Network security

Written by  Friday, 06 March 2015 08:41
Rate this item
(0 votes)
Network security has become an explosively important job with the combined growth of the Internet, the businesses that depend on it, and the people that attempt to break their way in. In a network, a lot of the same security issues apply for computer security, but there are more systems that, if vulnerable, can infect each other and allow for additional informations to become available.
Invest in and use a firewall to protect your network, either at home or in the office. Even the most basic home DSL routers include some firewalling software which do an adequate job of closing the ports of unwanted incoming or outgoing traffic, and considering the cost of those routers, there is no reason not to. Of course, it only helps if you've enabled it - you should always check that all ports are locked down or closed at all times and that you only open what ever ports are required. This can stop many viruses from entering the network and prevents operating system vulnerabilities from being exposed at all, which protects all of your internal systems and computers.
 
More advanced networks and office LANs may require remote users to connect in to access folder shares, servers or services. A VPN, a virtual private network, will allow you to share these internal network resources from outside the network, while still keeping security in place. The traffic is encrypted, and passwords are used to prevent unwanted entry. To maintain a higher level of security, you can use a 2-step key system - you first enter your password, and then you enter a randomly generated multi-alpha-numeric key using a token. This token, which canbe made to rotate on a frequent basis, usually as often as every 30 or 60 seconds, means that an attempt to break in not only requires the password, but also the physical possession of the token, thus is of a considerably higher grade than a simple password.
 
The safest way to implement a network is using a hard-wired network to connect your LAN together. While it may be slightly more expensive to draw the Ethernet cabling between all the rooms or points you want connected, it limits the places and ways that someone can break in to your LAN. Ultimately, they would have to be connected from the inside to one of those hard-wired points to connect or to break in from your WAN or Internet connection.
 
If you do implement a wireless router, there are several security issues to be aware of. It is very common for people to sniff out open unprotected networks to use for downloading, especially when the content they are downloading is less than scrupulous, something that can affect both residential and commercial networks. You can easily avoid this with a few easy steps. Firstly, don't broadcast your SSID, basically, the digital name for your network - without it, someone would have to guess blindly to be able to connect in to your LAN. Implement a wireless encryption protocol (WEP) which requires a password to connect - with that enabled, a password is also required to connect to your LAN, and all the data is encrypted and thus much safer. If you are still concerned, you can block unauthorized MAC addresses - which limits the computers that can connect to the LAN to those you specify explicitly, use a non-standard wireless frequency range - which makes it a little more difficult for someone to snoop your traffic blindly, and you can disable DHCP and use a non-standard block of internal addresses - both of which stop someone's ability to do anything even if they can somehow connect in.
 
Once you've built your network and secured it, you still need to lock down the ports properly - with too many ports open, you expose vulnerabilities; with too many closed, you hamstring your ability to work and browse the web properly. Filesharing applications are common, especially for music and movies, but generally speaking, copyright issues dictate that most companies close those tight and don't allow users to install any software that can lead to illegal activities. Web browsing is a virtual necessity, whereas mail is a maybe - web-based mail systems like Hotmail or Gmail don't need any additional ports opened, and instant messaging programs like MSN or Yahoo Messenger will need a port opened, but do you really want that open while your staff are trying to work? Remember that each application will require a port to be opened, and each open port is a vulnerability. Once you are open and have a program sharing on the Internet, you are visible to anyone else with that application, even if you aren't aware of them - check for any program options to disable this, or check carefully and only have the program running when you need to download something, closing the program immediately afterwards
Last modified on Friday, 06 March 2015 08:41
Seyfu Mekonen

Seyfu Mekonen is a founder and administrator of ethiosafety.com. As a founder and administrator he is responsible for free and up to date safety and security informations. He can be reached: seyfu2002@yahoo.com

You are here: Home Security Network security Network security