The four things every IT security must do every day

Security work is a continuous and daily process. You can’t just install a firewall or an intrusion-detection system and say that you’re suddenly secure. In some cases, you’ll be lucky to enter an organization that already has a relatively mature security program. In these cases, most of the items discussed in the following sections will already be implemented and your job will be easier to manage. In other cases, you may find yourself hired into an organization that has not had a security program in the past. In this case, you’ll have the opportunity to build the program from the ground up. Although this might sound like more work, and a potentially bigger hassle, you may find it easier creating everything from scratch and ensuring that it’s all done correctly. But let’s look at some of the items you’ll need to understand.

1. Patches and Hot Fixes
Both operating systems and applications have a single huge flaw: They are written by human beings. Because of that, they have bugs and security issues. Vendors release patches or hot fixes on a periodic basis to address security concerns that may have arisen since the last patch came out. To keep an organization secure, you need to ensure that these software patches are applied in a timely manner. One important item to note here: Test your patches in a test environment before you implement them in production systems. In some cases, patches have caused more harm than good because of unexpected issues.

2. Backup and Restore
At this point, you’re already aware that each organization has certain information it needs to accomplish its mission. Whether it pertains to customer credit cards or military strategy, that information is critical to the organization and must be protected. And because computer systems have been know to crash and hurricanes have been known to take out entire city blocks, you’ll probably want to back all that information up to mobile media and store it elsewhere for safekeeping. Backing up information is typically done in several ways, mostly automated. A full backup takes everything and backs it all up at one time. It takes longer and consumes more media space, but it backs up all the data. Full backups are done about once a week, on average.

Partial backups are done in between full backups, but not all the time. They’re intended to ensure that a complete application or source tree is backed up more often than the full backups are run. Incremental backups are run most days, in between the full backups. They include only those files that have changed since the last backup. These types of backups are short and consume much less media. But in most cases, they won’t be enough to recover from a disaster. But backing up your critical data is not enough. Testing backups by doing restores of sample data is very important. Test every tape and test every week. Ensure that all the information is still accessible. If you’re not paying close attention to the backup software, you may never even notice that it’s erroring out until it’s too late. By doing periodic test restores, you can verify that the backups, and the media itself, are still valid.

3. Virus Protection
Virus protection helps protect the organization from malicious code by blocking harmful code either at the perimeter or on the host machine, where the user works. Unfortunately, too many users install virus protection and never update the signatures to reflect new threats. An outdated virus application is nearly as harmful as having no virus protection at all. As the security administrator, your responsibility is to ensure that the virus protection system is active and updated.

4. Perimeter Security
Defining the rules that protect the organization’s Internet face is a huge responsibility and should not be taken lightly. It’s best to implement a deny all type of rule set, through which you can allow traffic on a case-by-case basis. This type of system ensures that you always know what is allowed through the firewall or router, versus having some traffic slip through the cracks. Perimeter defenses exist on the router, firewall, switches, and intrusion-detection devices. [IT Security Interviews Exposed, Chris Butler 2007]