|
For most organizations, network security (including but not limited to blocking spam, spyware, viruses, adware and unwanted content from the network), is considered an important priority whether it is a Global 2000 enterprise or a small business with only 10 employees. Keeping intruders out as well as ensuring that there is some degree of control of network activity is of the utmost importance to keep the network (and, in turn, the business) running smoothly.
However, though the importance of network security to a business is universal regardless of company size, not all IT resources are created equal. Some companies have the means to devote large amounts of manpower, time, and money to network security and have that resource expenditure not even be a blip on the radar. Executing a network security strategy is a heady proposition, though, for the small business that does not have the budget, technical expertise, or time to devote to the task.
Of course, network security does not need to be a headache-inducing, staff-expanding, pocket-dipping endeavor. In fact, even the most basic steps can safeguard the network and keep the heart of the business healthy. Here are 5 practical tips to the SMB market for securing the network that do not require a rocket scientist or a vault of cash to implement.
Tip #1: Turn on your router’s security functions
The most obvious step in network security is to make sure that included security functionality is turned on and is up to date.
Even simple routers (e.g., Linksys, Netgear) provide basic firewalling capabilities that are fairly painless to enable. On the other hand, it’s also important to disable any administrative features that aren’t in use, like HTTP access or SNMP. This prevents unwanted or unauthorized changes from being made to basic functionality. Also, be sure you are managing routers remotely over secure connections, such HTTPS, SSH and IPSEC, which adds an additional layer of protection.
For wireless routers, make sure to use encryption to make important data readable only to those you want viewing it and access control to prevent unwanted entry. In addition, make sure to obtain the latest firmware from the manufacturer. Firmware implements network security protocols for a given device, and up-to-date firmware simply means improvements to reliability and performance both of the firmware and of the device itself.
And let’s not forget the most obvious thing of all-- change your default user names and passwords...and make them difficult to guess. It seems like an obvious thing to do, but an amazing number of people do not think to take this straightforward yet fundamental step.
Tip #2: Deploy perimeter security for critical applications, especially email and browsing
You can use an inexpensive appliance behind the firewall/router to block at the perimeter spam, viruses, spyware and other things that are detrimental to network security. This is far easier to administer (and therefore to enforce and use) than on a desktop. In fact, your desktops will probably be very grateful, as they will run faster under these circumstances.
In addition, one side benefit of implementing perimeter security is that you can conserve precious bandwidth on your network by reducing unnecessary or unwanted traffic, especially if you use web filtering to disallow inappropriate use of the web by your employees. Online shopping, social networking sites and even gambling can not only drain bandwidth but can hinder employee productivity as well. Some web filtering products even allow time-based access to specific content, so you could allow your employees to shop or read their personal webmail on their lunch hour while still being in control of the network’s content and traffic.
Tip #3: Limit access to critical servers.
Require authentication to access database and other critical servers. This is pretty self-explanatory, but essentially the more control you have over who accesses these servers the lower the chance of a security problem. Also, don’t stop at the virtual level—limit physical access, too. Streamlining the number of people that have physical and virtual access to servers not only makes implementing preventative security measures an easier process but also makes it easier to manage the consequences of an actual security breach (not to mention the breach itself).
And, just like with routers, steer clear of using the default user names and passwords and instead use log-in information that is difficult to guess.
Tip #4: Don’t run desktops/laptops with administrator privileges.
Many forms of malware, especially spyware, are thwarted by this simple remedy. Running your computer as an administrator gives all of your programs- including malware and spyware- unlimited access to your computer; running as a non-administrator limits access. Your administration and help desk costs will diminish too, since the configuration of your computing assets will be more under your control. Of course, you will have to deal with the occasional request from users to have specific software or upgrades installed on their computers, but this is also an opportunity for them to explain the cost justification. Do they really need that new application or the latest upgrade?
Another benefit of “locking down” your computers by having users run as non-admins is that it prevents the installation of unknown or untested software. Both from a security perspective and from a problem-prevention angle, it’s not a good idea to let your employees install any software they want to on their computers, since you have no real control over what they will install or how it will interact with other software on their computer or on the network.
Tip #5: Encrypt all removable media and laptop data.
If you are storing identity data (e.g. Personal Identity Codes), healthcare data, or financial data (including credit card numbers), this is a must, and, in fact, prevents the #1 source of data loss/breach – stolen or lost disks, tapes, and/or laptops. All security starts with physical security—you must know where all of your IT assets are at all times and who has access to them. Should you lose track of a backup disk, tape or a notebook, however, having the additional protection of encryption will help ensure that your sensitive data remains secure.
Lastly, as a side note, physical security is important not only for electronic data, but good old fashioned paper data as well. Secure your valuable paper files, and make sure you shred anything that is discarded.
No matter the size of the business, protection from network threats like spam, spyware, viruses, adware and unwanted content is critical. Following these quick and easy pointers can help close the door on such network security threats, but it is important for a business of any size to think about locking that door by investing in the long term in some kind of network security technology, whether an appliance or software. However, until that decision is made, these five actions are simple and easily-implemented ways for any organization, regardless of size, time, or money, to help keep their network healthy and safe.
About the Author:
Bob Walters began his accomplished career landing F/A-18 Hornet fighter aircraft on aircraft carriers. Today, Bob is the President and CEO of Untangle, the pioneer in open source network gateway platforms. Most recently, he landed his segment-leading application security startup, Teros, at Citrix Systems via acquisition. Along the way, Bob contributed in executive/general management positions at a number of top startup and public companies, including Securant Technologies (now part of RSA Security), Linuxcare, Informix Software, and Red Brick Systems.
Bob is a published expert and invited speaker in internet security, data warehousing/data mining, entrepreneurship, and leadership. He is an honors graduate of the U.S. Naval Academy in Annapolis and was a Guggenheim Fellow at Princeton University. He can be reached at bwalters@untangle.com
Go Back
|
