Symantec™ Security Gateways Reference Guide - Sawmill

16 Network security overviewSecurity considerationsInternal accessOne of the most important areas to consider is the access granted to employees. The majority of securitybreeches originate internally, whether they are accidental or intentional. A strong internal security policyprevents almost all accidental security breaches, and helps hamper many intentional ones. Whendeveloping your internal access security policy, you must account for the confidentiality, integrity, andavailability of all company data.Data confidentialityCompany data ranges from public information, such as product brochures or marketing materials, topersonal or private information, such as an employee paycheck or company trade secrets. Obviously, notevery piece of company data should be viewable to everyone. For example, you wouldn’t want to makepublic what your customers paid for your product or service. With this information, a competitor couldunderbid you, and steal this customer.When considering data confidentiality, you must decide how to classify, or separate your companyinformation, the roles or permissions users are given when they connect to the network, and the type ofaccess each user has. For example, if you separated your company information into the categories ofprivate, internal, and public, regular employees that logon to the network might only have access tointernal and public information. You might reserve access to private information to managers.Data integrityThe access you grant to a network user determines the integrity of your company data. If you grant ageneral employee modification privileges to private information, your upper management, who mightnormally use this information to make management decisions, can no longer depend on the accuracy of thedata; the employee may have accidentally or purposely modified this data.When planning for data integrity, you must consider who has access to the different types of data, and theramifications of their actions on that data. You should also consider having checks and balances in place tothwart intentional attempts to corrupt data by authorized personnel. For example, you may considerhaving more than one individual write and review material before release. Having two or more peopleresponsible for the integrity of data significantly reduces the likelihood of data corruption.Data availabilityThe concept of data availability guarantees that authorized individuals are granted uninterrupted access torequired information in a timely manner. Ensuring data availability requires that you have controls inplace that properly authorize users, provide an acceptable level of performance, quickly handleinterruptions, and prevent data loss or destruction. Poorly thought out or insufficient access controls maycreate a situation where data is compromised, making it unavailable for authorized personnel at a laterdate. A security policy that takes into account data availability helps insure that your network performsoptimally and that authenticated users can access the information they need to perform their jobs.There are several approaches that ensure data availability. Some of these approaches include designingdata delivery systems properly, using controls to prevent unauthorized access, monitoring networkperformance, using routers and firewalls to prevent attacks, and maintaining and testing backup systems.