Information Security Best Practices: 205 Basic Rules


Section 1: Information Security Attacks and Vulnerabilities

To understand why you need to implement information security, I first present a list of the types of attacks that hackers may launch against your network. The information security best practices that are presented in the following sections are designed to prevent these forms of attack and decrease vulnerabilities.

Note

IF YOU SUSPECT THAT YOUR NETWORK IS CURRENTLY UNDER ATTACK, TURN IMMEDIATELY TO SECTION 19, EMERGENCY RULES AGAINST ATTACK, FOR ACTIONS YOU CAN TAKE THAT CAN SAVE DOWNTIME AND PREVENT DESTRUCTION OF INFORMATION!

1.1 Spamming

Spamming consists of an identified or unidentified source sending bulk mail to your site. In the nonmalicious form it consists of sending bulk advertising mail to many accounts at your site consistently, even multiple times a day. In the malicious form (e.g., email bombing) it consists of an attacker sending bulk mail until your mail server runs out of disk space. This type of attack consumes part or all of the communications bandwidth to your site and attempts to deny service to your mail server by keeping it busy and filling up its disk space. When the disk space is full, then the mail server will be unable to receive any additional mail. A variant of this attack consists of the hacker sending a single mail message to a mail server that includes a large forwarding list of mail addresses. Some mail servers will make copies of the mail message and attempt to send it to the forwarded destination addresses even though no legitimate...