Network Security

Are you building a network?

Or on a network?

What is a network? 

You can think of it as a number of computers in a household, company, several businesses or governmental entities which are connected together through communication lines.  They may all be housed in the same structure, same city or they can be in remote locations throughout the county or world.   The people on the network all have a need or reason to have access to common data or information and email functionality.

In today’s world email viruses spread in a matter of hours, or even minutes.  Many times email service for a company is totally disrupted, throwing the entire place into chaos and creating an “all-hands” emergency predicament.

Why would I need a network?

There is a need to insure that large files (or any size) can be sent securely with the accountability, audit processes, and authentication that is required for the business environment.  E-mail may not send large attachments in an efficient and timely manner.  There are other alternatives like FTP, but it requires training and is often costly to administer.

Networks have to effectively manage the risks related to information security.  They need to define the methods and tools necessary to measure and monitor, and improve when necessary, the security of their own network, and continue to meet the needs of their business partners.  Corrections, defenses, or patches exist for most software flaws, but when they are not installed, the systems are vulnerable to attacks.

Can the network be made available to partners outside my company?

When businesses or other entities make their network available to their business partners, they generally define the acceptable security and reliability practices which are necessary to conduct safe and secure business-to-business operations.  They have to be able to trust the systems and users in their partner organizations, and therefore need to know what measures those other entities are utilizing in order to protect their own systems.

Businesses have to think in terms of security for their files and information in 3 major areas:

1. Who has a need to see the information?  Define the process of how they will have access to the information.  Determine its confidentiality.
2. When do they need to see it?  Maintain the availability of the data or information to meet those requirements.
3. Who is in charge of updating and modifying the information and files?  These are the actual people making the changes or adding/deleting information, as well as the computer operations staff.

Businesses also need to formally define their practices in relation to:

1. Firewalls.  This will check all incoming and outgoing Internet traffic and anything sent to or from other partner’s computers or employees working from home.  Network firewalls are dedicated devices designed to protect one or more computers and are essential for security.

2. Anti-virus software.  Personnel need to be identified who will process and install the updates to keep anti-virus software current.  New viruses are being created all the time and this will protect against them corrupting your system or network. 

3. Spyware removal.  Personnel need to be identified who will be responsible to keep the software current with updates and process it to protect against spyware getting into the system or network.

4. Software updates.  Personnel need to be identified who will be responsible to keep the software current.

5. Backup procedures for information.  Personnel need to be identified who will be responsible to insure that all necessary information is backed up, can be restored, and is retained for the appropriate length of time.

6. Password integrity.  Personnel need to be identified who will be responsible to insure that all necessary security concerns are met in the assignment of passwords, and that passwords are removed or changed when necessary.

Large and small enterprises and businesses are significantly dependent upon the Internet and have to always be monitoring their infrastructure and its security.