long term side effects of accutane on pregnancy
clozaril standard nursing care plan
prednisone side effects bloating stomach
buspirone 15 mg high
new asda price for viagra uk
baclofen 10 mg fibromyalgia
zyprexa uses anxiety
generic levitra unicure
levofloxacino 500 mg y alcohol
over counter antibiotics in poland
price levitra hong kong
erectile dysfunction pills in india
what happens if a male takes the female viagra pill
cure acne and amoxicillin together
valacyclovir 1 gm tablet side effects
does zovirax work for anything besides herpes
flagyl long lasting side effects
cordarone comprimate 200 mg pret
cost of cialis 5mg at cvs pharmacies
mirtazapine 30 mg withdrawal
azithromycin 250 mg en espanol alprazolam mucinex dm
how does flomax for kidney stones in females work
se puede tomar misoprostol dos veces en cuatro meses
does propecia affect blood pressure
bp parameters for lisinopril
cost of metoprolol tartrate without insurance
anafranil o aremis
is 100 mg of levothyroxine a high dose
importing nolvadex into australia
can you eat cheese whilst on warfarin
price of tamoxifen in the philippines
effexor interactions with nbuspirone
augmentin 1g pret farmaciile dona
cytotec tiempo de caducidad
viagra active ingredients
how to make viagra
para que es naproxen 550 mg
prescription drug 700n
lexapro brand price
hydrochlorothiazide tinnitus losartan
misoprostol 200 mg used
phenergan for dog with kidney problems
appolo pharmacy in delhi erection pills
voltaren cepici 12.5 mg
taking benadryl with cymbalta
cymbalta abnormal sperm
voltaren slow release
lexapro 10 mg drug interactions
nexium 7 day free trial coupon
why does gabapentin cause viral infections
cheap no prescription viagra
generic lexapro cost without insurance
taking extra levothyroxine side effects
5 mg of celexa
propecia 84 cpr
side effects of having a tattoo while on antibiotics
metronidazole 500 mg and bleeding
can i take clomid first thing in the morning
wellbutrin 100mg sr once a day
ic tamsulosin hcl 0.4mg cost
keflex effect on warfarin australia
montelukast headaches twice a day
how to wean off 5 mg lexapro effective
coumadin 30 mg
doxycycline 100mg after tooth extraction infection
kegunaan obat dexamethasone dan irgapan
nolvadex cost in india rs
generic proscar costco
azithromycin tab 500 mg work on acne
fungsi obat meloxicamm
benefits of inderal 10mg
how long does it take for antivirals to leave system
kegunaan obat zovirax injeksi
how should i take antibiotics amoxicillin 500 gr
montelukast chewable 4mg jak dziala
augmentin and bupropion
can you take sinupret while on amoxicillin
hinde a to z mobics
valacyclovir 1gram cheaper
uk viagra no prescription
difference between hyzaar vs exforge
meloxicam dosage 30 mg
como tomar cytotec 200 mg
cheap viagra us
clomipramine 100mg side effects
diovan 25 mg
clomid basket kit
ziromac azithromycin 250 mg in urdu
300 mg doxycycline monohydrate
buy thyroxine online australia
what works just as good as viagra
buspar and ibuprofen interaction
clomiphene citrate price australia
how long will diflucan affect birth control
ez online pharmacy buy cialis usa
price for plavix for cats
prozac 80 mg depression
what is dose of septra for cellulitis
can you buy viagra in mexico walmart
celexa how good is it in the list of antidepressants
proventil generic available
poco sangrado despues del misoprostol
generic for septra used for staph infection
thyroxine 300 mg
can affect azithromycin 250 mg pregnancy
swelling from avapro
emotions and bupropion
is losartan 100mg equivilant to lisinopril 20mg
lasix side effects to report
dapoxetine 50mg tablets in india pdf
tamsulosin 0.4mg chewabale
can viagra side effects
trichomonas treatment flagyl dose on empty stomach
propranolol does it cure stuttering
brown discharge after taking diflucan tab
can bupropion 24 xl tab 150 mg be cut
valtrex for poison ivy
singulair interactions with mucinex
can doxycycline be used for tonsillitis
ciprofloxacin life shelf
6 weeks offpaxil
gabapentin effects on testosterone
acheter misoprostol sans ordonnance en rdc
taking doxycycline before bed
clomid at walmart
fungsi obat clozapine 100mg
misoprostol. venta en tucuman
how do you take prednisone 5mg dspk
is it safe to take zofran and pepto bismol
cytotec bahasa indonesia
atorvastatin clopidogrel indications
heavy period clomid duphaston
proscar uk boots
regenepure or nizoral ketoconazole
buy levitra mumbai
thyroxine t4 normal range
do the side effects of cipro go away
que es remeron
is amoxicillin 500 mg twice a day good for root canal
buy nexium tablets
difference aqua doxycycline 100 vs dogs doxycycline
buy bulk naproxen sodium
sinequan 10 mg panik
topamax top 25 can you get high
itchy nipples while on clomid male
zovirax purchase canada
how to overcome cymbalta withdrawal symptoms
prozac 20 mg twice a day
norvasc 5mg twice daily compared to 10mg once daily
neurontin 100 mg street price
ondansetron orally is it safe to take while pregnant
cyproheptadine and erythromycine interaction result
como puedo abortar con cytotec si tengo 6 semanas
which bacteria does erythromycin ointment kills
amoxil 200 mg
pregnancy test after clomid
how soon can clomid be useful
lamisil generic equivalent over the counter
can i drink beer while taking diflucan
levaquin and alcohol side effects
ftir spectrum of lisinopril hctz
side effects prednisone epilepsy
cialis dosage 40 mg
is lasartan a gernic for micardis
what side effects does acyclovir have
cheap viagra nz
how do i wean my dog off 20 mg of prednisone
lamisil at cream in india
sertraline 200 mg how much kills
terbinafine and amorolfine in ringworm
is azithromycin 500 enough to treat acne
nortriptyline 10mg in holland
valtrex generic dosage
side effects for zovirax
zyprexa 10mg price
fluvoxamine maleate australia
viagra price spain
baclofen 4097 tv
meloxicam 7.5mg side effects
apakah piroxicam obat untuk atrithis
canadian viagra soft
metronidazole 500 mg in early pregnacy
generic cialis indonesia
brand nane ofdiltiazem 2 cream
captopril normon 25 mg prospecto
desogestrel 25 mcg ethinyl estradiol 40 mcg
viagra shop in kenya
600 mg celebrex
can doxycycline cause impotence in men
where is the safest place to buy clomid online
acyclovir 400 mg tablet price
can getting off paxil help dry eye
cheapest brand name viagra
zyprexa generic cost
isotretinoin 20 mg day
replacing lisinopril with olive leaf extract
is it safe to use a thermogenic with bupropion hcl xl
can i take gas x with zofran
will amoxicillin 100 mg treat gonorrhea
2.5mg of prednisone for dogs
symptoms when stopping lexapro after 4 years
amoxilline dose cost kenya
linezolid worldwide sales
can u drink alcohol on prednisone 100 mg
amoxicillin price philippines mercury drug
can you buy ivermectin over the counter
levitra 20mg suppliers
can you sniff singulair
trazodone 50 mg price
xenical cost in australia
generic lisinopril hydrochlorothiazide pill
tadalafil 20mg buy online
depo provera valor en costa rica
estradiol to buy
doxycycline monohydrate for sale
amoxicillin dose for kennel cough
doxycycline side effects hot flashes
para q sirve las pastillas provera
buspirone 5mg tab teva side effects
satu dos azithromycin 1000mg
what is another name for acyclovir in nigeria
buy premarin online uk
coumadin with or without food
lopressor oral dosage
lasix administration patient education
clomid 100mg hcg shot chances of getting pregnant
antibiotics for 6 year olds
acyclovir price in philippines
what is side effects of clomid
teva atorvastatin uk
nexium 40 mg capsule side effects
buying viagra title object object
tamoxifen side effects sweating
prednisone and increased fertility women
costo priligy dapoxetina
taking prednisone 40 mg a dapor 4 month side effects
difference between crestor and atorvastatin calcium
other names for zyvox
metoprolol 50 mg anxiety
does flagyl cause dark stool in dogs
propranolol side effects in men
cefixime and azithromycin buy online india
para q sirve cipro hc otic sus bayer phar
do azithromycin need prescritions in manila
doxycycline hyclate for cat bite
stromectol obat apa
prednisone dosage allergic reactions
anyone had success with generic antidepressants
es una diaria de cytotec o 4
diflucan tablet as treatment for cradle cap
sertraline 50 mg price in uk
why does wellbutrin make cigarettes taste bad
clomid 50mg success rate
taking duromine with cymbalta
accidentally took two thyroxine dizzy now
taking cialis daily for testosterone
purity solutions sildenafil citrate review
prozac buy online canada
orlistat drugs sold in nigeria
black box warning list cytotec
patient assistance for metoprolol succ
clomid and norethisterone instructions
para saan yung olanzapine
canine prednisone 20 mg twice a day side effects
adderall and strattera costs
kudzu and zoloft
septra ds composition
how much are 5 mg cialis worth street value
montelukast sodium drug bank
valacyclovir hcl during pregnancy
ciprofloxacin makes my pee smell
azithromycin uses can you take with allieve
bupropion 300 xl recall
80 mg prednisone for 10 days for allergic dermatitis
what is the street value for baclofen 20 mg
expert date for phzer cytotec 200 mcg misoprostol
prednisone side effects irregular heartbeat
amoxicillin dispersible tabletsmedomox
difference between heparin and warfarin for mini stroke
furosemide and b complex
orlistat usp 35
amoxilline sandoz hangi hastaliklar icin
can i buy amoxicillin for dog at pet shop uk
valtrex 1000 mg side effects
metronidazole side effects for pets
proscar cost cvs
dostinexcabergoline nicin kullanilir
lady viagra in india
whats difference between viagra and blue zeus
ivermectin dosage for dogs for heartworm prevention
cephalexin vs ciprofloxacin
cheap soft tab viagra
baclofen toxicity dogs 10mg
propecia 5mg canada
purchase viagra from uk
phenergan dosage for adults
can pigs take prednisone
can i take amitriptyline and adderall for ic
voltaren para que serve
zetron azithromycin 250mg
thyroxine prescription cost
buy viagra online pharmacy
order amoxicillin online canada
glucophage without pcos
msd 97 decadron
what are the hypothyroxine levels
is lamisil similar to acyclovir ointment
cytotec arequipa contacto
wyeth canada premarin cream cost
how is pharmacia cytotec used to terminate pregnancy
where can i get diflucan in kenya
dose of zofran for 3 year old
can dogs have zofran
valacyclovir hydrochloride amino acid
prednisone 10mg pack
levitra 100 mg
propecia shedding success story
tizanidine with paroxetine combo
what is the street value of mobic or meloxicam
propranolol for ptsd 60 minutes
etodolac 200 mg side effects
metronidazole prescribing information pdf
can you take amitriptyline and sertraline tabs together
cytotec on 14 weeks pregnant
side effects amlodipine with benicar
ciproxin 500 side effects
is it safe to have piercings on clopidogrel
switching zyprexa and depakote
metformin side effects thyroid
wellbutrin with lexapro jitters
An Overview of Corporate Information Security
Combining Organisational, Physical & IT Security.
By Seán Boran
December 13, 1999. This article presents an
overview of corporate information security, not just in a computer/network context, but
also considering social and physical aspects.
Checklists are provided to stimulate analogies in your own corporate
We welcome your feedback on this article.
Security involves prevention, detection, response, monitoring and review measures to
reduce perceived risks to acceptable levels. These measures need to be uniform and
continuous in domains such as Social/Personal, Computer/Network and Physical.
This article divides up explanation of corporate information security into:
- Information Domains
- Domain Interfaces
- Sources of threats
- Effects of
Understanding corporate security is about understanding what the key assets in the
company are. Today, the key asset is often information. But information alone is not
enough, knowledge of how to use valuable information is needed to provide a competitive
edge. The value of information may depend on being secret and accurate.
Information can take many forms, hence methods of securing information are various.
Instead of dividing information into categories based on content, consider analysing
threats to information (and hence its protection) on categories based on methods of
processing / storing.
Three "information domains" are defined:
- Physical: Traditionally information is "written down", stored somewhere (e.g.
a box, safe, diskette, or computer). Classical security concentrates on physical
protection: buildings, server rooms, access controls etc.
- Social/Personal: Successful organisations realise the value of their personnel, the
knowledge they hold in their heads and the capabiliy to use that knowledge to corporate
- Logical or Network: Information is also stored on computers and accessed via networks.
Documents can be stored "somewhere on the net" that users reference through
URLs, UNCs or other abstract notions. The actual location of the data is often unknown to
the user, she assumes it's on a server "somewhere". The different beween
Internet and Intranet may not be obvious to end users. With this abstraction comes also a
certain loss of accountability and responsibility.
Each of these domains contains interfaces to the outside world.
This may look overwhelming at first, lets look at the domains one by one.
The Buzzwords are explained at the end of the article if they are new to you - don't
worry, they're just networking technologies.
The numbers in brackets below refer to numbered interfaces above.
- Physical: Most of us live in the physical world of people, buildings, equipment, wiring,
computers, disks, paper documents, etc. There are physical interfaces which allow external
people and equipment/material to enter and leave buildings/rooms, such as locked doors,
controlled access via reception areas, etc.. However, physical security extends beyond the
corporate buildings since media may be transported between locations and laptop usage is
frequent (and their hard disks can contain large amounts of data).
- Social / Personal: Employees have relationships with others within and outside the
company. Exployees can be reached by methods such as telephone, fax, email and
- Logical or Network: Computers and networks provide storage and retrieval of corporate
information and processes. The increased complexity, speed of technical evolution, market
movements and organisational changes of the 90s has made securing this domain a real
(0) Telephone/voicemail systems are increasingly complex and may interface to
(1) Dialup modems (whether analog, digital or radio) remain the predominant access
method for teleworkers and IT Support staff to remotely access corporate data.
(2) The Internet, a public network of (thousands of) networks, is fast becoming the
preferred media for information exchange whether via World Wide Web, Email or Extranets
(encrypted virtual networks on the Internet).
(3) Large corporations have many links to partners and vendors, often using many
different technologies and implemented too quickly for security to be properly considered.
These vendors/partners in turn, have further links to the Internet etc.
(4) The Corporate Intranet may extend across several cities and even countries.
Different technologies can be involved in the many transport layers, from fibre or copper
cables, ATM switches to the familiar TCP/IP protocols.
The domain interfaces can be subject to various types of threats, for example:
- Logical or Network:
(0) Telephone/voicemail security is often forgotten about,
threats involve attackers telephoning cheaply internationally, listening to voicemail
messages and possibly unauthorised access to the Intranet (if an interface to the Intranet
(1) Dial-up networks can be an easy entry point for attackers, as they are often less
well protected or monitored than Internet connections. Typical attacks are identity
spoofing leading to unauthorised access. Analog connections are easier to eavesdrop.
(2) The Internet connection offers a way to communicate with millions of people
globally, but is difficult to control due to it's complex and dynamic nature. A wide range
of attacks are possible: eavesdropping, identity spoofing, denial of service.
(3) Connections to vendors/partners are often not secured enough, due to lack of
time/resources, or belief in security through obscurity. They can be used as an attack
point by Partner organisations (Partners don't always stay partners...) and also for
attackers who have already penetrated the Partner's network.
Threats: unauthorised access, denial of service.
(4) Wide area networks are used to extend the corporate Intranet to many remote areas.
The cabling probably passes through public zones. The complexity of Wide Area Networks can
serve as a deterrent to attackers, but is it enough? How much can you trust network
providers? The main threats are eavesdropping, denial-of-service and possibly identity
- Social / Personal:
(5) Social engineering can be used to trick personnel into
divulging information or providing access.
(6) Helpdesks may also be subject to social engineering, providing modem numbers,
passwords etc. unwittingly to unauthorised persons.
The other key threats are misuse of privileges, illegitimate use and mistakes.
(7) Many people who are not employees, will have access to buildings in one
way or another. Threats include theft, damage and copying.
(8) Sensitive information, if not securely disposed of, will yield a valuable resource
to attackers. The main threat is unauthorised access to information.
Other physical threats include laptop theft, natural disasters and loss of media during
These threats can result in critical information being lost, copied, deleted, accessed
or modified, or services no longer functioning (loss of confidentiality, integrity or
Before deciding on safeguards to counter the threats listed above, consider:
The nature of the threat. The attackers resources (financial, technical, time),
degree of motivation and ease of access should all be considered. For example, most would
expect frequent attacks from the Internet, so firewalls between the Internet and
Intranet are frequent. The media often remind us of the exploits of crackers, but what of
the disgruntled employee, who has access to critical systems for his daily work? What of
the manager who has a gambling habit and is tempted to embezzle to pay debts? Whereas
attacks from Internet Crackers may be frequent and technically interesting, they are
rarely as financially damaging as deliberate misuse of systems by employees.
Information lifetime. How is information generated, stored, processed, copied,
printed and destroyed?
Information aging. How does time affect the information? e.g. a new pricelist
might be sensitive before publication and would published to the world subsequently. A new
pricelist replaces an old one, becomes useless.
Nature: The likelihood of natural disasters.
Security Measures are needed to reduce risks to an acceptable level. If we assume that
a possible attacker is external to the organisation, possible measures that could be taken
in each of the interfaces (listed in green in the diagram above) are;
Measures for Logical or Network Interfaces:
- Authentication of users and/or computers
- Encryption to protect privacy or for authentication
- Digital signatures for authenticity and no-repudiation
- Access control
- Resource isolation: By isolating services from each other, a weakness or abuse of one
service may not necessarily lead to abuse of other services.
- Virus/malicious content controls
- Hardening: secure installation/configuration
- Reliability measures: backups, redundancy, hot spares, clusters, RAID, maintenance
contracts, off-site copies, contingency planning.
The following is a list of mechanisms relevant to specific Interfaces. Note that
hardening, resource isolaton, reliability measures and monitoring/auditing are useful on
(1) Strong authentication of users, possibly encryption
(2) All mechanisms
(3) Authentication of users or computers, access control, possible encryption.
Measures for Social / Personal Interfaces:
- Definition of security policies, to protect assets based on the risk. A security policy
is a preventative mechanism for protecting important company data and processes. It
communicates a coherent security standard to users, management and technical staff.
- Information security education of users / managers / system administrators.
- Tools to enable users to implement policy.
- Strong passwords, screen locks.
- Person authentication, inquisitiveness, monitoring/auditing.
- Organisation: Roles, responsibility and procedures are required to ensure that policies
are implemented. A security organisation can reduce risk and limit damage by providing
users with a central point for reporting, for handling of incidents and allocation of
Measures for Physical Interfaces:
- Limit access: locked rooms/entrances, physical zones, identification badges.
- Keep a record of accesses.
- Shredding/secure destruction/recycling.
- Insure against loss.
- Laptop access control/ encryption tools.
- Resource isolation.
- Availability: backups, (off-site) redundancy, etc.
Assurance / constant vigilance:
- Reconsider risks regularly. Are new threats more important, have some threats ceased?
- How effective are the countermeasures, do they require tuning?
- Conduct regular audits of important systems/interfaces.
Countermeasures against internal attack
On the other hand, if the primary source of attack is expected to be internal (whether
malicious or accidental), the focus changes, since attackers might be authorised to bypass
access control mechanisms:
- Social / Personal:
- Clear policy.
- Accountability, responsibility, trust
- Enforcement of policies. Legal threat: The threat of legal prosecution is a deterrent to
abuse of systems and networks, but can be difficult and expensive.
- Logical or Network measures:
- Monitoring, auditing.
- Multiple, archived backups and redundancy.
Security measures will improve security properties, such as
Assurance: Confidence that security measures are correctly implemented and that a
system will behave as expected.
Identification / Authentication: When users or programs communicate with each other,
the two parties verify each other's identity, so that they know who they are communicating
Accountability/Audit Trail: The ability to know who did what, when, where. Users are
responsible and accountable for their actions. Automatic audit trail monitoring and
analysis to detect security breaches.
Access Control: Access to specified resources can be restricted to certain entities.
Object Reuse: Objects used by one process may not be reused or manipulated by another
process such that security may be violated.
Accuracy / Integrity: Objects (information and processes) are accurate and
Secure information exchange: Information transmitted adheres to expected levels of
authenticity, confidentiality, and non-repudiation.
Reliability / Availability: Information and services are available when needed.
Knowledge and information are the most important assets of many companies, they need
protecton. Information can take many forms, hence methods of securing information are
Consider analysing threats to information based on:
- the information domain (Physical, Networks, Social/Personal),
- what interfaces these domains have to the outside world
- source, motivation, impact of threats
- information aging, methods of processing
Coordinated Countermeasures should help provide a continuous, uniform level of secuity
that reduces risks to an acceptable level:
- Organisation: Definition of security policies, roles, responsibility and procedures.
Allocation of security responsibilities. Information security education. Contingency
- Insurance against damage.
- Legal threat.
- Physical security: Access control, secure destruction of media, resource isolation.
- Technical mechanisms: Tools to enable users to implement policy.
Authentication, Encryption, Digital signatures, Access control, Resource isolation,
Virus/malicious content control, Hardening, Reliability measures, Monitoring.
- Constant vigilance: Regularly reconsider risks and review effectiveness of
||What you type in a Web Browser to get to a site (Uniform
||The way Microsoft names network file shares (Uniform
||is protection of Assets (information, systems and
services) against disasters, mistakes and manipulation so that the likelihood and impact
of security incidents is minimised.
||Sensitive business objects (information & processes)
are disclosed only to authorised persons.
||The business need to control modification to objects .
||The need to have business objects (information and
services) available when needed.
||is a danger which could affect the security
(confidentiality, integrity, availability) of assets, leading to a potential loss or
||is a measurement of the severity of threats.
||The prevention of unauthorized use of a resource,
including the prevention of use of a resource in an unauthorized manner.
||The set of laws, rules and practices that regulate how
assets including sensitive information are managed, protected and distributed within an
organisation or specific IT system(s).
|Networks & protocols
Asynchronous transfer mode
Normal analog phone lines: (public subscriber telephone network)
Digital phone lines: Integrated digital services network
Digital mobile radio: Global Services Mobile (from french expression)
Digital data lines (ISO standard)
IBM networking protocols (Systems Network Architecture)
Wide area network
A WAN technology used mostly by Telecoms carriers
SANS Glossary of Terms Used in Security and Intrusion Detection http://www.sans.org/resources/glossary.php
Seán Boran is an IT security consultant based
in Switzerland and the author of the online IT Security Cookbook.