Note From The Author, Gus
Thank you for visiting our site. I hope the information herein was useful to you. Should you have additional PC-related questions or problems, click for help: FREE Tech Support Request. Stop searching and get solutions!
Although network security is important for any business, small businesses typically have difficulties in securing their networks due to a lack of resources and/or restrictive budgets. Furthermore, the size of your business does not mean there would be any less risk to your network from hackers and malware.
Hackers and malicious code writers attack indiscriminately; looking for the thing we go after every day ourselves…the low hanging fruit. Now, you may say that you don’t hold top secret information however, if in the wrong hands, it could be damaging.
In this article, we’ll examine what network security is, how it can protect you, how it works, and some tips to help tighten up your network security and reduce computer security risks.
You may, or may not have an idea of what constitutes network security; I guess it would be what you have been exposed to, the size of the network, and the professionals you have conversed with. As a definition,
network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. ~Wikipedia
Network security in essences is combination of risk management, awareness practices, and protection measures to keep your network infrastructure, users, and data safe. The measures in place combat threats such as phishing, viruses, Trojans, zero-day and hour attacks, ID theft, DDoS attacks, botnets, and others.
I say typical network security plan because not any two are the same. This is due to a high number of policies and procedures put into place, and hardware available. There truly should be a number of checks and balances, i.e., layers of security, multiple authentication procedures, etc.
All plans should include the use of strong antivirus software, disable hidden filename extensions, have no unprotected windows shares, create backups of critical data, users disconnect from the network, and turn off your computer before walking out the door for the night.
A few of the better known components that should be in place include hardware and software firewalls, anti-virus software and updated definitions database, front-end networks, such VPN’s and alternate intrusion prevention systems (ISP).
Upon a hacker finding a suitable IP address to infiltrate, their next step is to discover weaknesses within the network. Your network is vulnerable every time a user connects outside of it, i.e. the public Internet. The one element that can thwart possible attacks is the firewall. Firewalls help prevent cyber criminals from using ports to scan for vulnerabilities and prevents unauthorized connections.
Every computer connecting to your network, whether that be from inside, Intranet, or VPN, must have a working software firewall installed.
With the increased usage of the ‘cloud’, along comes additional vulnerabilities. So, if your organization utilizes web-based applications, you should invest in a WAF, short for Web Application Firewall.
As noted by the author of Top 10 Open Source Web Application Firewalls (WAF) for WebApp Security,
Web application firewalls provide security at the application layer. Essentially, WAF provides all your web applications a secure solution which ensures the data and web applications are safe. ~Sachin.
Sometimes overlooked is preventative maintenance required to keep your network safe. It is imperative to updated firmware and definition databases for all firewalls on a schedule.
With that in mind, as you are comparing vendors, keep in mind those that have a simple mode of updating, versus possible labor-intensive, manually updates required.
Though the threats from IP pinging, ActiveX and Java hijacking, and others are still real, even the basic routing hardware have integrated support for these threats. Hackers are using more sophisticated means to attack your networks. In addition, proper network security should include a ‘dummy’ network which forces most potential threats into a black hole.
Most routers have settings such as the following to filter: proxies, cookies, Java Applets, ActiveX controls, Port scanning as mentioned above, Pop-up window detection and management of, IP packet monitoring and blocking, DDoS (denial of service) threat detection, and monitoring of subnet connection requests.
This is a process of providing every device that connects to your network a static IP address, which allows you to monitor the activity of every connection made. This comes in handy when reviewing logs as you will know the devices connecting and if there was an intrusion, allow you to narrow down the device that caused the vulnerability.
Traditionally, DHCP is used to provide all connecting devices a network connection; though this is much similar and less labor-intensive, it does leave your network vulnerable to unknown attacks as you would not know what, or who was connecting.
Whether small, or large, not all users of a company network requires access to all of the same network service provided. a VLAN, or Virtual LAN, provide you a means of segmenting traffic within your intranet.
Many modern network routers already have this type of protection built-in, in the form of a UTM device (Unified Threat Management). If not, or if you would like to separate control and management of, invest in an Intrusive Prevention System. An IPS scans networks for anomalies and identifies possible vulnerabilities.
HP actually offers good IPS options, and there are several open source applications as well.
Whether it’s telecommuters, traveling, or after hours working, make sure to establish a VPN, Virtual Private Network, for any network connections.
This allows all connections to your network to be encrypted. This is an effective means of keeping traffic safe and allowing user access to network services, much in the same way a WAF and IPS protect public Internet traffic.
If anything else, make sure all connections require at least one-pass authentication, and set up all passwords to change on a schedule. As with anything, network access is usually only as strong as the passwords used, or how private they are.
Whether, or not, you use outside security management, make certain you schedule frequent network security and vulnerability scans. This assures vendor participation, and it’s just another layer of security you can provide your network.
In addition to the above, and an appropriate network secure policy, assure all use virus protection software on connected devices as. Knowing the consequences of ID theft, stolen company secrets, or the public perception of a leaky network, it would be wise to invest in the above. Through regular training and notifications, you can also make sure your users are taking every precaution to monitor their own activity.