Security -- Beyond The Firewall

Courtesy of InformationWeek

Sure, network firewalls will help protect you against a wide variety of threats. But if your security plans stop and start with a firewall, you're in big trouble.

Network security extends beyond simply setting up a "good enough" firewall. There are other things you need to consider to help secure your network, and not all of them are tied directly to the network itself.

For example, even though new applications like instant messaging, VoIP, Web conferencing, and other voice-data convergence software can potentially increase your company's productivity and cost savings, they're also increasingly becoming vulnerable to hackers.

No Permanent Record

"Personal E-mail, instant messengers, and Skype are all ways to shunt data of all types from [point] A to B, usually without any permanent record of this occurring," warns Tom Newton, product development manager for firewall vendor SmoothWall.

Security practices must evolve as applications grow and become more complicated, says Bill Jensen, product marketing manager for security vendor ZoneLabs. Today, businesses need to think about making remote access, network, and host security work together to fend off the attacks targeted at applications, he says.

Network security usually is thought of in terms of software, but don't forget about the hardware. Treat outside devices with caution. IPods and digital cameras--virtually any gadget--can be used to move important data off your network and bring in malicious data you'd rather keep out. Consider deploying lockdown software to disable unused ports.

How far does your wireless network spread? Make sure you know how far your network's wireless access points reach, and reduce the transmission power, if possible.

"There's no need to cover next door as well," Newton says. "Even if you're confident in your wireless security, few users truly need wireless access. Those that can't live without it should be monitored carefully, and perhaps forced to authenticate over a VPN. You may as well keep track of who's got what--a network scan might show up a few unexpected visitors."

Secure Sockets Layer VPNs let users access information with their home computers, PDAs, or cell phones--and you have no control over these devices. "For all you know, an employee of your company could be downloading spyware off the Internet and then accessing your confidential information. SSL VPNs [could] become a way for spyware to make off with your data," Jensen says. "You need to change from a 'control paradigm' to an 'assurance-of-trust paradigm.' In other words, let any computers on, but check them to make sure they meet your level of security."

While you're tightening the ability of users to add and remove hardware, establish what they're allowed to do on the network and their local PCs. "Make sure your users can only do what they need to do. In almost every case, this means they should not run as 'administrator.' If you're using a piece of software that demands you run as admin, you should look at alternatives, as this is a sign of poorly written code," Newton says.

Your company's acceptable-use policy must reflect current business and network conditions. Most important, employees must be aware of it and fully understand it. A recent survey found that almost 40% of employees are unaware of their company's acceptable-use policy, Newton says. "Not only does the [policy] offer assistance when disciplinary action must be taken, it also determines network policy."