Network Security: How To Secure And (Tools Every Agency Needs)
Network Security is an essential part of maintaining any network and is the primary focus for a network administrator. While most people think that the main focus of a network administrator is to ensure that users can access data and other resources needed to perform their job functions, they don’t realize the work and attention needed to make certain all data is secure.
Everyday security threats are being modified and refined, as hackers new conduits such as instant messaging, peer-to-peer connections, and wireless networks to deliver their attacks. In my opinion, the biggest headache for small businesses is the misuse of the Internet by employees. If a user visits an inappropriate site, sends or receives inappropriate content, or worse, violates confidentiality and leaks client information or company secrets, legal liability action is sure to follow. End user education needs to be top priority for all network administrators.
Insiders aren’t the most common security problem, but they can be among the most damaging to a company’s reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security professionals. If an employee is terminated, it’s crucial that all system access be revoked immediately. About half of all insider attacks take place between the time an IT employee is dismissed and their user privileges are taken away. I was in a situation where a co-worker was dismissed because of poor work performance. The IT manager arranged for all user privileges to be terminated immediately after the employee was informed of his termination. He was allowed to remove personal items from his office and computer, but was supervised the entire time. There was a tremendous amount of planning involved to coordinate this, but it work effectively.
Why are full security polices not implemented? It could be a matter of cost, the inhability of IT staff to recognise the dangers and sometimes it is purely down to complacency where a company assumes that because its network has not received a serious security breach then it probably never will.
Threats to a network come in many shapes and sizes:
- Zero Day Attacks
This type of attack aims to exploit a vulnerability in a system or software program when that vulnerability is made public. Often known as the Zero hour vulnerability.
Network security must be implemented through the use of multiple layers and monitored so as to be able to understand the types of attacks and whether or not some layers of security may have been breached.
Adware as the name suggests are programs that are designed to display advertisements on a users computer, or to redirect a user’s browser to a website displaying adverts. Some adware is even designed to collect data about the user’s system, often with little indication to the user of what is happening.
Often adware is introduced to a computer system via some for of free or shared computer programs (freeware and shareware), or through the use of websites that have been infected with the adware programs. Sometimes you notice that your browser has actually been hijacked and no matter what you do,
it is intent on landing on a particular webpage. The good thing is that adware can usually be removed quite easily, but can still be a nuisance initially.
A computer virus comes under the heading of malware, where the virus integrates itself with another program and is usually able to replicate itself so as to be able to spread from one computer system to another. The effects of a computer virus can vary from mildly annoying symptoms to corruption or removal of data from the infected computer system. There is normally an executable file associated with a virus which often requires a user to execute that file. It is a well documented fact that viruses are often introduced to a system by means of an email, transferring files from a disk or sharing files across a network. Worms and Trojans can often be categorized as viruses.
- Dos (Denial of Service)
As it’s name clearly states, the purpose of DoS is to seriously inhibit or completely shut down a network service or the network itself. This is often achieved by overwhelming a target machine with bogus requests so that genuine requests cannot be actioned, and therefore rendering the service unusable. Web servers or email servers are often the intended victims, particularly those run by large commercial organisations. There a number of well known DoS attacks:
SYN attacks exploit the 3-way handshake that precedes a TCP connection by sending a request for a connection, but never completing that connection. Eventually all the TCP ports used for the service are in use and genuine users cannot make a connection with the server.
ICMP Flooding operates by flooding a network with ping packets that require responses, therefore using up valuable network resources and eventually exhausting those services.
Buffer Overflow attacks target specific network devices or programs with excessive traffic causing the system to hang or shut down altogether under the sheer weight of traffic.
Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used. A particularly effective DoS attack is one that is distributed, meaning that a system is attacked from many machines in multiple locations, therefore increasing the capacity of the attack.
- Identity Theft
Where a computer system can be hacked to obtain sensitive information about users such as names, date of birth, addresses. The identity theft itself can then be used as the basis for fraudulent activity such as:
- Opening a bank account
- Ordering goods in another person’s name
- Access or take over a genuine user’s bank account
- Obtaining a passport or other identity document such as a driving licence.
- Obtaining a loan or credit agreement
Identity theft can often make life miserable for the intended victims as they can notice goods ordered in their name, mounting debt in their name which can affect credit scores and render an individual unable to take out credit such as a mortgage.
Hackers merely exploit vulnerabilities and weaknesses in computer networks or systems. Motives behind hacking are many and varied, the most common being to steal or compromise an organisations information, embarrass an organisation or merely hack a system for the prestige amongst peer hackers.
The following products should be part of every IT organization’s network security toolset:
- NETWORK ACCESS CONTROL
NAC products enforce security policy by granting only security policy–compliant devices access to network assets. They handle access authentication and authorization functions and can even control the data that specific users access, based on their ability to recognize users, their devices and their network roles.
- NEXT-GENERATION FIREWALLS
This technology expands on traditional stateful inspection to provide next-generation network security services, including application visibility and control and web security essentials. Next-generation firewalls also improve on standard firewall capabilities through application-awareness features.
- INTRUSION DETECTION AND PREVENTION SYSTEMS
IDS and IPS tools help IT staff identify and protect their wired and wireless networks against several security threat types. These technologies, like several other categories of network security tools, are being deployed with greater frequency as networks grow in size and complexity. Annual IPS revenues are expected to more than double between 2012 and 2017 (from $1.21 billion to $2.44 billion) according to estimates from the research and analysis firm Frost & Sullivan.
Both IDS and IPS solutions detect threat activity in the form of malware, spyware, viruses, worms and other attack types, as well as threats posed by policy violations. IDS tools passively monitor and detect suspicious activity; IPS tools perform active, in-line monitoring and can prevent attacks by known and unknown sources. Both tool types can identify and classify attack types.
- AUTHENTICATION AND AUTHORIZATION
Traditional directory-based services, such as Active Directory, authenticate users and grant access based on authorization rules. Newer identity-based security technologies manage authentication and authorization through such methods as digital certificates and public key infrastructure solutions. Additional security is provided by the SNMP protocol itself. The most recent version, SNMPv3, provides authentication, authorization and encryption capabilities lacking in the previous two versions.
Anti-malware network tools help administrators identify, block and remove malware. They enable the IT department to tailor its anti-malware policies to identify known and unknown malware sources, for example, or surveil specific users and groups.
Malware is always on the lookout for network vulnerabilities — in security defenses, operating systems, browsers, applications and popular targets such as Adobe Flash, Acrobat and Reader — that they can exploit to fully access a victim’s network. Best practices call for a multipronged defense that might also include IP blacklisting, data loss prevention (DLP) tools, anti-virus and anti-spyware software, web browsing policies, egress filtering, and outbound-traffic proxies.
- MOBILE DEVICE MANAGEMENT
MDM software bolsters network security through remote monitoring and control of security configurations, policy enforcement and patch pushes to mobile devices. Further, these systems can remotely lock lost, stolen or compromised mobile devices and, if needed, wipe all stored data.