3.2. Planning for Security

It is far easier to implement effective security measures to protect your SBS network if you plan for security before you actually start buying hardware or installing software. In the following sections, we’ll cover some of the most common attack vectors and the preliminary steps you can take in this planning stage to prepare your defenses. The most common attack vectors are:

• Careless or disgruntled employees and former employees The single most common attack vector for any network is people. Internal users and former users are the biggest risk factors to data loss and data theft. Whether from laziness, disregard of security policies, outright malice, or simply the desire to help someone having trouble, the internal user is often the most dangerous on your network. See Section 3.2.1 later in this chapter for guidelines.

• Internet hackers All computers and devices attached directly to the Internet are subject to random attacks by hackers. According to the Cooperative Association for Internet Data Analysis (CAIDA), during a random three-week time period in 2001 more than 12,000 DoS attacks occurred: 1200–2400 were against home computers, and the rest were against businesses. If your organization has a high profile, it might also be subject to targeted attack by hackers who don’t like your organization or who are engaging in corporate espionage.

  For more information about securing a network against Internet hackers, see Section 3.2.4 later in this chapter.

• Wireless hackers and theft of service Wireless access points are exposed to the general public, some of whom might be looking for free Internet access, and to mobile hackers. To reduce this risk, refer to the Section 3.2.3 section later in this chapter.

• Viruses and worms Networks are subject to virus exposure from email attachments, infected documents, and worms such as Code Red and Blaster that automatically attack vulnerable servers and clients. Refer to the Section 3.2.2 section later in this chapter for more information.