Keeping one step ahead of the hackers
The level of viruses and hacker activity has grown exponentially in the past year. Security analyst mi2g revealed recently that September 2002 broke new ground in the levels of online malicious activity.
The level of viruses and hacker activity has grown exponentially in the past year. Security analyst mi2g revealed recently that September 2002 broke new ground in the levels of online malicious activity.
When considering network security, the complexity of your network will dictate the complexity of your security solution.
Smaller offices may only need personal firewalls and antivirus software for internet-facing desktop machines.
But larger companies engaging in e-commerce may require a dedicated firewall, intrusion detection systems, a virtual private network for external users, enterprise antivirus software and content filtering for both internet use and email.
The actual connection to the internet is where your first layer of defence comes in, and a firewall is an absolute necessity.
This is the first line of defence against internet-based attacks, filtering out requests for network services that could potentially be exploited by malicious code or a hacker.
If you have a web server, the firewall will ensure that requests for web pages only go to the web server while all other machines are kept protected from prying eyes. Likewise if you have an email server, you only want it to send and receive email.
Along with the firewall, filtering software will ensure that you are protected against denial of service attacks. This type of attack floods your network with invalid data, effectively blocking the connection and knocking your web server off the internet.
Although these measures will protect you from most external threats, it doesn’t mean you are safe; vulnerabilities still exist.
If you run a web server, the firewall will still have a hole on port 80 where it allows web traffic through. This hole can be exploited by a hacker who can use it to gain access to your network.
This is where IDS comes in to play. The IDS monitors all traffic that makes it through your firewall, looking out for attacks before they affect the network.
The IDS also monitors traffic inside your network to protect against accidental or intentional abuse by employees or valid insiders.
After securing the servers, the workstations also need special attention. After a default installation of the operating system, the relevant patches and updates need to be applied, otherwise the systems are wide open to attack.
IT managers should also ensure that users are only granted the permission and access rights that are required to do their job.
Antivirus software is also a must. Primarily this is protection against malicious software such as viruses, Trojan horses and worms.
Such malicious code typically enters the network via email, so it is also wise to install email filtering and antivirus software on the mail server.
If you need to provide secure access to your network for remote users, a VPN would be in order. This will authorise people outside the network to use its resources as if they were on the inside.
VPNs use encryption to protect data as it travels over the internet and can even be used to connect two or more small networks at different locations.
Even after security has been implemented, the IT manager’s job is still not done. As new vulnerabilities are found and new attacks launched, updates and patches have to be constantly monitored and installed to stay ahead of the hackers and other threats.
Only by constantly monitoring the latest threats and vulnerabilities can the network be kept safe.