Top Five Fundamentals of Network Security

Thursday, June 14, 2012

Megan Berry


There are many factors that can bring down your computer networks and compromise data, including cyber criminals, carelessness and disgruntled employees.

The hardware, software, policies and procedures that make up the many layers of network security are designed to defend your company’s systems from these threats.

What are the most common threats?

  • Viruses, worms, Trojan horses, spyware, malware, adware, botnets etc.
  • Zero-day and zero-hour attacks
  • Hacker attacks
  • Denial of Service (DoS) and Distributed Denial of Service Attacks (DDoS)
  • Data theft

These threats look to exploit:

Top 5 fundamentals of network security

Following these five fundamentals will help protect your reputation and reduce liability:

1. Keep patches and updates current

When administrators are lax about applying patches and updates, cyber criminals exploit all possible vulnerabilities. In particular, verify that office computers are running current versions of these much used programs:

  • Adobe Acrobat and Reader
  • Adobe Flash
  • Oracle Java
  • Microsoft Internet Explorer
  • Microsoft Office Suite

Make sure you keep an inventory to make sure ALL your devices are updated regularly.

2. Use strong passwords

Your password should be comprised of at least 6 characters, preferably more, and uses a combination of upper- and lower-case letters, numbers and symbols. This should go without saying: they should be kept out of sight and only shared with trusted employees who need them. 

If you want some more tips, check out what Symantec has to say.

It is not uncommon for hackers to impersonate tech support to get people to give out their password, so train users to recognize these social engineering techniques and avoid danger.

The SANS Institute also recommends that passwords be changed every few months at least, without duplicates. They also suggest that users be locked out of their accounts after multiple failed long-on attempts within a short time period.

3. Secure your VPN

Reviewing the documentation for your server and VPN software is a must. You want the strongest possible protocols for encryption and authentication to protect your network/data from hackers while your information is traveling over the Internet.

The most secure identity authentication method is multi-factor authentication. Including extra steps to prove a user’s identity, like a PIN, makes it more difficult for unwanted users to enter your network.

Here’s an idea: use a firewall to separate the VPN network from the rest of the network. Want more? Other tips include:

  • Use cloud-based email and file sharing instead of a VPN.
  • Create and enforce user-access policies. Be stingy when granting access to employees, contractors and business partners.
  • Make sure employees know how to secure their home wireless networks. Malicious software that infects their devices at home can infect the company network via an open VPN connection, and
  • Before granting mobile devices full access to the network, check them for up-to-date anti-virus software, firewalls and spam filters.

4. Actively manage user access privileges

According to a recent survey of 5,500 companies by HP and the Ponemon Institute, more than half said that their employs have access to “sensitive, confidential data outside the scope of their job requirements.”

Inappropriate user-access privileges are a security threat and should not be overlooked. When an employee’s job changes, make sure the IT department is notified so their access privileges can be modified to fit the duties of the new position.

5. Clean up inactive accounts

Hackers often use inactive accounts that were once assigned to employees in order to gain access and disguise their activity. Software is available for cleaning up inactive accounts over large networks with many users.

If you would like more information and bonus network security tips, check out our original story.

Cross-posted from Network Fundamentals

Possibly Related Articles:
General Network->General
Information Security
Patching Access Control Best Practices VPN Network Security Threats Information Security Multifactor Authentication Privileges
Post Rating I Like this!
James Anderson I would add a number six:

6. Remove unused and unneeded software. Two examples to consider are Java (not to be confused with Javascript) and Adobe Flash. While they are not alone, they are the two most often compromised pieces of code in the history of computers.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.