Top tips for improved network security

Transcription

1 Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a business network. Security experts are constantly playing catch-up with criminals, hackers, non-compliances and Internet abuse. Here is a glossary of some of the key issues in technology today that can help your organisation understand how abusive programmes work and, in turn, how you can improve your network security. Tip one protect desktop and gateway from spyware Spyware is designed to discreetly install itself onto a personal computer and when it is in place it can monitor the user s behaviour and take control of the computer by installing additional software which redirects browser activity and/or diverts advertising revenue to a third party. A gateway is a computer or a network that allows or controls access to another computer or network. However, gateways are not able to inspect spyware so desktop protection is essential and many companies install this protection, but overlook the need to apply this at the gateway also. If this is applied in both places it will allow the gateway to intercept the communications being sent out by an infected desktop and can alert your IT department or administrator to the issue. Tip two stop spam Spam is a massive issue for any operation as it simply fills up the capacity of any network and slows it down and delays communications. This in turn can impact on the efficiency of the business operation and also can distribute offensive and fraudulent information.

2 As with any malicious programme, the spammers are always developing different and more destructive ways to work and it is almost impossible for experts to anticipate what might be deployed next. Unfortunately, it is often a case of waiting for the next malicious technological step to be made before it can be identified, analysed and countered. Spammers are clever and constantly find new ways of breaching spam filters. Some of the techniques they use are: Botnets (or zombie armies ) a number of Internet computers that have been set up to forward transmissions including spams or viruses without the computer owners being aware. Dictionary attacks systematically entering every word in a dictionary as a password to find the keyword required to decrypt an encrypted message or document. Hi-hacked PCs - hijacking software is external code that changes your Internet Explorer settings. It usually changes your home page and directs you to sites with dubious content and resets your computer to this mode even if you try to change it manually. Image spam jumk that replaces text with images to fool spam filters. The bigger issue is that these image files are quite large and require more bandwidth which results in disrupted networks and systems. All these techniques dump spam s into all your mailboxes and removing them eats into the time of every single employee, not to mention the technological problems of slowed bueiness networks and genuine communications. And this leads on to a few more tips to keep your networks free from harm. Tip Three - Enforce acceptable internet use (AIU) policies UK Business IT has a separate Acceptable Internet Use policy in our resource centre. You could adopt or amend this further to suit your business operation. Even though Internet use is governed by law, you still need to have your own

3 corporate policy and insist that all employees know it and stick to it. Research shows that even the act of announcing such as policy can eliminate eighty percent of inappropriate activities. Many organisations do not realise that employee misuse of data or accidental or wilful transfer of customer data falls within the responsibility of the business - and you could be liable. The impact of losing your reputation and custom with a high profile loss could cost you dearly. Four Engage Firewall best practices Traditionally firewalls are designed to protect an organisation from outside intrusions but attacks are just as likely to come from inside the network as from the Internet. This is a little known fact. Make sure your IT department carries out vulnerability assessments internally and externally. Make sure also that your firewall policy is consistent with your security policy Internal risks 60 per cent of information security breaches are human error, like sending out confidential information to the wrong recipient, or not send information out properly secured (encrypted). Data is the responsibility of the organisation and any errors that breach the law can land you in court. You can use filters that allow managers or authorised personnel within the organisation to scan for confidential information, or have a policy that they review communications before they leave the company network. Remote working also causes a massive risk. If they connect to to the internet from homes, public networks and wireless hotspots they can bring infections back into the network. Your IT department must regularly check that up to date virus and spyware protection is enabled on all computers. Tip Five - Increase security for remote users

4 A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their company s network. Remote access has grown massively and it is anticipated that in the near future almost forty percent of the working population will work remotely. Using a secure VPN allows quick access for remote users, coupled with additional levels of protection in addition to gateway security. Tip Six protect your applications with IPS Intrusion prevention service (IPS) is another layer of protection for applications such as web, , file and database servers. These are at risk of worms, Trojans, spam, phishing and IM/P2P attacks. Another useful application of IPS is include in your Acceptable Internet Use policy safeguards prohibiting use of instant messenger, peer to peer and social networking applications at work. Employees can use these on their personal systems at home, but using them at work exposes any business network to added risk. Tip Seven - improve security decisions All firewalls and other security devices collect massive amounts of important security data in the log files. If these are carefully monitored and analysed it can help prevent disaster. However, most organisations do not have the resources to train staff to audit and identify what is being logged. An emerging trend among appliance vendors is to provide a summarised version of critical log file information to help IT make fast and important decisions, such as adjusting message quarantine, warning users of recent attacks and addressing potentially affected machines. Tip Eight actions to take if your system gets infected

5 How can you spot infection in the first place? Typical symptoms of spyware, virus or worm infections include: slow or unusual behaviour from a desktop; slow running network; high network traffic at unusual times; and being rejected by external mail servers. The usual way of tracking the source of the problem is by elimination: disabling half of the network and then watching the results. This is simple and effective but invasive and not all organisations would find this practical. Alternatively, a firewall can be used to block certain types of traffic from parts of the network, and sniffer programs can track the origins of suspicious behaviour. Anti-virus and Anti-spyware programs can then confirm the problem on those machines. Summary and future Network attacks are usually designed to steal data. Infected desktops or laptops can be used to steal sensitive and confidential employee and customer data and this can open up identify fraud. Tactics are becoming more sophisticated and inventive.. Hackers are finding ways to penetrate systems and networks accessed by mobile devices via Bluetooth, wireless or USB (cell phones and MP3 players). This is a growing danger to corporate networks because these unprotected devices can circumvent perimeter security devices. Security and protocols must be applied to any communications or storage device in order to protect your operation. Keep researching IT and business media for new threats and calculate how they apply and impact within your operation. Your protection plans, protocols and software must be regularly assessed and updated. UK Business IT