Top tips for improved network security



Similar documents
Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Jort Kollerie SonicWALL

Acceptable Use Policy

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Section 12 MUST BE COMPLETED BY: 4/22

How to stay safe online

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Network Security and the Small Business

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Stopping zombies, botnets and other - and web-borne threats

Top five strategies for combating modern threats Is anti-virus dead?

Spyware: Securing gateway and endpoint against data theft

Next Gen Firewall and UTM Buyers Guide

Remote Deposit Quick Start Guide

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

The Key to Secure Online Financial Transactions

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Firewall and UTM Solutions Guide

Course: Information Security Management in e-governance

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Detailed Description about course module wise:

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Cyber Security Awareness

Your security is our priority

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Infocomm Sec rity is incomplete without U Be aware,

Fraud and Abuse Policy

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Don t Fall Victim to Cybercrime:

Dene Community School of Technology Staff Acceptable Use Policy

Mailwall Remote Features Tour Datasheet

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Learn to protect yourself from Identity Theft. First National Bank can help.

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Internet threats: steps to security for your small business

On and off premises technologies Which is best for you?

Seven for 7: Best practices for implementing Windows 7

The Ministry of Information & Communication Technology MICT

Protecting personally identifiable information: What data is at risk and what you can do about it

Security Practices for Online Collaboration and Social Media

Cisco ASA 5500 Series Anti-X Edition for the Enterprise

IT Security. Securing Your Business Investments

Data Management Policies. Sage ERP Online

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Guidelines for Account Management and Effective Usage

Global Network Pandemic The Silent Threat Darren Grabowski, Manager NTT America Global IP Network Security & Abuse Team

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

SECURITY THREATS: A GUIDE FOR SMALL AND MEDIUM BUSINESSES

Managed Security Services

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

Stop Spam. Save Time.

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Small businesses: What you need to know about cyber security

Payment Fraud and Risk Management

NETWORK AND INTERNET SECURITY POLICY STATEMENT

INSTANT MESSAGING SECURITY

The Benefits of SSL Content Inspection ABSTRACT

FILTERING FAQ

Cisco ASA 5500 Series Content Security Edition for the Enterprise

The Hidden Dangers of Public WiFi

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

A practical guide to IT security

Malware & Botnets. Botnets

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Corporate Account Takeover (CATO) Risk Assessment

Cyber Essentials Scheme

National Cyber Security Month 2015: Daily Security Awareness Tips

CMPT 471 Networking II

F-Secure Anti-Virus for Mac 2015

Trend Micro Hosted Security Stop Spam. Save Time.

Sample Employee Network and Internet Usage and Monitoring Policy

Transcription:

Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a business network. Security experts are constantly playing catch-up with criminals, hackers, non-compliances and Internet abuse. Here is a glossary of some of the key issues in technology today that can help your organisation understand how abusive programmes work and, in turn, how you can improve your network security. Tip one protect desktop and gateway from spyware Spyware is designed to discreetly install itself onto a personal computer and when it is in place it can monitor the user s behaviour and take control of the computer by installing additional software which redirects browser activity and/or diverts advertising revenue to a third party. A gateway is a computer or a network that allows or controls access to another computer or network. However, gateways are not able to inspect spyware so desktop protection is essential and many companies install this protection, but overlook the need to apply this at the gateway also. If this is applied in both places it will allow the gateway to intercept the communications being sent out by an infected desktop and can alert your IT department or administrator to the issue. Tip two stop spam Spam is a massive issue for any operation as it simply fills up the capacity of any network and slows it down and delays communications. This in turn can impact on the efficiency of the business operation and also can distribute offensive and fraudulent information.

As with any malicious programme, the spammers are always developing different and more destructive ways to work and it is almost impossible for experts to anticipate what might be deployed next. Unfortunately, it is often a case of waiting for the next malicious technological step to be made before it can be identified, analysed and countered. Spammers are clever and constantly find new ways of breaching spam filters. Some of the techniques they use are: Botnets (or zombie armies ) a number of Internet computers that have been set up to forward transmissions including spams or viruses without the computer owners being aware. Dictionary attacks systematically entering every word in a dictionary as a password to find the keyword required to decrypt an encrypted message or document. Hi-hacked PCs - hijacking software is external code that changes your Internet Explorer settings. It usually changes your home page and directs you to sites with dubious content and resets your computer to this mode even if you try to change it manually. Image spam jumk email that replaces text with images to fool spam filters. The bigger issue is that these image files are quite large and require more bandwidth which results in disrupted networks and systems. All these techniques dump spam emails into all your mailboxes and removing them eats into the time of every single employee, not to mention the technological problems of slowed bueiness networks and genuine communications. And this leads on to a few more tips to keep your networks free from harm. Tip Three - Enforce acceptable internet use (AIU) policies UK Business IT has a separate Acceptable Internet Use policy in our resource centre. You could adopt or amend this further to suit your business operation. Even though Internet use is governed by law, you still need to have your own

corporate policy and insist that all employees know it and stick to it. Research shows that even the act of announcing such as policy can eliminate eighty percent of inappropriate activities. Many organisations do not realise that employee misuse of data or accidental or wilful transfer of customer data falls within the responsibility of the business - and you could be liable. The impact of losing your reputation and custom with a high profile loss could cost you dearly. Four Engage Firewall best practices Traditionally firewalls are designed to protect an organisation from outside intrusions but attacks are just as likely to come from inside the network as from the Internet. This is a little known fact. Make sure your IT department carries out vulnerability assessments internally and externally. Make sure also that your firewall policy is consistent with your security policy Internal risks 60 per cent of information security breaches are human error, like sending out confidential information to the wrong recipient, or not send information out properly secured (encrypted). Data is the responsibility of the organisation and any errors that breach the law can land you in court. You can use email filters that allow managers or authorised personnel within the organisation to scan for confidential information, or have a policy that they review communications before they leave the company network. Remote working also causes a massive risk. If they connect to to the internet from homes, public networks and wireless hotspots they can bring infections back into the network. Your IT department must regularly check that up to date virus and spyware protection is enabled on all computers. Tip Five - Increase security for remote users

A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their company s network. Remote access has grown massively and it is anticipated that in the near future almost forty percent of the working population will work remotely. Using a secure VPN allows quick access for remote users, coupled with additional levels of protection in addition to gateway security. Tip Six protect your applications with IPS Intrusion prevention service (IPS) is another layer of protection for applications such as web, email, file and database servers. These are at risk of worms, Trojans, spam, phishing and IM/P2P attacks. Another useful application of IPS is include in your Acceptable Internet Use policy safeguards prohibiting use of instant messenger, peer to peer and social networking applications at work. Employees can use these on their personal systems at home, but using them at work exposes any business network to added risk. Tip Seven - improve security decisions All firewalls and other security devices collect massive amounts of important security data in the log files. If these are carefully monitored and analysed it can help prevent disaster. However, most organisations do not have the resources to train staff to audit and identify what is being logged. An emerging trend among appliance vendors is to provide a summarised version of critical log file information to help IT make fast and important decisions, such as adjusting message quarantine, warning users of recent attacks and addressing potentially affected machines. Tip Eight actions to take if your system gets infected

How can you spot infection in the first place? Typical symptoms of spyware, virus or worm infections include: slow or unusual behaviour from a desktop; slow running network; high network traffic at unusual times; and email being rejected by external mail servers. The usual way of tracking the source of the problem is by elimination: disabling half of the network and then watching the results. This is simple and effective but invasive and not all organisations would find this practical. Alternatively, a firewall can be used to block certain types of traffic from parts of the network, and sniffer programs can track the origins of suspicious behaviour. Anti-virus and Anti-spyware programs can then confirm the problem on those machines. Summary and future Network attacks are usually designed to steal data. Infected desktops or laptops can be used to steal sensitive and confidential employee and customer data and this can open up identify fraud. Tactics are becoming more sophisticated and inventive.. Hackers are finding ways to penetrate systems and networks accessed by mobile devices via Bluetooth, wireless or USB (cell phones and MP3 players). This is a growing danger to corporate networks because these unprotected devices can circumvent perimeter security devices. Security and protocols must be applied to any communications or storage device in order to protect your operation. Keep researching IT and business media for new threats and calculate how they apply and impact within your operation. Your protection plans, protocols and software must be regularly assessed and updated. UK Business IT

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information