Network SecurityBy
Rhonda Hazelwood Security is an essential part of maintaining any network and is
the primary focus for a network administrator. While most people think that the
main focus of a network administrator is to ensure that users can access data
and other resources needed to perform their job functions, they dont realize
the work and attention needed to make certain all data is secure. End users
are happy as long as they get the data they need and dont have to jump through
hoops to get to it. Account names and requiring passwords only serve to keep honest
people honest. There are many ways to compromise an accounts security and
any decent hacker usually knows more tricks of the trade than the network administrator.
The use of authentication services and/or Biometrics can improve security, but
only to a certain degree. If youre responsible for a small operation,
network security cannot be compromised. Hackers dont discriminate; theyre
looking for sensitive corporate or financial data that they can exploit. Customer
and clients dont discriminate; theyre entitled to the same service
and reliability that they would get from a large corporation. When it comes
to protecting your network, there is no room for compromise. You must block any
and all threats flowing around the Internet. Especially look for viruses and other
forms of malware that can compromise your network and end-user systems, which
could lead to data loss and expensive downtime. Spam clogs up inboxes and e-mail
servers that cost businesses billions of dollars each year. Spyware and network
intrusions are designed and targeted to steal valuable information from specific
companies which can impact revenue and a companys reputation. Plishing attacks
exploit user habits to steal personal information. Everyday security threats
are being modified and refined, as hackers new conduits such as instant messaging,
peer-to-peer connections, and wireless networks to deliver their attacks. In my
opinion, the biggest headache for small businesses is the misuse of the Internet
by employees. If a user visits an inappropriate site, sends or receives inappropriate
content, or worse, violates confidentiality and leaks client information or company
secrets, legal liability action is sure to follow. End user education needs to
be top priority for all network administrators. Insiders arent the
most common security problem, but they can be among the most damaging to a companys
reputation. Insider attacks against IT infrastructure are among the security breaches
most feared by both government and corporate security professionals. If an employee
is terminated, its crucial that all system access be revoked immediately.
About half of all insider attacks take place between the time an IT employee is
dismissed and their user privileges are taken away. I was in a situation where
a co-worker was dismissed because of poor work performance. The IT manager arranged
for all user privileges to be terminated immediately after the employee was informed
of his termination. He was allowed to remove personal items from his office and
computer, but was supervised the entire time. There was a tremendous amount of
planning involved to coordinate this, but it work effectively. When it comes
to current employees, IT managers must keep an eye out for insubordination, anger
over perceived mistreatment, or resistance to sharing responsibility or training
colleagues, which are all signs someone may be capable of system sabotage or data
theft. IT managers must be watchful any time someone with access to sensitive
systems has a falling out with his or her bosses. Defending against insiders
isnt easy, but knowing what to look for and understanding who youre
up against certainly helps. Managers must not only monitor system access, but
also let employees know their system changes can be tracked. Employers should
be wary of people unwilling to share their knowledge about systems or uncomfortable
with the fact that their activities accessing systems or data can be tracked. There
are six basic security rules for Windows systems that can apply for all systems.
If a network administrator follows the basic principles that will be discussed
here, they can feel confident that their systems are protected. First, the
manager should be segment the network into areas of trust and provide specific
controls at border areas. A basic firewall can filter access to services, and
a more advanced system can inspect traffic and can detect that it is harmful.
Things as simple as blocking access to TCP port 1433 and TCP port 1434 at the
border firewall, allowing Internet access only to those SQL systems that must
be accessed from the Internet, and patching the SQL systems could prevent viruses
or worms from infecting a network. Systems are sometimes left unpatched
because there are so many to patch. Focusing efforts on the most vulnerable points
will most likely achieve adequate coverage. You can find a list of the most frequently
probed ports used by Windows systems at www.sans.org/y2k/ports.htm. Not all of
the ports listed are used by Windows but you can make sure they are filtered at
the firewall. You can also set a standard to block all ports and then unblock
only the ports needed. Another good practice is to determine the open ports to
ensure that they are legitimately needed. Second, moderate the effect of
spoofed ports and increasing use of port 80 by new services. The most common open
port is of course port 80, so attacks directed at a web server will not be stopped
by a common firewall. If a needed port is blocked, applications such as instant
messaging, and streaming media will automatically use the open port. Trojans can
be designed to listen on any port and can be specially designed to look like web
traffic. Preventing overuse and misuse can be accomplished by using an application-layer
firewall, ensure that a port is open only for specific servers, and configure
systems at the host level with port filtering or IPSec blocking policies that
can be set to block known troublesome ports. Third, everyone agrees that
the number one thing that you can do to improve security on a network is to keep
patches current. Over ninety percent of systems that have been attacked could
have been prevented if known vulnerabilities had been diminished via patches and
configuration. Patching plans can be developed and used with enormous benefits.
Some ways to mitigate patches are: manually, by downloading the patch, testing
and applying it to a system, visiting the Windows Update Site to review the available
patches, then deciding to accept or reject any proffered changes. Automatic updates
can be configured to periodically connect to Microsoft for inspection and downloading
of updates. Software Update Service is a free server application that when configured
the system will periodically download patches from Microsoft. Microsoft Systems
Management Server with update is purchased separately from Windows operating system
and provides multiple management services. And, third-party patching products
are available that can provide similar services. Strengthening authentication
processes can also help to secure your network. Authentication can be increased
by enforcing a strong password policy. Use some other form of authentication along
with this. Use technology and physical security to protect password databases
and authentication material. Also you must understand that Windows authentication
systems vary, and backward compatibility means less secure authentication may
be used even by the most recent version of the operating system. One very important
issue is to recognize that your network is only as secure as the least secure
part. Fourth, limit the number of administrators and limiting their privileges
can help to secure a network. Dont automatically give admin rights to the
local PC unless there are applications that require it to run needed processes.
In most cases administrative rights can be substituted with just elevated or privileged
rights. Users with admin rights should be educated about not using that account
to read email or surf the Internet. Instead, they should be given an ordinary
account for those purposes. Fifth, protecting systems against known attacks
by means of system configurations is not a simple process. It requires knowing
about past attacks and current vulnerabilities, and having an extensive knowledge
of operating systems. To benefit from your configuration settings, you should
not install IIS except to create an intranet or Internet web server. Dont
configure non-file servers to use File and Printer Sharing. Set strong permissions
on Windows shares. (Use shares sparingly) Dont allow anonymous access into
your systems. You should also disable any Windows services, such as Telnet, Alerter,
and Clipbook, (does anyone use these?) Indexing services, Messenger, and
Remote registry, that is not necessary. Last, but not least I cant
stress enough the importance of developing and enforcing security policies by
ways of accountability, technology and user training. The best knowledge anyone
can have on security can not protect your systems if it not used. Security policies
should be enforced by more than technology and fully supported by management People
make security work. People support the development of culture of security, and
people follow the rules because they understand them and because they are aware
of the consequences. Train your users, let them know the rules, and hold them
accountable. The best laid plans will not stand if you cant afford
the resources or the support of implementing them. A crucial problem a network
administrator faces is the cost of security. Security control mechanisms have
expenses associated with their purchases. Deployment, maintenance, and implementing
these systems in a redundant manner can increase costs significantly. When deciding
on redundancy and security controls, it is helpful to create a number of scenarios
in which a security breach or and outage occurs to determine the corporations
cost for each occurrence. This should help management determine the value to the
corporation of an assortment of security control mechanisms. (3) End users are
that part, so anything done to strengthen it can have a huge effect on the baseline
security of your systems. Another thing to keep in mind is that user education
is only effective to a point. No amount of education can eliminate careless mistakes
or stop a disgruntled employee from violating a policy. Security technologies
like encryption and digital right management software can act like seat-belt laws
to help computer users from hurting themselves. Some steps to prevent data loss
is to guard against human error by using data encryption as a safety net for honest
mistakes. All laptop hard drives should be encrypted. Monitor outgoing messages.
Use software to block e-mail messages or file transfers with confidential data.
Ensure that security is easy to use or employees will find ways to get around
it. Audit security practices on a regular basis. If these steps are taken
to prevent data loss, then a company can at least know that credibility with their
customers is preserved. Rhonda Hazelwood Article Source: http://EzineArticles.com/?expert=Rhonda_Hazelwood |