- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The Washington Post Co.’s security team has developed a series of customized policies for monitoring its databases via the Symantec Database Security and Audit (SDSA) appliances (read our case study.)
Although the appliances come with several ready-made policies, the company continuously hones them to reduce the number of false positives, allowing the security team to concentrate on true security issues. Through the process, Stacey Halota, director of information security and privacy at the education and media company, offers these lessons learned:
1. You get what you ask for. When building policies, Halota says it’s important not to be too general. “You really want to be careful that you’re not asking for too much because you don’t want to have a flood of information that’s not really meaningful to you.” Monitoring application IDs is one example. Some applications repeatedly call the application ID as they perform various functions. “The end user doesn’t see the ID but it interacts with the database all the time. So if you look at everything it updates, that could be a million things,” Halota says.
Halota instead focused on anomalies. “What we cared about is if the application ID was coming from an unexpected place,” she says. “So we knew the application ID was always going to come from the app server, a certain address. Rather than looking at every time the application ID updated something, we focused on if it was updating something from anywhere besides that certain address. That’s a policy you can create in about 2 minutes.”
2. Watch false positives. Even when you build policies carefully, appliances can make mistakes. For example, the SDSA alerted Halota’s team about a certain field within the database. “It thought that one field in particular in our data was a credit card number, but it wasn’t,” she says. “So the first time we saw it flagged, we thought all these [financial] records were being taken from the database, but they really weren’t.”
3. Refine over time. Halota says building policies is an iterative process. “Overall, it probably took us a month to build the policies,” she says. “We had some prepackaged policies in place right away, but everything else took a bit longer. You do a little, then a little more the next month, and then they’re running and we just tweak them now and then. But it’s something you do over time.”
Cummings is a freelance writer in North Andover, Mass. She can be reached at jocummings@comcast.net.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment