Network security is best achieved by a set of layered and overlapping technologies. Network issues can be
scanned for, and some standard tools such as the NVD (National Vulnerability Database) and related resources can be used.
Your network is under attack by increasingly sophisticated and constantly evolving means. Today’s news always seems to include the latest virus, Trojan, or worm; your mail contains a letter from your bank telling you that your credit card information has been hacked.
If your network seems flaky or some system is acting up, you are excused for feeling paranoid. Keeping your network
secure is a little like the cartoon Spy vs. Spy. These are uncertain times we live in, but you can discourage attackers by hardening your network, thus directing them away from your network and toward softer targets.
There is no single method for protecting a network. Any security system can be cracked or compromised, if not from the outside then certainly from the inside. The best way to secure a network is to have different layers of security so that an attacker must compromise two or more systems in order to gain access.
Suggested Read: Network Related Abbreviations You Need To Know
Changing security parameters such as passwords regularly and securely partitioning different portions of a network are two other methods that are invaluable.
Information used to determine network vulnerability is maintained by a number of companies and organizations, including:
- Common Vulnerabilities and Exposures (CVE)
- Computer Emergency Response Team (CERT)
- Microsoft Security Response Center (MSRC)
- Open Source Vulnerability Database (OSVDB)
- Open Web Application Security Project (OWASP)
- SANS Institute
- Secunia vulnerability archive
- SecurityFocus vulnerability archive
- Secwatch vulnerability archive
- Packet Storm Security
- CX Security
Here are the top Commandments of Network Security Practices:
1. Always operate behind a firewall. Choose a hardware firewall such as F5, Palo Alto, Fortigate or Checkpoint in preference to a software firewall, and ensure that the firewall provides both physical and protocol isolation. A system attached to the Internet without a firewall can be compromised in minutes.
2. Always change any default password set by the vendor; use passwords that are at least 8-10 characters long and combine upper- and lowercase alphabetic, numeric, symbol characters in strings that are not encountered in a dictionary.
3. Install Anti-virus and spyware scanning software, particularly at the gateways of your network.
4. Have a robust system backup policy. Keep system images for all systems.
5. Always apply update patches as soon as they become available, but have backups available in case problems arise. Pay particular attention to any public network facing software. It is particularly important to patch Web server and Web browser software, for example.
6. Segment your network into subnets. This provides physical isolation by IP addresses within your network.
7. Encrypt any sensitive data and use secure protocols (SSH, HTTPS) for data transfer. Don’t send any data in plain text over any unsecured protocol such as FTP or HTTP.
8. Beware of malicious downloadable content, hyperlinks, and unsolicited or phishing e-mail. Turn off script execution as a default.
9. Lower your attack surface and close all unnecessary ports, and turn off all unused network protocols.
10. Beware of network shares and providing full access to shared resources. Shares offer a potent mechanism for viruses, worms, Trojans, and other malicious software to propagate through a network. Use a strong network operating system access list control policy.
11. Beware of mobile systems and mobile media. Isolate traveling laptops until they are verified safe or fully hardened, and ensure that sensitive systems lock out media such as USB keys.
12. Ensure that you have secure connections when using forms or HTTPS connections. Verify connections by checking the security certificates of sites. Close your browser when a secure session is completed; don’t simply close a browser tab.
13. Make good use of your network operating system’s security policies.