Computer and Network Security Preparedness

Information Note Number: IN01-005
1 October 2001

Purpose

When the situation warrants, OCIPEP issues Information Notes to its constituents in order to draw their attention to information in the public domain relating to significant computer threats and or vulnerabilities. Recent events have prompted OCIPEP to issue this reminder to system and network administrators to follow best practices to ensure the security of their networks. Some basic measures are included below:

• Ensure all networked systems are patched, and virus scanners are up to date. Many vendors maintain mailing lists to notify their customers of any product updates and fixes. Subscribing your administrators to these lists ensures prompt notification of patches which is crucial to timely response.
• Have secure off-site backups and a disaster recovery plan. Well-maintained backups ensure business continuity in the event of a major equipment failure, natural disaster (fire, flood, earthquake, etc.) or cyber-related incident. Remember that backup media should be controlled with the same level of security that would be afforded the data that the media contains.
• Exercise diligence in analysing logs from intrusion detection systems, firewalls, routers, servers and other network devices. Extra care should be taken to investigate unusual or suspicious network activity. OCIPEP is not aware of any specific threats to Canadian networks, however a heightened state of alertness is recommended for the immediate future.
• Implement an appropriate layered security posture where the failure of any one security device can be mitigated. For example, blocking of specific types of file attachments in e-mails can prevent virus infections and support anti-virus software at the network gateway and desktops.
• Implement egress and ingress filtering on all border routers. Egress and ingress filtering help stop IP address spoofing that is extensively utilised in denial of service attacks.
• Have a good working out-of-band communications procedure with your ISP. A solid relationship with your ISP can be crucial in dealing with incidents such as Denial of Service attempts and other network based attacks.
• Report all suspicious activity on Government of Canada computer systems to OCIPEP. Mutual co-operation and communication are keys to identifying incidents which affect the Government as a whole.

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca