In these days of all-out combat in Afghanistan, terrorist attacks in New York and Anthrax in Washington, it's easy to lose one's perspective. I know I've become addicted to checking major news web sites several times a day. I now listen to news radio stations on way to and from work instead of my normal rock and roll station. It seems like something might happen at any moment, and I want to know immediately.Something that seemed to be mentioned in every IT related publication for last year or so is possibility of cyber warfare. This is concept of attacking a country through it's information systems (specifically internet).
Since attacks I've seen number of articles go from a few per week dozens per day. Warnings about security risks seem to be popping up all over place. It is important that these warning be taken seriously - it's time to wake up folks and get your systems locked down.
What could be attacked? Just about every company has an internet connection these days. Many of those companies do not have good security, as is proven by recent Nimda and Code Red outbreaks, as well as numerous penetrations by hackers.
If you are an IT manager you probably need to ask yourself some important questions to be prepared for possibility of attack. In fact, it is your patriotic duty to be sure your systems are safe and secure. To do otherwise not only puts your company in danger, it actually threatens, even in a small way, security of your country.
Does your organization really need to be attached to internet at all? - This is first question to ask yourself. I know it seems like every workstation at every company must be attached to internet, is it really necessary? Does it add to company bottom line? For many companies, answer is yes, for others no.
Is information that you provide to internet community appropriate? - This question has come up on a large number of government and utility sites. Is it really necessary, for example, to include a map of a power plant? I know this might seem useful to, say, schools for educational purposes, but it may also be even more useful to terrorists and other evil-doers.
Is your backup and archive strategy sound? - The most important single task that you perform is backups. Do them regularly and check data occasionally.
Are your password policies good enough? - The weakest link in most security schemes is user and his or her passwords. If your management will allow it, make sure your users have long, complex passwords which they change regularly. Enforce best practices with their passwords.
If your front line security adequate? - Have you got firewalls installed? Regardless of whether you've got a home computer or a hundred million dollar complex, you'd better install a firewall if you have not done so already. A hardware firewall is best solution, but a software one will do for a home system if money is tight.