Newsletter
The Black Box website uses cookies.
By continuing the use of the Black Box website, or by pressing the agree button on the right, you consent to the use of cookies on this website. More information.
Navigation
 
Network Security
Technology Overviews

Network Security in a dangerous cyber world

How to protect yourself


Every network administrator is faced with this dilemma: The Internet can be a risky thing for your network, but your network needs to be connected to it. In today's world it's impractical-if not impossible-to isolate your network. Networks are interconnected and usually feature a full-time connection to the Internet, which can be a dangerous place. Although the vast majority of Internet
users are honest and benign, there are a few who, motivated by greed or maliciousness, will attempt to directly or indirectly hurt you or your network. They can destroy your operating system, damage data, steal information, overwhelm Web sites, and clog e-mail servers.


Attacks are surprisingly common. Virus or worm outbreaks large enough to make the news happen nearly every week and many, many more go unreported except at the Web sites of antivirus software vendors. Corporate firewalls routinely log thousands of probes by hackers every day.


What makes this all the more frustrating is that every time you learn to defend against one kind of attack, hackers seem to come up with new and more creative ways to send spam; hack into your network; spread viruses, worms, and Trojan horses; and perpetrate fraud and destruction of all kinds. And if hackers on the Internet aren't enough to worry about, you also have to worry about your own network users deliberately or inadvertently causing damage.


Although this perpetual onslaught can overwhelm you and make you feel like you're fighting a losing battle, the reality is that with some basic precautions, you can defend your network against the vast majority of threats.


Have a plan
Start by making a security plan. Generally, the larger the network you're administering, the more formalized the plan should be. For a very small network with a dialup connection, the entire plan can be to keep the virus software updated and not to open any suspicious e-mails. A large enterprise network may require a complex, well-choreographed, thoroughly documented plan implemented after a formal risk assessment and analysis of the network.


Your security plan should include:

  • Education - Teach network users how to avoid threats and encourage them to act as "eyes" for the network administrator, reporting anything that looks suspicious.
  • Access policies - Control physical access to the network through lock and key or password protection.

  • Software - This includes the software required to protect your network and the scheduling of regular updates of both antivirus software and patches issued by software vendors.
  • Firewall - If a firewall is needed, consider what kind of a firewall is needed and schedule regular reviews of firewall policies. Build a DMZ for your public servers.
  • Backups - In case your network does fail, you should be ready to repair the damage and restore lost data.


Education
The first line of defense against security threats from the Internet is education and common sense. Keep on top of the latest hoaxes and viruses and make sure your network users know about them. Teach your network users to be suspicious of and report anything that doesn't look "right."


Be sure network users know never to reply to or forward spam. Hoaxes and scams run rampant across the Internet. Any e-mail that promises money, asks for personal information, asks you to forward or respond to something, or tells you something bad will happen if you don't respond should always be deleted. Reputable companies do not e-mail unsolicited software patches, letters asking for credit card information, or links to Web sites that ask for personal information.


Network users should also not open any unexpected e-mail attachments. Ideally, you should install an antivirus program at your gateway to keep them from ever showing up in the first place; however, a virus filter isn't foolproof. No one should ever open an attachment from anyone they don't know or even an unexpected attachment from someone they do know. Some viruses mail themselves and look like an e-mail from a familiar person.


Warn your network users about bad neighborhoods on the Internet. If they start poking around on sites that offer pornography, gambling, and too-good-to-be true (It just fell off the back of a truck, really?) deals, they're more likely to be exposed to viruses and scams. Although you can use a firewall to deny users access to dubious sites, it's virtually impossible to filter out all of them so network users should be aware that dangerous sites are out there.


Access policies
Be aware that security breaches happen "at home," too. Anyone with network access can steal or damage your data or networking devices. No amount of firewall protection is going to save a server if someone steals it. Take the time to look at who has access to what, keep essential network devices under lock and key, and implement password access to sensitive data.


Software protection
An important line of defense for your network is antivirus software. Buy a well-known brand and update it often. There are two major types of antivirus software: scanners and checksummers.


Scanners, the most popular variety of antivirus software, scan your hard drive or scan each file in real time as it's accessed. Scanners work by comparing files to known viruses. They're easy to use but must be kept up-to-date with the latest virus information to remain effective.


Because viruses change files, checksummers look for these changes to find signs of infection. They have the advantage of detecting unknown viruses that a scanner can't detect; however, they also have trouble distinguishing between legitimate change and a virus infection. Another marked disadvantage of checksummers is that they can only detect infection after it happens-they're useless for virus prevention.


Most antivirus software from major vendors is primarily of the scanner type, some adding checksummers for maximum effectiveness. There is no such thing as ideal antivirus software, and different products have different strengths and weaknesses. For the most effective protection, it's a good idea to use more than one antivirus program.


Antivirus software should be installed at the gateway-where your network meets the Internet, at the server level, and at the desktop. The software at the gateway screens out most infections before they get into your network. Regular scans of hard drives on servers and desktop PCs should pick up the rest. Software on desktop PCs should also be set to scan portable media in order to nab viruses that arrive, not through the network, but on diskettes and CDs.


In addition to using antivirus software, it's also wise to always install software patches as they're issued. Modern software is very complex, making it difficult to thoroughly test for security holes. Often these holes are discovered after software has been out for a while. At this point, the vendor will release a software patch, usually available on its Web site. Many computer break-ins can be prevented simply by keeping your software patches up-to-date.
Regularly schedule a check of software patches issued by your software vendors and use them where needed. Do NOT install software patches that arrive unsolicited through your e-mail, as many viruses masquerade as software patches.


Firewalls
A firewall controls traffic between two networks. The most common application for a firewall is to control traffic between a private network and the Internet in order to intercept outsiders trying to break into the private network. A firewall exerts this control by applying rules to information-primarily IP addresses and port numbers-found in incoming network packets.


The word firewall is most often used to describe a freestanding firewall appliance that provides intelligent, port-based security, although some low-end firewalls are software based. Services such as NAT, provided by a broadband router, are often also referred to as firewall services.


Hackers probe computer networks for open ports looking for a way in. Your goal is to make sure that unused ports are blocked and that your network only accepts legitimate requests for service. This is where a firewall comes in.


The firewall blocks unwanted traffic while letting through the traffic you want. It makes decisions that allow or deny access to services and ports on your firewall.


A firewall enforces your access control policy, but it's up to you to decide what that access control policy is. You can block whole ranges of ports-everything that you do not require to be open. Firewalls generally come preconfigured to deny all access to all ports. It's then up to you to instruct your firewall to allow network traffic through to
specific ports on specific PCs in your network. When a request for a service is made, the firewall inspects the request to make sure the type of request matches an available port.


A firewall is valuable for its logging and auditing functions, providing summaries about what type and volume of traffic passed through it, and also what kinds of break-ins were attempted. When you check firewall logs, you'll find that network probes are surprisingly common-the Black Box network firewall records thousands daily. The logs will show you where hackers are trying to break in. You should
examine logs on a regular basis and adjust the firewall accordingly. Some ports are favorites with hackers and you should pay special attention to attempts to access these ports. You should also regularly scan your network to find open ports. Block any unused ports you find open.


If your network includes Web servers, FTP servers, or mail servers that are regularly accessed from the Internet, it's a good idea to isolate these public servers from your private network in a DMZ. A DMZ is a separate network that's home for your public servers.



Both users from the Internet and users from the secure network may access servers in the DMZ. Traffic may not travel from the Internet or DMZ directly to the secure network without first going through a proxy server (usually a firewall appliance).


The dual-homed gateway firewall serves as a secure point of control between these two network segments and the Internet, intercepting all traffic between the Internet and your secure site and screening all services and access through proxy servers on the firewall.


This kind of firewall has the advantage of being both simple to set up and very secure. Many firewalls are specifically designed to support the dual-homed-gateway configuration and offer a convenient way to set up a DMZ, even in a very small network.


Dual-homed gateway firewalls tend to be rather inflexible, but they have the advantage of being easily managed by nearly anyone with basic networking skills. This makes them a popular choice with administrators of small-to-medium-sized networks who must have an e-mail and a Web server open to the Internet while at the same time protecting a secure, private network.


Backup and recovery
It's easier and less expensive to prevent problems before they happen, but even in well-defended networks, you have to assume that eventually the unthinkable will happen-destroyed or lost files, equipment failure, or outright theft-to bring you down.


Back up your files on a regular basis so if your network is invaded, you can replace corrupt or infected files with your backup copies. With regular nightly backups, even the worst disaster will never cause the loss of more than a day's data. Backup copies should always be stored on hard media in a separate location-NOT on a server connected to the network.


Have a plan to cover unexpected disaster. In the case of a virus infection, you should have a clear plan for disinfecting PCs and restoring data. If anything is absolutely mission critical, you should even have a plan in place for quickly replacing hardware that goes offline for purely mechanical reasons.


To talk to Tech Support, please call us at 0811/5541-0 or use our free of charge Callback Service.


Share |