Security -- Beyond The Firewall - Tech Learning

Security -- Beyond The Firewall

Network administrators need to look at hardware, devices, apps, access rights, and a variety of other factors
Author:
Publish date:

Courtesy of InformationWeek

Sure, network firewalls will help protect you against a wide variety of threats. But if your security plans stop and start with a firewall, you're in big trouble.

Network security extends beyond simply setting up a "good enough" firewall. There are other things you need to consider to help secure your network, and not all of them are tied directly to the network itself.

For example, even though new applications like instant messaging, VoIP, Web conferencing, and other voice-data convergence software can potentially increase your company's productivity and cost savings, they're also increasingly becoming vulnerable to hackers.

No Permanent Record

"Personal E-mail, instant messengers, and Skype are all ways to shunt data of all types from [point] A to B, usually without any permanent record of this occurring," warns Tom Newton, product development manager for firewall vendor SmoothWall.

Security practices must evolve as applications grow and become more complicated, says Bill Jensen, product marketing manager for security vendor ZoneLabs. Today, businesses need to think about making remote access, network, and host security work together to fend off the attacks targeted at applications, he says.

Network security usually is thought of in terms of software, but don't forget about the hardware. Treat outside devices with caution. IPods and digital cameras--virtually any gadget--can be used to move important data off your network and bring in malicious data you'd rather keep out. Consider deploying lockdown software to disable unused ports.

How far does your wireless network spread? Make sure you know how far your network's wireless access points reach, and reduce the transmission power, if possible.

"There's no need to cover next door as well," Newton says. "Even if you're confident in your wireless security, few users truly need wireless access. Those that can't live without it should be monitored carefully, and perhaps forced to authenticate over a VPN. You may as well keep track of who's got what--a network scan might show up a few unexpected visitors."

Secure Sockets Layer VPNs let users access information with their home computers, PDAs, or cell phones--and you have no control over these devices. "For all you know, an employee of your company could be downloading spyware off the Internet and then accessing your confidential information. SSL VPNs [could] become a way for spyware to make off with your data," Jensen says. "You need to change from a 'control paradigm' to an 'assurance-of-trust paradigm.' In other words, let any computers on, but check them to make sure they meet your level of security."

While you're tightening the ability of users to add and remove hardware, establish what they're allowed to do on the network and their local PCs. "Make sure your users can only do what they need to do. In almost every case, this means they should not run as 'administrator.' If you're using a piece of software that demands you run as admin, you should look at alternatives, as this is a sign of poorly written code," Newton says.

Your company's acceptable-use policy must reflect current business and network conditions. Most important, employees must be aware of it and fully understand it. A recent survey found that almost 40% of employees are unaware of their company's acceptable-use policy, Newton says. "Not only does the [policy] offer assistance when disciplinary action must be taken, it also determines network policy."

Featured

Related

Beyond Firewalls

Twenty years ago, when I was in high school, computers had just made their way onto the desks of staff and administrators. I couldn't play football or slam dunk, but I could wrestle a computer program to its knees, and nothing gave me more pleasure than beating the administration at their own game. Before I

Beyond Firewalls(2)

Twenty years ago, when I was in high school, computers had just made their way onto the desks of staff and administrators. I couldn't play football or slam dunk, but I could wrestle a computer program to its knees, and nothing gave me more pleasure than beating the administration at their own game. Before I

Secure Your Wireless Network

Imagine a completely wireless school, an open network in which all students and staff can roam around using laptops or handheld computers to browse the Internet, access files and applications on the school server, and communicate with each other and the world via e-mail. It's a great picture — and at some

Image placeholder title

BYOD and Security

Last month we wrote about the evolution of one-to-one computing and how districts are allowing students to “bring your own device” (BYOD) to school.

Security in a Box

These days, security has become a loaded word. Security has increased just about everywhere—on subways and buses, in airports, and at courthouses. Security is critical on information networks, too. As many school IT specialists have learned the hard way, hackers, viruses, spam, and spyware lurk behind every

Image placeholder title

Beyond the Hardware

In the November 2013 issue of Tech & Learning, we asked districts around the countrywhy they chose certain devices for their 1:1 initiatives.