How secure is your network?
It's not enough to ask about network security; organisations need to know how to proactively detect intrusions and stop them.
So said Steve Armstrong, SANS certified instructor, at ITWeb's Security Summit yesterday. Many organisations simply don't ask how secure their networks are, and if the organisation doesn't, he continued, why should a provider?
It's not that organisations have poor technology; the problem is that technology is poorly configured, Armstrong said.
He added that organisations must simplify security measures, noting that having a single firewall that can identify all security risks was a potential solution.
Organisations must also have a designated security person or security department, he noted. This will help alleviate some of the confusion associated with the responsibility of security, he added.
Another problem that organisations face is a lack of employee education regarding security risks when using the Internet, Armstrong noted that very few staff had attended formal training about security - and this included administrators.
To address network security effectively, Armstrong recommended that organisations use the 20 consensus audit guidelines (CAG), which help provide a holistic network security model.