content and getting started
again following a computer crash or theft.
An ‘image’ copy also saves all settings you
have made to the operating system since
installation.
to which data can be copied, partially from the server hard
disk and partially from users’ computers via the local area
network. Backup devices usually consist of a tape station with
cassettes. Currently the most common types of tape are DLT
(Digital Linear Tape) and DAT (Digital Audio Tape). DLT is the
optimal technology. For greater capacity, robotic tape libraries
are available with space for several cassettes that are changed
automatically.
At the lower end of the backup scale are ordinary
CD-ROMs. Even relatively simple personal computers are
equipped nowadays with built-in burners for CD-ROMs or
DVDs, which are excellent for backing up personal data, and
sometimes also for smaller businesses. However, you should
bear in mind that home-burned CD-ROMs are quite sensitive.
Unlike recorded discs you buy in the shops they have no
protective coating on the recording surface. Ordinary tap
water may be enough to damage the surface.
41
42
Protection against Intrusion
and Malicious Software
Firewall
All connections to the Internet need to be protected by a firewall. A firewall should be used where you have an internal
company network that is connected to the Internet or to
another external network out of your control. However, you
do not normally need a firewall with a company network that
only consists of fixed connections between different devices,
even if such a network uses the same communication
technology as the Internet. It is always essential to configure
the firewall correctly.
A firewall enables you to control and regulate what data
Did you know that...?
In April 2002, the Klez
worm was discovered. It
spread itself via an attached file in an email mes-
traffic is permitted to be exchanged between two networks,
sage to addresses in the
or between an individual user and an external network. In a
Windows address book,
company it is normal to place the firewall between the office’s
local area network and its Internet connection. The main task
of the firewall is to protect the company from external threats
the ICQ database and local
files. The email message
such as intrusion by hackers, but it can also be used to
arrived with a randomly
restrict the way in which staff and their computers are able
generated subject line.
to communicate with the outside world.
You should also bear in mind that mobile users, home
workers and staff connecting to the Internet from a hotel etc.
need a software firewall on their computer, as the company
network firewall cannot protect them outside the network.
The term ‘port’ is closely associated with firewalls. Here it
is important to differentiate between physical ports, such as
connections for network cables or printer cables, and virtual
ports. A virtual port may be compared to a channel in the
network reserved for a certain type of traffic. Each computer
43
has 65,536 virtual ports. You could compare a computer to a
telephone exchange in which each type of traffic has its own
connection. For example, port 80 is used for Internet traffic,
ports 25 and 110 are used for email, port 21 is used for file
transfer, and so on.
The role of the firewall is to close all ports that are not
needed. It monitors the ports and determines which ones
should be open. Various rules allow the traffic to be filtered
and prevent unauthorised incoming traffic. The firewall
notices if an outsider attempts to connect to an open port or
tries to open a port that is already closed, and warns the
security manager of activity that appears abnormal.
Did you know that...?
The W32.Blaster worm only
infects computers running
Hardware-based and software-based firewalls
Firewalls can be either hardware-based or software-based.
Windows 2000 and XP. The
The most common are software-based ones that are installed
Welchia worm is unique in
and run on an ordinary computer dedicated to this purpose.
that it appears just to attempt
No other programs should be run on this computer, as this
to protect systems against
Blaster by downloading a
dramatically increases the risk of intrusion.
A hardware-based firewall is a standalone device that
works more or less straight out of the box. Home users with
patch from Microsoft.
broadband connections for example can obtain a combination
However, it also opens a
firewall and cable modem/ADSL router. There are also fire-
backdoor on the infected
walls currently available with a range of extended functions
computer, and results in
denial-of-service attacks for
many companies. There is no
such thing as a good worm!
integrated into a single device; intrusion detection, content
filtering, virtual private networking and virus protection.
One example of this type of integrated firewall is Symantec
Gateway Security.
On individual computers, personal firewalls should be used
(in company environments these are also called distributed
firewalls). Personal firewalls run on ordinary user computers
44
that can also run other applications in parallel. These work in
a different way and must not be confused with the common
firewall that protects the entire local area network. An
example is Norton Personal Firewall, which is also available
as part of Symantec’s Norton Internet Security software.
A personal firewall is required when connecting the computer
to the Internet outside the office network, as it is no longer
protected by the company network firewall.
Firewall principles
The simplest form of firewall uses packet filtering. Data sent
over a network is divided up into lots of tiny pieces known as
packets. Each packet begins with information known as the
packet header that the network needs in order to transport it.
A firewall that uses filtering at the packet level only checks
the information in the data packet header in order to control
access to the network. Unfortunately, this is not such a secure
method, but has been used for many years as it permits high
transmission speeds.
Another important function of firewalls is Network
Address Translation (NAT). To allow users sitting behind the
firewall on the office local area network to communicate with
the Internet, they are allocated an external (public) Internet
address. Behind the firewall they use totally different network
addresses between themselves. Translation ensures that the
entire local area network is ‘hidden’ behind a single address
allocated by the firewall. All the users on the local area
network then appear to other systems on the Internet as if
they are all on the same computer. However, NAT is only
one component of a complete firewall and on its own does not
provide a satisfactory level of security.
45
The current trend is to have more advanced firewalls that
monitor applications, known as ‘proxy firewalls’. In this
context, the word proxy is used to mean ‘substitute’. A proxy
is a computer or program that assumes tasks from another
computer. A proxy firewall takes over communication with the
Internet for all computers that are connected to it, so that
users cannot communicate directly with the Internet, but only
through a proxy.
Whichever firewall you use, it is essential that you check
the logs that it generates. As this requires a great deal of
knowledge, it is common to delegate this to specialists. One
good option is to have the firewall monitored continuously by
a third party with expertise in this area in precisely the same
way as an alarm company monitors the burglar alarm.
Antivirus
Obtaining an antivirus program is often the very first security
measure taken by home users and companies alike. Virus
protection should cover the Internet connection, all servers
and all workstations.
An important characteristic of an antivirus program is that
it must be able to adapt to a threat profile that is constantly
changing. Every day new threats such as worms, Trojan
horses and viruses appear on the Internet. Even though
modern antivirus protection is often able to detect new threats
directly, the risk of infection is reduced if the antivirus
program is able to compare a suspected threat against
definitions, which is a sort of digital fingerprint designed by
the providers for every new threat that is discovered. New
definitions and other information that assists in stopping new
threats can be automatically downloaded to the antivirus program via the Internet in order to update the user’s protection.
46
More than 100 new threats are discovered every week. The best
level of protection therefore requires the virus definitions to be
updated very regularly, at least once a day. In addition, it is
advisable to schedule complete system scans for at least once
a week.
Intrusion detection
An intrusion detection system (IDS) monitors and analyses
network traffic in order to discover whether an intruder has
broken in to the system or whether it is being misused by users
within the organisation itself. The intrusion detection system
takes over where the firewall stops and monitors traffic in a
broader context. This would be the case, for example, if a large
number of connection attempts are made against different
virtual ports on a computer. This is a sign of port scanning,
a classic way of mapping an unknown system. If this were to
happen, the intrusion detection system would discover what
is happening in good time and warn the person responsible.
An intrusion detection system can either be run as a program
on the machine to be protected (host-based IDS) or on a standalone device that monitors all network traffic (network-based
IDS). There is nothing to stop you using both variants in parallel,
but the most common option is to use network-based IDS.
The most common type of intrusion detection is based on
the system being able to recognise and anticipate attacks. The
other common basic principle is statistical intrusion detection
that differentiates between normal and abnormal traffic and
generates an alert when traffic deviates from a certain pattern.
Did you know that...?
Sobig is a mass-mailing
network worm that sends
itself to all email addresses
it finds in certain files. Sobig
also releases confidential
information, and in some
cases steals system information such as passwords.
Just as with firewalls, intrusion detection systems must be
Sobig is unique as it shuts
monitored and their logs analysed, otherwise the systems serve
itself down after a certain
no purpose. In order to be able to detect real and dangerous
amount of time.
intrusions, you will also have to analyse large amounts of false
47
messages. Just as with firewalls, for this reason it may be wise
to delegate this task to a specialist who can also take care of the
intrusion detection system around the clock. The optimum level
of security can be obtained by monitoring both firewalls and
IDSs, and comparing the information from both these security
systems.
One problem with intrusion detection systems is that they
can be triggered by all network events if they are not configured
correctly. Therefore time is well spent carefully configuring the
intrusion detection system to prevent false alarms.
User IDs and access control
In exactly the same way that you need to keep check of who has
permission to enter the company’s premises, you will naturally
also want to control who has access to your data systems and
deny entry to unauthorised users.
All computer systems in normal offices have integrated
functions to control access to programs and data. Users are
allocated identities and passwords that have to be entered in
order to access server contents, network services or to be able
to run a specific program. Common operating systems such as
Windows and Unix provide you with a comprehensive set of
options to control individual users’ access rights. It is part of
the IT administrator’s job to allocate these rights.
Even this aspect of the job involves many things that can be
done to raise the level of security, beginning with not assuming
that all users should have the same rights, but allocating rights
according to the demands of their work. You have to be aware
both of the existence of such options and that a certain amount
of effort is required to benefit from them.
Most companies and public authorities make do with the
access control options that are offered as standard on their
48
chosen IT platform. But particularly in larger companies and
offices in which computers are accessible by the public, these
options are reinforced by separate user identification systems.
Such solutions often utilise smartcards that frequently double
as personal ID and pass cards for staff. Every workstation is
then equipped with a card reader that only allows the computer
to be used if an ID card is inserted in the reader and the user
has entered the code associated with the card. The system also
comprises a central program in which every user’s identities,
passwords and rights for various systems are stored.
For users, a separate system for access control is a practical
solution as it avoids them having to maintain lots of different
user identities and passwords – all the services a user has
rights to can be connected automatically.
Encryption
Perhaps the most important reason to use encryption is
because it provides ‘theft protection’ for information. Lost and
stolen computers are rarely recovered, but valuable information
is not lost if it has been backed up and the thief cannot access
it. Encryption is a classic method of protecting sensitive data,
preventing everyone except authorised users from accessing
it in plain text. The advent of computers has made encryption
easier, but at the same time it has become far simpler, to crack
the encryption.
Most computer systems and networks therefore use
encryption sparingly. Passwords are usually stored in encrypted
form as standard, but not much else. The main reason is
financial, partly because the encryption technology itself
costs money, and partly because it requires a good deal of
administration. If there is a problem with the encryption
software, this could mean loss of data and working time.
49
Making more extensive use of encryption has long been
impractical for most companies, and it has generally only
been used by the military, banks and financial institutions and
within other organisations with a similar requirement for
secrecy. However, encryption is a quite realistic option. For
example, programs are available that can continually encrypt
the contents of a hard disk on a personal computer at relatively
low cost. Encryption of email is also a common measure that
can be implemented with easily accessible and relatively userfriendly tools.
Antivirus software and encryption software may have
certain compatibility issues as they often have to access the
same computer resources. In principle, if the encryption
software becomes infected by a virus, it may be impossible to
clean the program
Digital signatures
These are a special form of encryption, which are used in
e-commerce and business transactions on the Internet.
A digital signature performs the same function as an ordinary
written signature. A digital signature in an email message
guarantees that it has been written and sent by the person
Did you know that...?
stated as the sender, and that the message has not been tampered with or damaged during transmission. Using Public Key
Every week over 100 new viru-
Infrastructure (PKI) with one private encryption key and a
ses and some seventy new sof-
one public one, digital signatures can also be used to encrypt
tware security loopholes are dis-
and sign emails sent between users that have never been in
covered.
prior contact with each other.
50
Passwords
PASSWORDS
Most computer users require several passwords – one for
email, one for the accounting system, one to log in to their
computer, and so on. Many people have a dozen or so pass-
A strong password:
words, and keeping track of all their user names and pass-
consists of a combination of
words can be a problem. The challenge in creating a strong,
lower-case and upper-case
hacker-proof password is to make the password as difficult as
characters plus digits and
possible to guess without making it impossible to remember.
symbols (an S can be
swapped for the symbol $,
Avoid vulnerable passwords
Once you have created a strong password, make sure that you
and O for a zero, etc.);
is at least eight characters
keep it as safe as possible. Never email a password to anyone
long (the more characters a
and never disclose it to anyone who asks, even if that person
password contains, the more
works for the company. The IT manager should already have
difficult is it to steal or crack
access to your systems. Never use a password that you use
using a hacker tool);
within the company’s systems when you enter a password on
the Internet. Changing back to an old password only increases
is easy to remember and
must never be written down;
the risk to which you are exposing yourself.
should be changed regularly;
• Never use names or numbers that can be associated with
is only used for one service
you, such as birthdays, nicknames, telephone numbers or
or system. Create different
addresses.
passwords for each account
• Never use your user name as a password, in any form.
or user identity.
• Do not use your own name or that of a family member or
pet.
• Never use the word ‘password’.
51
Tips for remembering passwords
Passwords should always be memorised, never written down.
• Form an acronym by thinking of the chorus from a song and
taking the first letter of each word.
• Choose two short words that have nothing to do with each
other and combine them using symbols or digits, e.g.
‘moss9table’ or ‘quick!carpet’.
• Use a common phrase but replace ‘o’s with zeros, ‘i’s with
ones, etc.
• Use upper-case and lower-case letters in combination with
digits and symbols.
Utilities for storing passwords
If it becomes difficult to keep all your passwords in your head,
utilities do exist for managing them in a secure way:
• Software.
A utility allows you to store all your user identities and
passwords, all of which can then be accessed by entering a
single password that you have to memorise. One example
of such a tool is Norton Password Manager from Symantec.
• Hardware-based access control systems
In larger companies and public authorities, it is common to
have access control systems that use smart cards to identify
users.
• Web services for storing passwords
There are many services available on the Internet that allow
you to access your saved user names and passwords. Many
also offer 128-bit encryption. The limitation is that the
services can only be used to log into websites and systems
with a web browser interface.
52
SECURITY ADVICE FOR OFFICE COMPUTER USERS
Use strong passwords. Never disclose
Do not disclose personal information on
your password, and ensure they are strong.
unsecure Internet pages. Be wary of dis-
A strong password consists of at least 8
closing personal and sensitive information.
characters and contains a mixture of letters,
Only disclose sensitive information on secure
digits and symbols. Do not use easy-to-guess
web pages (indicated by a padlock or key in
words.
the web browser window).
Use virus protection, and never disable the
virus protection installed on your computer.
Never leave your computer logged on when
it is not in use. Shut your computer down at
the end of your working day.
Do not open unexpected or suspicious email.
In particular, do not open files attached to
suspicious messages.
Never forward virus warnings and chain
letters you receive by email. Virus warnings
are often false and can be recognised by the
fact that they encourage the recipient to
forward the message to everyone they know.
Ensure you make backups of your important
files. Inform the system manager if you
notice anything usual with the automatic
process.
Take care of your laptop computer. Do not
leave it unattended in public, visible in your
car or in any other place that makes it easily
accessible to thieves.
Remember to update the software on your
computer. If the provider discovers a
security bug in the software, they produce
a ‘patch’ that fixes the bug when installed.
Many software applications today have an
automatic search feature for new updates;
Enable the security settings in your web
ensure that it is enabled.
browser. Do not permanently disable security
controls just because individual websites
require you to in order for them to work.
53
Virtual private networking (VPN)
Did you know that...?
In January 2004, Brightmail
A Virtual Private Network (VPN) refers to the use of a public
network such as the Internet for constructing a private network
for a company. The fact that VPN technology is based on encryp-
calculated that 60 per cent
tion makes it very secure and means that private traffic is effec-
of all email was junk mail, or
tively separated from other parties sharing the same
spam. The most frequent
infrastructure. From the very beginning, VPN has mainly been
type was product offers,
a solution for larger companies with large traffic volumes and
closely followed by financial
offers and pornography.
their own personnel to administer it. However, many operators
now offer VPN services that are also aimed at smaller companies.
A company with two offices in different locations can, for
example, use a VPN solution to link the local area networks of
the respective offices instead of leasing fixed lines between the
offices. Traffic then passes over the Internet through a secure
‘tunnel’. By delegating monitoring to the operator, it can also
be a practical solution from an administrative point of view.
A virtual private network also functions as a secure solution for
staff who need to connect to the office local area network while
working from home or on a business trip.
54
55
VULNERABILITY ANALYSIS
It is important to begin by determining the
perform the analysis is available internally or
will be used for. Do you want to find out
whether external help is required.
whether there are vulnerabilities in the
systems, or whether you can gain access to
critical systems, or do you want a full security
report?
Next you need to select a method. To check
whether there are vulnerable systems in the
network, it may be sufficient to perform a
vulnerability analysis using a software utility.
If you want to know whether it is possible to
gain access to the company’s critical servers,
you could hire a consultant to perform a
penetration test. If you want a total review of
security to certify the company according to a
security standard such as ISO 17799, you
should get the help of a consultant who will
help you establish guidelines and plans for
the certification.
56
Determine whether the knowledge required to
scope of the analysis, and what the results
Establish a plan for how the analysis will be
carried out, who is responsible for it and who
will supervise the follow-up work.
After performing the analysis, ensure that you
study the results carefully and take steps to
improve any weak areas identified.
Vulnerability analysis
A company should not be content with installing a range of
VULNERABILITY TEST
USING SOFTWARE
security products, but should also obtain clear confirmation
that they have good protection in place. This can best be done
through a vulnerability analysis.
In a full vulnerability analysis, all imaginable settings are
checked relating to access to systems, data and resources, as
well as configurations that might lead to problems. Many
A tool used for vulnerability
analysis should do the
following:
Test the entire network for
companies perform vulnerability analyses using a scanning
security loopholes and advise
tool that can look ‘in depth’ into a network and expose
on how they can be blocked.
weak points. The scanning tool can test factors such as the
Examine multiple operating
network’s sensitivity to known vulnerabilities in operating
systems, including Unix,
systems, applications and passwords. It can also use advanced
Linux, Windows and NetWare.
tracking methods that attempt to recreate the steps that an
intruder would have to take in order to discover and exploit a
network vulnerability.
You can also choose to perform a ‘penetration test’, which
Keep itself up-to-date with
the latest security warnings.
Present the search result
graphically and detect the
involves selecting parts of the network and simulating an
sources and causes of
attempted intrusion to check whether it is possible to gain
vulnerabilities.
access to the systems.
Produce reports that can be
adapted for various target
groups.
57
58
Security Products for Small
and Medium-Sized Companies
These icons are used in the following section to show the
products required for optimum security.
Remote
File Server
Desktops or notebooks
outside the office
The company's
information storehouse
where important files
and programs are kept
File Server
Remote
Desktop
Internet
Access to a multitude
of virtual worlds
Individual computers,
which can be linked via
a network
Gateway
Internet
Desktop
Mail Server
Gateway
Your single channel on to
the world wide web
Mail Server
Your communication hub
with lots of information
coming in and going out
59
Antivirus
What? Software that identifies and eliminates damaging sofRemote
tware or macros.
File Server
Where? Workstations (laptops and desktops), server, gateway.
When? If the computer is in contact with external factors, i.e.
if it communicates via the Internet, has a
Internet
Gateway
CD-ROM that is in use, sends or receives email,
Desktop
Mail Server
or has a floppy drive.
Why?
To protect the computer against malicious code,
worms and Trojans.
Firewall
What? Available in both hardware and software form.
Remote
File Server
Protects the local area network from intrusion via the
Internet by filtering data traffic and restricting the
accessibility of network services to computers behind
Internet
the firewall.
Gateway
Desktop
Where? Workstations (laptops and desktops), gateway.
Mail Server
When? For all types of network, both internally and externally.
Why?
To protect against intrusion and unauthorised access
to information.
Personal firewall / distributed firewall
Remote
File Server
What? Software firewall installed on the user’s computer.
Where? Workstations (laptops and desktops).
When? When the computer communicates via the Internet
Internet
and is not protected by the network firewall.
Gateway
Desktop
Mail Server
Why?
To protect you from intrusion and give control over
which programs and services can communicate on your
machine.
60
Intrusion detection
What? Available in both hardware and software form.
An extra layer of security that examines the content
Remote
File Server
and behaviour of Internet traffic in order to search
for malicious code or attacks.
Where? Workstations (laptops and desktops), server, gateway.
When? When you want a better overview of your network
Internet
Desktop
Mail Server
and be able to see what is happening.
Why?
Gateway
If you want to protect a special server/service that
requires greater security.
VPN
What? Software installed on the user’s computer and used
to create a secure ‘tunnel’ for traffic between a
Remote
File Server
remote worker and the local area network. Often
included with hardware and software firewalls.
Where? Workstations (laptops and desktops), gateway.
When? When you want to access the company network
Internet
Gateway
Desktop
Mail Server
from the outside.
Why?
To prevent unauthorised parties from viewing the
information passing between your computer and
the network.
Encryption
What? An effective way to protect data from unauthorised
Remote
File Server
access by means of controlled scrambling, using an
encryption algorithm.
Where? Workstations (laptops and desktops).
When? Whenever you send sensitive information by email.
Why?
To protect sensitive information from theft or being
Internet
Gateway
Desktop
Mail Server
read by someone who should not read it.
61
SSO, Single Sign-On
What? Removes the need for a user to use several passwords
Remote
when switching between applications. The user can
File Server
enter a single name and password to gain access to
multiple applications or to a number of resources
within a company.
Internet
Gateway
Desktop
Mail Server
Where? Workstations (laptops and desktops), server, gateway.
When? When you want to simplify password administration.
Why?
To reduce the number of passwords needed.
Content filtering (Internet and email)
What? Filters traffic over the Internet / via email.
Remote
File Server
Where? Workstations (laptops and desktops), server, gateway.
When? Content filtering can be used to regulate the use of
the Internet internally, or to prevent sensitive infor-
Internet
mation leaving the company.
Gateway
Desktop
Why?
To regulate non-job-related Internet traffic in order to
Mail Server
increase bandwidth capacity and prevent sensitive
information leaving the company.
62
63
INTEGRATED SECURITY
VIRUS PROTECTION
Symantec™
Client Security
Business Pack*
Symantec™ Client Security Norton Internet Security™
Small Office Pack
with Groupware Protection
Business Pack
Norton™
Personal Firewall
Small Office Pack
Norton
AntiSpam™
Small Office Pack
Firewall – intrusion protection
against hackers
Norton AntiVirus™
Small Office Pack
Symantec AntiVirus™
Business Pack*
Symantec AntiVirus™
with Groupware Protection
Business Pack
Symantec AntiVirus™
Multi-Tier Protection
Business Pack*
Removes viruses automatically
without interrupting your work
Scans and cleans email
Privacy protection
– blocks confidential information
from being sent
Blocks new script-based viruses and prevents
worms from spreading
Protects against new viruses
with automatic updates
Stealth mode – makes PCs
invisible to other Internet users
Ad blocking
Scans and cleans
instant messages
Filters spam and unwanted
email content
Virus protection for desktops
Virus protection for servers
Content filtering
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Controls workgroup Internet access on a
small network
Virus protection for SMTP gateways
Virus protection for desktops
* Also available via the Value License Program
Virus protection for servers
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Updates automatically
to protect against new threats
* Also available via the Value License Program.
SECURITY APPLIANCES
PROBLEM SOLVING
SymantecTM Gateway Security 320
Firewall
Virtual Private Networking (VPN)
SymantecTM Gateway Security 360 and 360R
Stateful firewall that inspects at the IP and circuit layers
Gateway-to-gateway,
client-to-gateway and VPN-passthrough
Gateway-to-gateway, client-to-gateway and
VPN-passthrough 360R - includes 10 client-to-gateway licenses
Norton™ SystemWorks Premier
Small Office Pack
Supports encryption using DES, 3DES and AES.
IPsec
Intrusion prevention
Gating - blocks a specific detected event from passing through the firewall
Intrusion detection
Signature-based intrusion detection
Antivirus protection
Antivirus policy enforcement - appliance constantly queries network entities and remote users
to ensure antivirus is running and blocks or warns if not
Content filtering
Removes viruses automatically
without interrupting your work
Two user-definable URL lists (allow and deny), maximum of 100 entries each
Restores your PC to its
previous working state
Antispam
Standalone web-based management
High Availability
Scans and cleans email
Blocks new script-based viruses and
prevents worms from spreading
Yes
Yes
via external modem
via external modem or second WAN port
Monitors your PC continuously to
identify problems before they occur
Wireless access point security
Maximum recommended users / nodes
Maximum firewall throughput
VPN (DES, 3DES, AES) and WEP
VPN (DES, 3DES, AES) and WEP
50
100
55 Mbps
60 Mbps
Removes old software applications
and other unneeded files
broad range of software, appliances and services designed to help
individuals, small and mid-sized businesses, and large enterprises
secure and manage their IT infrastructure. Symantec's Norton
brand of products is the worldwide leader in consumer security
and problem-solving solutions.
Headquartered in Cupertino, Calif., Symantec has operations
in more than 35 countries. More information is available at
www.symantec.com.
IT Security for Small Businesses
Creates backup disks, restores files quickly
and clones one hard drive to another
Stores confidential passwords
and credit card numbers
Symantec is the global leader in information security providing a
▼
Optimises file storage
Load Balancing and throughput aggregation via dual WAN ports
Load Balancing
Prevent unwanted
access by intruders
About Symantec
IT Security for Small Businesses
Intrusion detection
Unfold this section to find out about Symantec's IT security products that can help to protect your business
Compare Symantec's IT security solutions to find which one
best suits your business.
Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation.
Copyright © 2004 Symantec Corporation. All rights reserved.
All product information is subject to change. 09/04
INTEGRATED SECURITY
VIRUS PROTECTION
Symantec™
Client Security
Business Pack*
Symantec™ Client Security Norton Internet Security™
Small Office Pack
with Groupware Protection
Business Pack
Norton™
Personal Firewall
Small Office Pack
Norton
AntiSpam™
Small Office Pack
Firewall – intrusion protection
against hackers
Norton AntiVirus™
Small Office Pack
Symantec AntiVirus™
Business Pack*
Symantec AntiVirus™
with Groupware Protection
Business Pack
Symantec AntiVirus™
Multi-Tier Protection
Business Pack*
Removes viruses automatically
without interrupting your work
Scans and cleans email
Privacy protection
– blocks confidential information
from being sent
Blocks new script-based viruses and prevents
worms from spreading
Protects against new viruses
with automatic updates
Stealth mode – makes PCs
invisible to other Internet users
Ad blocking
Scans and cleans
instant messages
Filters spam and unwanted
email content
Virus protection for desktops
Virus protection for servers
Content filtering
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Controls workgroup Internet access on a
small network
Virus protection for SMTP gateways
Virus protection for desktops
* Also available via the Value License Program
Virus protection for servers
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Updates automatically
to protect against new threats
* Also available via the Value License Program.
SECURITY APPLIANCES
PROBLEM SOLVING
SymantecTM Gateway Security 320
Firewall
Virtual Private Networking (VPN)
SymantecTM Gateway Security 360 and 360R
Stateful firewall that inspects at the IP and circuit layers
Gateway-to-gateway,
client-to-gateway and VPN-passthrough
Gateway-to-gateway, client-to-gateway and
VPN-passthrough 360R - includes 10 client-to-gateway licenses
Norton™ SystemWorks Premier
Small Office Pack
Supports encryption using DES, 3DES and AES.
IPsec
Intrusion prevention
Gating - blocks a specific detected event from passing through the firewall
Intrusion detection
Signature-based intrusion detection
Antivirus protection
Antivirus policy enforcement - appliance constantly queries network entities and remote users
to ensure antivirus is running and blocks or warns if not
Content filtering
Removes viruses automatically
without interrupting your work
Two user-definable URL lists (allow and deny), maximum of 100 entries each
Restores your PC to its
previous working state
Antispam
Standalone web-based management
High Availability
Scans and cleans email
Blocks new script-based viruses and
prevents worms from spreading
Yes
Yes
via external modem
via external modem or second WAN port
Monitors your PC continuously to
identify problems before they occur
Wireless access point security
Maximum recommended users / nodes
Maximum firewall throughput
VPN (DES, 3DES, AES) and WEP
VPN (DES, 3DES, AES) and WEP
50
100
55 Mbps
60 Mbps
Removes old software applications
and other unneeded files
broad range of software, appliances and services designed to help
individuals, small and mid-sized businesses, and large enterprises
secure and manage their IT infrastructure. Symantec's Norton
brand of products is the worldwide leader in consumer security
and problem-solving solutions.
Headquartered in Cupertino, Calif., Symantec has operations
in more than 35 countries. More information is available at
www.symantec.com.
IT Security for Small Businesses
Creates backup disks, restores files quickly
and clones one hard drive to another
Stores confidential passwords
and credit card numbers
Symantec is the global leader in information security providing a
▼
Optimises file storage
Load Balancing and throughput aggregation via dual WAN ports
Load Balancing
Prevent unwanted
access by intruders
About Symantec
IT Security for Small Businesses
Intrusion detection
Unfold this section to find out about Symantec's IT security products that can help to protect your business
Compare Symantec's IT security solutions to find which one
best suits your business.
Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation.
Copyright © 2004 Symantec Corporation. All rights reserved.
All product information is subject to change. 09/04
INTEGRATED SECURITY
VIRUS PROTECTION
Symantec™
Client Security
Business Pack*
Symantec™ Client Security Norton Internet Security™
Small Office Pack
with Groupware Protection
Business Pack
Norton™
Personal Firewall
Small Office Pack
Norton
AntiSpam™
Small Office Pack
Firewall – intrusion protection
against hackers
Norton AntiVirus™
Small Office Pack
Symantec AntiVirus™
Business Pack*
Symantec AntiVirus™
with Groupware Protection
Business Pack
Symantec AntiVirus™
Multi-Tier Protection
Business Pack*
Removes viruses automatically
without interrupting your work
Scans and cleans email
Privacy protection
– blocks confidential information
from being sent
Blocks new script-based viruses and prevents
worms from spreading
Protects against new viruses
with automatic updates
Stealth mode – makes PCs
invisible to other Internet users
Ad blocking
Scans and cleans
instant messages
Filters spam and unwanted
email content
Virus protection for desktops
Virus protection for servers
Content filtering
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Controls workgroup Internet access on a
small network
Virus protection for SMTP gateways
Virus protection for desktops
* Also available via the Value License Program
Virus protection for servers
Virus protection for Microsoft Exchange®
and Lotus Domino® email servers
Updates automatically
to protect against new threats
* Also available via the Value License Program.
SECURITY APPLIANCES
PROBLEM SOLVING
SymantecTM Gateway Security 320
Firewall
Virtual Private Networking (VPN)
SymantecTM Gateway Security 360 and 360R
Stateful firewall that inspects at the IP and circuit layers
Gateway-to-gateway,
client-to-gateway and VPN-passthrough
Gateway-to-gateway, client-to-gateway and
VPN-passthrough 360R - includes 10 client-to-gateway licenses
Norton™ SystemWorks Premier
Small Office Pack
Supports encryption using DES, 3DES and AES.
IPsec
Intrusion prevention
Gating - blocks a specific detected event from passing through the firewall
Intrusion detection
Signature-based intrusion detection
Antivirus protection
Antivirus policy enforcement - appliance constantly queries network entities and remote users
to ensure antivirus is running and blocks or warns if not
Content filtering
Removes viruses automatically
without interrupting your work
Two user-definable URL lists (allow and deny), maximum of 100 entries each
Restores your PC to its
previous working state
Antispam
Standalone web-based management
High Availability
Scans and cleans email
Blocks new script-based viruses and
prevents worms from spreading
Yes
Yes
via external modem
via external modem or second WAN port
Monitors your PC continuously to
identify problems before they occur
Wireless access point security
Maximum recommended users / nodes
Maximum firewall throughput
VPN (DES, 3DES, AES) and WEP
VPN (DES, 3DES, AES) and WEP
50
100
55 Mbps
60 Mbps
Removes old software applications
and other unneeded files
broad range of software, appliances and services designed to help
individuals, small and mid-sized businesses, and large enterprises
secure and manage their IT infrastructure. Symantec's Norton
brand of products is the worldwide leader in consumer security
and problem-solving solutions.
Headquartered in Cupertino, Calif., Symantec has operations
in more than 35 countries. More information is available at
www.symantec.com.
IT Security for Small Businesses
Creates backup disks, restores files quickly
and clones one hard drive to another
Stores confidential passwords
and credit card numbers
Symantec is the global leader in information security providing a
▼
Optimises file storage
Load Balancing and throughput aggregation via dual WAN ports
Load Balancing
Prevent unwanted
access by intruders
About Symantec
IT Security for Small Businesses
Intrusion detection
Unfold this section to find out about Symantec's IT security products that can help to protect your business
Compare Symantec's IT security solutions to find which one
best suits your business.
Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation.
Copyright © 2004 Symantec Corporation. All rights reserved.
All product information is subject to change. 09/04