Relentless cyber criminals, disgruntled current and former employees and careless users can bring down your computer networks and compromise data. Network security’s made up of the hardware, software, policies and procedures designed to defend against both internal and external threats to your company’s computer systems. Multiple layers of hardware and software can prevent threats from damaging computer networks, and stop them from spreading if they slip past your defenses.
The most common threats to your systems:
- Malicious programs like viruses, worms, Trojan horses, spyware, malware, adware and botnets
- Zero-day and zero-hour attacks
- Hacker attacks
- Denial of Service (DoS) and Distributed Denial of Service Attacks (DDoS), and
- Data theft.
These threats look to exploit:
- Unsecured wireless networks
- Unpatched software and hardware
- Unsecured websites
- Potentially unwanted applications (PUAs)
- Weak passwords
- Lost devices, and
- Unwitting users or users with malicious intent.
Top 5 fundamentals of network security
These network security fundamentals are vital to downtime prevention, government regulation compliance, reduced liability and reputation protection:
1. Keep patches and updates current
Cyber criminals exploit vulnerabilities in operating systems, software applications, web browsers and browser plug-ins when administrators are lax about applying patches and updates.
In particular, verify that office computers are running current versions of these much used programs:
- Adobe Acrobat and Reader
- Adobe Flash
- Oracle Java
- Microsoft Internet Explorer
- Microsoft Office Suite
Keep an inventory to make sure each device is updated regularly, including mobile devices and network hardware. And make sure Windows and Apple computers have automatic updating enabled.
2. Use strong passwords
By now, most users know not to write their passwords on Post-It Notes that are plastered to their monitors. But there’s more to keeping passwords secure than keeping them out of plain sight.
The definition of a strong password is one that’s difficult to detect by humans and computers, is at least 6 characters, preferably more, and uses a combination of upper- and lower-case letters, numbers and symbols.
Symantec gives additional suggestions:
- Don’t use any words from the dictionary. Also avoid proper nouns or foreign words.
- Don’t use anything remotely related to your name, nickname, family members or pets.
- Don’t use any numbers someone could guess by looking at your mail like phone numbers and street numbers, and
- Choose a phrase that means something to you, take the first letters of each word and convert some into characters.
The SANS Institute recommends passwords be changed at least every 90 days, and that users not be allowed to reuse their last 15 passwords. They also suggest that users be locked out of their accounts for an hour and a half after eight failed log-on attempts within a 45-minute period.
Train users to recognize social engineering techniques used to trick them into divulging their passwords. Hackers are known to impersonate tech support to get people to give out their passwords or simply look over users’ shoulders while they type in their passwords.
3. Secure your VPN
Data encryption and identity authentication are especially important to securing a VPN. Any open network connection is a vulnerability hackers can exploit to sneak onto your network. Moreover, data is particularly vulnerable while it is traveling over the Internet. Review the documentation for your server and VPN software to make sure that the strongest possible protocols for encryption and authentication are in use.
Multi-factor authentication is the most secure identity authentication method. The more steps your users must take to prove their identity, the better. For example, in addition to a password, users could be required to enter a PIN. Or, a random numerical code generated by a key-fob authenticator every 60 seconds could be used in conjunction with a PIN or password.
It is also a good idea to use a firewall to separate the VPN network from the rest of the network.
Other tips include:
- Use cloud-based email and file sharing instead of a VPN.
- Create and enforce user-access policies. Be stingy when granting access to employees, contractors and business partners.
- Make sure employees know how to secure their home wireless networks. Malicious software that infects their devices at home can infect the company network via an open VPN connection, and
- Before granting mobile devices full access to the network, check them for up-to-date anti-virus software, firewalls and spam filters.
4. Actively manage user access privileges
Inappropriate user-access privileges pose a significant security threat. Managing employee access to critical data on an ongoing basis should not be overlooked. More than half of 5,500 companies recently surveyed by HP and the Ponemon Institute said that their employees had access to “sensitive, confidential data outside the scope of their job requirements.” In reporting on the study’s findings, eWeek.com said “general business data such as documents, spreadsheets, emails and other sources of unstructured data were most at risk for snooping, followed by customer data.” When an employee’s job changes, make sure the IT department is notified so their access privileges can be modified to fit the duties of the new position.
5. Clean up inactive accounts
Hackers use inactive accounts once assigned to contractors and former employees to gain access and disguise their activity. The HP/Ponemon Institute report did find that the companies in the survey were doing a good job deleting accounts once an employee quit or was laid off. Software is available for cleaning up inactive accounts on large networks with many users.
Five Bonus Network Security Tips
Besides the above five network security fundamentals, it’s a good idea to also:
- Maintain a list of authorized software and prevent users from downloading applications that aren’t on the list. Software inventory applications can track type, version and patch level.
- Update the company’s written security policies. For example, spell out which, if any, personal devices are allowed to access the company network and state explicitly how much time users have to report lost or stolen devices. Look into Mobile Device Management (MDM) software that can remotely wipe devices.
- Segregate critical data from the rest of the network and require users to authenticate themselves before accessing it.
- Run vulnerability scanning tools at least once a week and conduct penetration testing, and
- Continuously monitor network traffic to detect unusual patterns of activity and possible threats.