An attack on your computer network can result in denial of service from an overloaded router, corrupted data transmitted across the network, unauthorized access to PCs, or the data centers themselves.
Keeping the network safe requires that you minimize an attacker's entry to each identified access point in the network. The five access points you need to be concerned with are:
Physical Protection
User Authentication
Access Control
Encryption
Security Management
How thoroughly you seal up any access point depends on weighing the risks, the cost of carrying out the security measure, and the value of the lost data or security intrusion. This article provides the nuts and bolts to consider for each access point.
Physical Protection
On the front line, you can begin by protecting back door access to workstation and to media as follows:
Train staff to log off the network during breaks, meal times, and at the end of the work shift.
Provide employees with access to a secure bin for depositing unused sensitive media, such as disks, and sensitive paper files, that need to be destroyed. You might want to investigate a refuse service that specializes in destroying sensitive media. Some services will destroy your documents on-site, while other will provide a sealed bin for depositing media.
Use smart cards, not disks, to store digital keys.
Don't write down passwords and then send them via e-mail, especially if the message is going to get archived onto a server.
Refrain from writing personal identification codes on identification cards. Put locking devices on portable equipment, such as laptops, external disk drives and tape backup systems.
User Authentication
Proof of who you are provides the only way to distinguish authorized users from possible intruders. To this end, an authentication system can determine what information the requester can access. For example, each sales representative can access records for his or her customers, not the entire customer database.
An authentication system usually includes what the user has or possesses, such as a smart card or certification; what the users knows, such as a password; or a physical attribute, such as a fingerprint or other biometric attribute. The most common authentication systems include a password, digital certificates, and digital digest or digital signatures.
Passwords generated by a software agent pose the most common type of security breach, especially when they aren't carefully chosen or maintained. An intrusion detection system, on the other hand, can protect against unauthorized access to sensitive information by correlating and reporting on suspect activity, and creating complete logs of all information transactions. This type of system can link audit trails from disparate systems, such as firewalls and system event logs.
Add www.enterprisenetworkingplanet.com to your favorites Add www.enterprisenetworkingplanet.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.xReceive news via our XML/RSS feed
Images
IE 7
Firefox 2.0