Network Security: Top 5 Fundamentals
Relentless cyber criminals, disgruntled current and former employees and careless users can bring down your computer networks and compromise data. Your company’s network security is made up of hardware, software, policies, and procedures that are designed to protect against internal and external threats to its computer systems. Multiple layers of software and hardware can help prevent computer network threats and prevent them from spreading.
These are the most serious threats to your system:
- Malicious programs like viruses, worms, Trojan horses, spyware, malware, adware and botnets
- Zero-day and zero hour attacks
- Hacker attacks
- Denial of Service (DoS), Distributed Denial of Service Attacks, (DDoS)
- Data theft
These are the types of threats that you need to be aware of:
- Wireless networks that are not secured
- Hardware and software that isn’t patched
- Unsecured websites
- Potentially undesirable applications (PUAs).
- Weak passwords
- Lost devices, and
- Unwitting users or users with malicious intent.
The Top 5 Essentials of Network Security
These fundamental network security principles are essential for downtime prevention, compliance with government regulations, reduced liability, and reputation protection.
1. Make sure you keep patches and up-to-date
Cyber criminals exploit vulnerabilities in operating systems, software applications, web browsers and browser plug-ins when administrators are lax about applying patches and updates.
Check that your office computers run the most current version of these programs.
- Adobe Acrobat Reader and Reader
- Adobe Flash
- Oracle Java
- Microsoft Internet Explorer
- Microsoft Office Suite
To ensure that every device is up-to-date, keep an inventory. Make sure Windows and Apple computers are set up for automatic updates.
2. Use strong passwords
Most users are well aware that passwords should not be written on Post-It Notes, which are often pinned to their monitors. But there’s more to keeping passwords secure than keeping them out of plain sight.
A strong password is one that is difficult to recognize by computers and humans. It must contain at least six characters and use a mixture of upper- and lowercase letters, numbers, and symbols.
Symantec gives additional suggestions:
- Avoid using words from the dictionary. Avoid proper nouns and foreign words.
- Do not use any name, nickname, family member, or pet related material.
- Do not use numbers that someone could guess from looking at your mail, such as street numbers or phone numbers.
- Select a phrase that you find meaningful, then convert the first letters into characters.
The SANS Institute recommends passwords be changed at least every 90 days, and that users not be allowed to reuse their last 15 passwords. Users should be locked out for at least an hour after failing eight log-on attempts in a 45-minute time period.
Train users to recognize social engineering techniques used to trick them into divulging their passwords. Hackers can impersonate tech support in order to trick users into entering their passwords.
3. Protect your VPN
For VPN security, data encryption and identity authentication are crucial. Hackers can use any open network connection to gain access to your network. Data is also vulnerable when it travels over the Internet. To ensure that encryption and authentication protocols are strong, review the documentation of your VPN software and server.
Multi-factor authentication is the best method to authenticate your identity. Your users will need to take more steps to prove their identity. Users could have to enter a pin number in addition to their password. A random number code that is generated by a keyfob authenticator every 60 second could also be used along with a password or PIN.
A firewall is a great idea to keep the VPN network separate from the rest.
Some other tips are:
- Instead of using a VPN, use cloud-based email or file sharing.
- You should create and enforce user-access policy. Do not be stingy with accessing employees, contractors, and business partners.
- Employees should be able to protect their wireless networks at home. Malicious software can infect their devices at home and infect the company’s network through an open VPN connection.
- Before you grant mobile devices full network access, make sure they have the most current anti-virus software, firewalls, and spam filters.
4. Actively manage user access privileges
An unacceptable level of user access privileges can pose a serious security risk. It is important to manage employee access to sensitive data on a regular basis. More than half of 5,500 companies recently surveyed by HP and the Ponemon Institute said that their employees had access to “sensitive, confidential data outside the scope of their job requirements.” In reporting on the study’s findings, eWeek.com said “general business data such as documents, spreadsheets, emails and other sources of unstructured data were most at risk for snooping, followed by customer data.” When an employee’s job changes, make sure the IT department is notified so their access privileges can be modified to fit the duties of the new position.
5. Clean up inactive accounts
Hackers can use inactive accounts that were once assigned to former employees or contractors to gain access to their data and hide their activities. The HP/Ponemon Institute report did find that the companies in the survey were doing a good job deleting accounts once an employee quit or was laid off. There is software that can be used to delete inactive accounts from large networks with many users.
Five Network Security Tips Bonus
It’s also a good idea:
- Keep a list with authorized software so that users can’t download applications not on it. Software inventory software can track type, version, and patch level.
- Keep up-to-date the company’s security policies. In particular, state which personal devices, if any are allowed to access company networks, and how long it takes for users to report stolen or lost devices. Mobile Device Management (MDM), software that remotely wipes devices, is worth looking into.
- Segregate critical data from other network users and require them to authenticate before they can access it.
- Conduct penetration testing at least once per week using vulnerability scanning tools
- Monitor your network traffic continuously to spot unusual patterns and potential threats.