HP ProLiant 4500 Compaq Enterprise Security Framework - Page 5

Security Environment: Threats and Pressures

Get HP ProLiant 4500 PDF manuals and user guides View all HP ProLiant 4500 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 5 highlights

WHITE PAPER (cont.) ... residing on mainframes and mid-range systems in a closely monitored and physically secure environment - the glass house. In this setting, businesses deployed private, leased lines for external data transactions with known partners and used e-mail for internal communication only. In the new environment, a wide variety of enterprise computers either contain or connect to critical business information. In addition, these devices can be portable (laptops, PDAs) and are rarely physically secured. Servers are corporally distributed throughout an enterprise, and each sever can be connected to hundreds of clients. These servers are also frequently networked to outside parties through the Internet or to remote access modems. Furthermore, businesses are now using the public networks as a platform for conducting commerce and exchanging sensitive information with consumers and business partners. Security Environment: Threats and Pressures With these trends, a variety of threats have increased in importance and proliferated across the computing landscape. The following examples provide an idea of the confusing issues with which IT managers must contend (see Figure 2). - Security Threats - DB Mainframe WebServer Internet Corporate Network Intranet/ Externet Users Application Server Firewall Modem Bank Corporate User Figure 2 Mobile User • Saboteurs and thieves (either internal or external) can access, steal, and change the content of crucial information. • Hackers can launch viruses and other attacks that crash important systems. • Disgruntled employees can either steal or guess passwords to gain access to information and applications they are not authorized to use (e.g. payroll, HR). • Outsiders can dial-in directly to the network or PCs and use this as a launching point for internal network attacks. • Attackers can use various tactics to crash web servers or change their content; web servers can also be used as access points to the internal network. 5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
W
HITE
P
APER
(cont.)
5
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
residing on mainframes and mid-range systems in a closely monitored and physically secure
environment – the glass house. In this setting, businesses deployed private, leased lines for external
data transactions with known partners and used e-mail for internal communication only.
In the new environment, a wide variety of enterprise computers either contain or connect to critical
business information. In addition, these devices can be portable (laptops, PDAs) and are rarely
physically secured. Servers are corporally distributed throughout an enterprise, and each sever can
be connected to hundreds of clients. These servers are also frequently networked to outside parties
through the Internet or to remote access modems. Furthermore, businesses are now using the public
networks as a platform for conducting commerce and exchanging sensitive information with
consumers and business partners.
Security Environment: Threats and Pressures
With these trends, a variety of threats have increased in importance and proliferated across the
computing landscape. The following examples provide an idea of the confusing issues with which
IT managers must contend (see Figure 2).
Application
Server
Corporate
User
Mobile
User
— Security Threats —
Firewall
Mainframe
Web-
Server
Intranet/
Externet
Users
Internet
Corporate
Network
Modem
Bank
DB
Figure 2
Saboteurs and thieves (either internal or external) can access, steal, and change the content of
crucial information.
Hackers can launch viruses and other attacks that crash important systems.
Disgruntled employees can either steal or guess passwords to gain access to information and
applications they are not authorized to use (e.g. payroll, HR).
Outsiders can dial-in directly to the network or PCs and use this as a launching point for
internal network attacks.
Attackers can use various tactics to crash web servers or change their content; web servers can
also be used as access points to the internal network.