Chapter Worksheet Assessing Your Attack Potential The following questions will help you evaluate potential threats to your network. Rate each question on a scale of 1 to 5. A 1 signifies that the question does not apply to your organization’s networking environment; a 5 means the question is directly applicable. 1. Is your network physically accessible to the public, such as a library or government office? 2. Is your network accessible by users not employed by your organization, such as a school or university? 3. Do you offer a public networking service, such as an Internet service provider? 4. Are there users outside the networking staff who have been granted root or administrator privileges? 5. Are users allowed to share common logon names such as Guest? 6. Can your organization’s line of business be considered controversial? 7. Does a portion of your organization’s business deal with financial or monetary information? 8. Is any portion of your network electronically accessible by the public Web server, mail server, and so on? 9. Does your organization produce a product or provide a highly skilled service? 10. Is your organization experiencing aggressive growth? 11. Do news stories about your organization regularly appear in newspapers or trade magazines? 12. Does your organization do business over public networking channels, such as the Internet or frame relay? Along with the results of this worksheet, you should also take a close look at the level of computer expertise within your organization. A “power user” environment is less likely to cause damage inadvertently—but is more likely to have the knowledge required to launch an attack. Conversely, an uneducated user environment is less likely to launch an attack but more likely to cause accidental damage. For questions 6–11, if your score was between 7 and 10, it may be most cost effective to utilize only a minimal amount of security around the parameter of your network. If your score was between 11 and 16, you should be utilizing some solid firewalling technology. If you scored above 16, consider using multiple firewalling solutions. If question 12 applies to your organization, you should investigate extending your defenses beyond the physical limits of your network. Once data leaves the confines of your network, it is that much more difficult to insure that it is not compromised. In later chapters we’ll examine in detail the technology required by each of the above situations. This checklist is designed to give you an early feel for how security conscious you should be when securing your networking environment. Keep in mind that this list is simply a guide; each network has its own individual nuances. Your mileage may vary. Summary I n this chapter, we saw that the number of security incidents are increasing and that most of these go undocumented. We looked at the differences between a hacker and an attacker and covered the benefits of discussing security vulnerability in a public forum. We also explored who might try to attack your network and why, as well as how to assess your likelihood of being the target of an attack. Now that you understand who may wish to attack you and why, you can evaluate the different levels of risk to your organization. By performing a risk analysis, you will see more clearly how much protection your organization truly needs. Previous Table of Contents Next Copyr ight © Sybex, I nc. CHAPTER 2 How Much Security Do You Need?