Securing Your Network

 

Sterling Network Solutions has put together a list of steps your business can take to improve the security of your network. Please note that securing your network is not a one time event but rather an ongoing process.  

  1. Document and maintain a map of your network This will help you to respond more quickly to a security incident. This document will help reinforce your understanding of your network. The documentation should include hardware and software configurations, IP addressing, and router/firewall configurations. It should include warranty and purchase information. Included in this document should be phone numbers for vendors and consultants as well.  With this list in hand even a backup system administrator will be able to respond to security incidents.

  2. Establish a Corporate Security Policy. Using a security policy helps define your company's biggest network assets and creates an awareness of the importance of securing this vital corporate data.  This awareness can help reduce the chances that social engineering can provide a password or other useful information about your network to a hacker. The security policy will help shape policies and procedures to protect your data. 

  3. Install Anti-Virus Software. Anti-Virus Software is increasingly vital part of your network's security. Macro viruses and worms have spread quickly throughout the world.  Please note that Anti-Virus Software is only effective if it has an updated signature file. A total solution should include anti-virus software for the server, desktop, e-mail and web browsing.  User education is also a key component for more information check this link Sterling Anti-Virus Resources.

  4. Backup your data Without this important piece of security a small breach could become a major incident. You should make regular backups, maintain an off-site backup tape and conduct periodic test restores of your backups. For more information see Protecting Your Network's Data.

  5. Use Strong Passwords The chain is only as strong as its weakest link. This often used statement describes most passwords. Most people choose easy to guess passwords. If your system does not lock accounts after three failed login attempts, a hacker could easily crack most passwords within minutes. Strong passwords should be at least 8 characters long and include lower and upper case letters and numeric and punctuation. Make sure users do not write down password, known as the "yellow sticky pad" vulnerability.

  6. Install a Firewall This step is crucial to anyone with a fulltime connection to the Internet, such as DSL, T1/Fractional T1 or cable. With a fulltime connection to the hackers also have a fulltime link to launch an attack on your network. If you have no firewall to protect your internal network, a hacker could easily comprise your network.   There are a variety of firewalls available including software based, appliance based and server based. 

  7. Install latest service packs and patches. The number of security patches and service packs can be overwhelming, but without them your network can be exposed to attack. It is critical to your security keep your systems updated with the latest security fixes. Sterling recommends joining security mail lists to keep up to date with the latest vulnerabilities. Some useful mail lists include NTBugTraq and Security Focus. Microsoft has a security site that is helpful as well, Microsoft Security Tools.

  8. Enable logging and log archiving Logging can help identify suspicious activity on your network. Because the number of items to be monitored is limitless it is good to focus on a two key areas: failed login attempts and permission changes. Logging also helps you understand how an attack was launched and if it was successful.

  9. Disable all unnecessary network services Limiting network services can reduce your risk by closing areas likely to be attacked. A good rule is to run only essential services needed for the network. If you don't know what services should be running, now is the time to learn. When limiting services pay close attention to login services including telnet, FTP, and NetBIOS. Most networks do not need these type of login services over the Internet. 

  10. Conduct a vulnerability assessment This assessment allows another set of eyes to view  your network security.  A vulnerability assessment can show you what a potential hacker could use to launch an attack on your network.  A vulnerability assessment is a cost effective way to evaluate your organization's current security program. The assessment shows the holes in your network security and how to limit your exposure. 

 

Security Partners

Trend Micro 

Cisco

Sonicwall

Surf Control

Veritas

Microsoft

 

           

Sterling Networking Tips Archive

 

 


 

 

 

 

 

 

 

 

 



  

© 2001 Sterling Network Solutions

 

| Home || About || Services || Partners || Resources || Contact || Employment Opportunities |
6700 SW 105th, Ste. 311  Beaverton, OR  97008  Ph: 503.641.3460  Fax: 503.646.1118