Security standards

Security standards

Security standards and security organizations

The National Computer Security Center (NCSC) is one organization that promotes security standards amongst governmental and other organizations. It has formulated a number of security standards, the most well known being the Trusted Computer System Evaluation Criteria (TCSEC), which contains seven levels of criteria for a trusted system.

Several other computer-security-related organizations provide information on security threats and possible workarounds. The most prominent are

• the Computer Emergency Response Team (CERT)

• Computer Security Resource Clearinghouse (CSRC) at the National Institute of Standards and Technology (NIST)

• Computer Incident Advisory Capability (CIAC) at the US Department of Energy (DOE)

Intrusion-detection software

Intrusion-detection software has been around for a while, but has recently become more popular. It can be set up to monitor network traffic and shut down connections deemed unsafe. The software works by comparing the flow of network traffic to a set of rules and then responding if violations of the rules occur. Intrusion-detection programs rely on a predefined database of attack signatures. When activity is observed that conforms to one of the attack signatures, the program responds.

As an administrator, you decide what actions the software takes, ranging from informing you, through firewall reprogramming to punishing hacker activity. Although such software is useful and effective, you shouldn't let its use replace regular security checks and audits.

The programs are not perfect and sometimes have difficulty in differentiating normal, safe network activity from actual attack—this is called a false positive. For this reason, and the fact that intrusion-detection programs are quite difficult to set up and maintain, not all administrators have adopted them.

Popular intrusion-detection programs include:

• Axent? Intruder Alert?

• Platinum Technologies SessionWall

• Internet Security Systems? RealSecure?

Other useful links

The Internet Computer Security Association
The home page of the ICSA, with up-to-date news items and downloads.

ISS RealSecure
An article from Information Week on ISS RealSecure.

Internet Detection Software
An intrusion-detection software resource site hosted by InfoSysSec.

Microsoft's Security Page
Provides news, updates, and patches on security issues for Microsoft operating systems.