Video Screencast Help

Network Security and Ways to protect a System

Created: 30 Jul 2009 • Updated: 06 Aug 2009 | 8 comments
Language Translations
P_K_'s picture
+15 15 Votes
Login to vote

Network security has become an explosively important job with the combined growth of the Internet, the businesses that depend on it, and the people that attempt to break their way in. In a network, a lot of the same security issues apply for computer security, but there are more systems that, if vulnerable, can infect each other and allow for additional informations to become available.
Invest in and use a firewall to protect your network, either at home or in the office. Even the most basic home DSL routers include some firewalling software which do an adequate job of closing the ports of unwanted incoming or outgoing traffic, and considering the cost of those routers, there is no reason not to. Of course, it only helps if you've enabled it - you should always check that all ports are locked down or closed at all times and that you only open what ever ports are required. This can stop many viruses from entering the network and prevents operating system vulnerabilities from being exposed at all, which protects all of your internal systems and computers.

More advanced networks and office LANs may require remote users to connect in to access folder shares, servers or services. A VPN, a virtual private network, will allow you to share these internal network resources from outside the network, while still keeping security in place. The traffic is encrypted, and passwords are used to prevent unwanted entry. To maintain a higher level of security, you can use a 2-step key system - you first enter your password, and then you enter a randomly generated multi-alpha-numeric key using a token. This token, which can be made to rotate on a frequent basis, usually as often as every 30 or 60 seconds, means that an attempt to break in not only requires the password, but also the physical possession of the token, thus is of a considerably higher grade than a simple password.

The safest way to implement a network is using a hard-wired network to connect your LAN together. While it may be slightly more expensive to draw the Ethernet cabling between all the rooms or points you want connected, it limits the places and ways that someone can break in to your LAN. Ultimately, they would have to be connected from the inside to one of those hard-wired points to connect or to break in from your WAN or Internet connection.

If you do implement a wireless router, there are several security issues to be aware of. It is very common for people to sniff out open unprotected networks to use for downloading, especially when the content they are downloading is less than scrupulous, something that can affect both residential and commercial networks. You can easily avoid this with a few easy steps. Firstly, don't broadcast your SSID, basically, the digital name for your network - without it, someone would have to guess blindly to be able to connect in to your LAN. Implement a wireless encryption protocol (WEP) which requires a password to connect - with that enabled, a password is also required to connect to your LAN, and all the data is encrypted and thus much safer. If you are still concerned, you can block unauthorized MAC addresses - which limits the computers that can connect to the LAN to those you specify explicitly, use a non-standard wireless frequency range - which makes it a little more difficult for someone to snoop your traffic blindly, and you can disable DHCP and use a non-standard block of internal addresses - both of which stop someone's ability to do anything even if they can somehow connect in.

Once you've built your network and secured it, you still need to lock down the ports properly - with too many ports open, you expose vulnerabilities; with too many closed, you hamstring your ability to work and browse the web properly. Filesharing applications are common, especially for music and movies, but generally speaking, copyright issues dictate that most companies close those tight and don't allow users to install any software that can lead to illegal activities. Web browsing is a virtual necessity, whereas mail is a maybe - web-based mail systems like Hotmail or Gmail don't need any additional ports opened, and instant messaging programs like MSN or Yahoo Messenger will need a port opened, but do you really want that open while your staff are trying to work? Remember that each application will require a port to be opened, and each open port is a vulnerability. Once you are open and have a program sharing on the Internet, you are visible to anyone else with that application, even if you aren't aware of them - check for any program options to disable this, or check carefully and only have the program running when you need to download something, closing the program immediately afterwards

14 Ways to Protect Your System

1. Do not open e-mail attachments from an unknown, suspicious, or untrustworthy source. If you're not familiar with the sender, do not open, download, or execute any files or e-mail attachments.

2. Do not open an e-mail attachment unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses replicate themselves and spread via e-mail. Stay on the safe side and confirm that the attachment was sent from a trusted source before you open it.

3. Do not open any e-mail attachments if the subject line is questionable. If you feel that the attachment may be important to you, always save the file to your hard drive before you open it.

4. Delete chain e-mails and other spam from your inbox. It's best not to forward or reply to messages like these. Unsolicited, intrusive mail clogs up networks, may contain annoying or offensive content, and may result in security and privacy risks.

5. Exercise caution when downloading files from the Internet. Make sure that the Web site is legitimate and reputable. Verify that an anti-virus program has checked the files on the download site. If you have any doubts, don't download the file at all. If you download software from the Internet, be especially vigilant of free software, which often carries adware or other potentially unwanted content along with it. Always read the privacy policies and end-user license agreements (EULAs) for software you install, regardless of the source. Be especially wary of screensavers, games, browser add-ons, peer-to-peer (P2P) clients, and any downloads claiming to be “cracked” or free versions of expensive applications, such as Adobe® PhotoShop® or Microsoft® Office. If it sounds too good to be true, it probably is.

6. Avoid downloads from non-Web sources altogether. The chances of downloading infected software from Usenet groups, IRC channels, instant messaging clients, or P2P is very high. Links to Web sites seen in IRC and instant messaging also frequently point to infected downloads. Avoid obtaining your software from these sources.

7. Update your anti-virus software often. Threats are on the increase, and they are constantly evolving. Hundreds of viruses are discovered each month. To make sure that you are protected against the newest breed of threats, update your anti-virus software frequently. That means downloading the latest virus signature files and the most current version of the scanning engine.

8. Back up your files frequently. If a virus infects your files, at least you can replace them with your back-up copy. It's a good idea to store your backup files (on CDs or flash drives) in another secure physical location away from your computer.

9. Update your operating system, Web browser, and e-mail program on a regular basis. For example, you can get Microsoft® security updates for Microsoft® Windows® and Microsoft® Explorer at http://www.microsoft.com/security.

10. Vigilance is the best defense against phishing scams. “Phishing” describes scams that attempt to acquire confidential information such as credit card numbers, personal identity data, and passwords by sending out e-mails that look like they come from real companies or trusted individuals. If you happen to receive an e-mail message announcing that your account will be closed, that you need to confirm an order, or that you need to verify your billing information, do not reply to the e-mail or click on any links. If you want to find out whether the e-mail is legitimate, you can contact the company or individual directly by calling or writing to them.

11. Do not open messages or click on links from unknown users in your instant messaging program. Instant messaging can be a vehicle for transmitting viruses and other malicious code, and it’s another means of initiating phishing scams.

12. Use a personal firewall. A hardware firewall that sits between your DSL router or cable modem will protect you from inbound attacks. It’s a must for broadband connections. A software firewall runs on your PC and can protect you from both inbound and outbound attacks.

13. Check your accounts and credit reports regularly. Identity thieves can begin using your personal information to open accounts, purchase goods, and make your life miserable within minutes of obtaining that data. Check your bank account and credit card statements frequently. That way, if you discover that your personal information has been compromised, you can alert credit companies and banks immediately, so they can close your accounts.

14. Select strong password and keep them safe: One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that someone is the person they claim to be is the next step, and this authentication process is even more important, and more difficult, in the cyber world. Passwords are the most common means of authentication, but if you don't choose good passwords or keep them confidential, they're almost as ineffective as not having any password at all. Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords

Here is a review of tactics to use when choosing a password:

i ) Don't use passwords that are based on personal information that can be easily accessed or guessed.
ii ) Don't use words that can be found in any dictionary of any language.
iii )Develop a mnemonic for remembering complex passwords.
iv )Use both lowercase and capital letters.
v) Use a combination of letters, numbers, and special characters.
vi ) Use passphrases when you can.
vii )Use different passwords on different systems.

Comments 8 CommentsJump to latest comment

Mudit Kumar's picture

Really a helpful article, Great job Prachand.

This will help a lot.

Thanks & Regards,
Mudit Kumar
 

0
Login to vote
Ivan Tang's picture

it's a great article , learning.

0
Login to vote
andrew.charles@safestyle.co.uk's picture

Really good article, Enjoyed reading it.

0
Login to vote
EricEddler's picture

Network security is becoming increasingly important especially on wireless connections. Turn-key technologies is a fantastic company that offers high quality computer and network security

0
Login to vote
SymSEP's picture

good infrmation

0
Login to vote
Mahesh Roja's picture

Good one !

If this Info helps to resolve the issue please Mark as Solution

Thanks

0
Login to vote
riva11's picture

Helpful article, just a comment about the importance of OS and antivirus updates. In my personal point of view the 7. Update your anti-virus software often and 9. Update your operating system should be moved to 1 and 2 position. These are a must for all users and give the basic computer protection .

0
Login to vote