Five Warning Signs Your Security Policy Is Lacking
Warning signs of a weak security policy from SunGard Availability Services.
I came across a recent article where Kevin Casey of InformationWeek spoke to Ted Swearingen, director of security operations for Neustar, on the topic of Denial-of-Service (DoS) attacks and how SMBs can defend against them. DoS attacks are typically launched as an overwhelming flood of requests from a botnet (Distributed DoS) or a smaller group of attackers on weak parts of a website or online service.
The idea behind a DoS attack is simple: to tie up so much computing resources as to render a website painfully slow to navigate or even inaccessible by legitimate users. This can be devastating to an online business run by an SMB, which may not have the budget to engage the services of a Content Delivery Network (CDN) to mitigate these malicious attacks. Indeed, most SMBs probably do not have the in-house expertise to blunt the worst of such attacks.
You can read the article "How SMBs Can Minimize Denial-of-Service Risks," though I sum up the key tips offered by Swearingen below:
Some of the advice requires a deeper knowledge of DoS mitigation strategies, though it is obvious that at least a couple of them should be practiced even without the imminent threat of a DoS attack. Staying current by keeping operating systems and software to the latest versions and properly patched, for example, is absolutely crucial for lowering the likelihood of security breaches.
Moreover, ensuring that bottlenecks are eliminated by the removal of legacy networking gear or computer systems are aspects that a responsible and competent administrator will recommend. This may sound intuitive, though I've heard of horror stories of how legacy network adapters (Think 10Base-T) remain in use despite the presence of far faster Gigabit Ethernet links.
I plan to highlight some free or low-cost monitoring software that SMBs can make use of to keep track of the various systems on their network, so stay tuned.