HostedDB - Dedicated UNIX Servers

UnauthorizedModems_15
Protecting Data Networks by Securing Telephone Networks 14 telephone firewall provides a view and control of the datastream that was not available before. Consider, for example, the tools described to secure an organization’s telephone network. The benefits of more effective telephone management can be realized in several ways. One immediate result is a better understanding of the actual needs of the organization. It is not uncommon for corporations to have numerous fax lines. How many are actually needed? What is the utilization of these devices? If the utilization is low it may be possible to save money by eliminating some. Savings may also be realized as a result of better accounting of the lines that are actually in use. The savings may be especially dramatic for large corporations with numerous lines. It is difficult to keep track of the lines that are connected and disconnected on a daily basis. In an audit conducted in 1998, for example, Greyhound Lines, Inc. recovered more than $1 million in incorrect telephone charges. [6]The charges included previously disconnected or currently unused telephone lines, as well as charges from 900 numbers and third party calls Greyhound had previously thought were blocked. Audits of the sort conducted by Greyhound are extremely labor-intensive, but with the added functionality provided by the telephone security device described above, it would become much easier to conduct. This sort of savings provides a very rapid return on the security investment. Enterprise-Wide Security It is important to remember that any device used to secure telephone lines is only part of what is required to provide enterprise-wide security. On the other hand, any attempt to secure a corporate internal network would be incomplete unless the potential problem with telephone modems is effectively addressed. It is important to address each element of security as depicted in Figure 6 and to incorporate all aspects of the operational model of computer and network security (prevention, detection, and response). Simply installing disparate security devices, however, will not result in an integrated or effective approach to enterprise-wide security. To be useful, data from all security monitoring devices needs to be combined into an integrated body of information, then presented in an effective fashion which would provide executive-level management with a corporate viewpoint of the company’s computer and network security posture. To truly understand what is happening, executive-level management needs to have both network structure visibility as well as corporate datastream visibility. This means the structure of computing and network assets (in terms of connectivity and configuration of computing assets) as well as the methods used to transmit data in the company should be available to corporate executives. To present this often voluminous information requires a system which can receive data from the various monitors and sensors (e.g. firewalls and intrusion detection systems) and present pertinent security information in an easily understood fashion. Tools that provide this visibility would provide more comprehensive system security as well as enabling an organization to realize a return on its security investment.