Network security should encompass all aspects of a network from the desktop to the perimeter. A multifaceted and multilayered approach to network security for any organization or business provides the ideal protection coverage against internal and external threats. For small networks or even a single computer, a router with integrated firewall is usually sufficient. For larger networks a dedicated firewall at the network perimeter may be more appropriate. A good number of dedicated firewall appliances can also provide secure Virtual Private Network (VPN) connectivity. The most common feature provided by dedicated firewalls is their ability to inspect, block and report malicious network activity usually initiated from the internet. Firewalls that provide this functionality are often designated as an Intrusion Prevention System (IPS).
A content filtering device is a good complement to a dedicated firewall. These types of devices usually include the ability to monitor, filter, regulate and report on all web related traffic. They are usually installed transparently in line between an internal switch and router or firewall. All internet inbound and outbound traffic is then forced to pass through it. This type of installation is often referred to as “bridged mode.” Some content filtering devices can also be integrated with a network directory for individual, detailed monitoring of end user web related traffic. Microsoft Active Directory and Novell eDirectory are examples of directory services that can integrate with a good number of content filtering devices.
Desktops and servers should be protected by antivirus and anti spyware applications. There is a wide variety of enterprise level threat protection software available in today’s current marketplace from numerous vendors. The ideal threat protection software should include at a minimum, frequent if not daily virus definition updates, centralized management and reporting, active protection and the ability to guard against unknown threats.
Another aspect of the network that needs security related consideration is what the users are allowed to do on desktops and laptops. Management may want to evaluate and implement access and rights appropriate for their environment and the nature of the organization. Should users be allowed to install software on their own or should the use of removable devices be disabled company wide are examples of issues that should be addressed when defining security policies and procedures.
Lastly, physical security is also important when considering all security related aspects of the network. Servers should be secured and access regulated and documented. It is also best to make sure that backup media is secured whether stored on-site or off-site. In conclusion, a proactive effort in utilizing these network security best practices coupled with consistent monitoring, constant re-assessments and adaptive reconfiguration are all essential in ensuring the safety and protection of an organizations data, intellectual properties and physical assets.
By: Anthony C.
Posts Tagged ‘Microsoft Active Directory’
Essential Computer Network Security Best Practices
November 28th, 2009Computer Network Maintenance and Health Check Tips
October 20th, 2009
For many businesses and organizations, computer networks have become an essential aspect of day to day operations. Keeping the network up and always available requires proactive monitoring and maintenance. The following tips and suggestions can help ensure reliable computer network based services and accessibility.
The heart of most computer networks is the server. This is where company data and other business critical applications and services usually reside. A good, reliable server should contain quality components and redundant parts to ensure maximum up time. Always install the latest critical and recommended updates if you are running a Microsoft Windows based operating system on your server. Establish security groups and strong password policies if utilizing Microsoft Active Directory to manage users and computers. Check, review server event logs regularly. Make sure antivirus applications are installed, running and up to date.
Implement regular on site and off site backup of critical server data. Secure on site backup media like tapes or removable hard drives in a fireproof safe or cabinet. Networking devices that are manageable should have their configurations backed up to a file regularly and especially before and after any changes. All aspects of the network should be well documented as part of your backup and disaster recovery strategy.
Servers and critical networking components like switches, routers and firewalls should all be connected to an Uninterruptible Power Supply or UPS for short. This will allow these devices to be powered down gracefully in case of an unexpected power outage. Consider attaching desktops to a UPS as well to prevent the risk of end user data loss.
By: Anthony C.
