Network security is the most important part of any network today, whether it be a small home (SOHO) network or a large corporate network (LAN or WAN). It is vital to protect network resources whether they are files, emails, or any other information that is stored or passed through the network. A breach of security can often cause both personal and business loss, so it is more important than ever to secure a network.
The first step in securing your network is to first determine the elements that comprise your network and which of these elements are most important to protect. These elements can be routers, switches, servers, or even local user PC's or laptops. Once you determine what makes up your network topology you can then determine the key starting points and what you will need to do to secure each element.
Routers are often on the outside of a network and permit traffic such as email and internet/server access, to enter and exit the local network. It is important that only permitted traffic enter or exit the network and this can be accomplished in a few methods.
1) Access-lists can be configured on the router which permits certain traffic to enter or leave the device and the network. If traffic matches permitted access-lists then it will be allowed to flow. If there is no match or if it is denied then this traffic will be dropped. If logging is configured on the device an alert can also be sent to notify a network management system (NMS) that the deny occurred.
2) Access-lists will not catch everything so it is also useful to include a firewall in the topology. There are numerous models of firewalls available, whether they are hardware or software based, and they add an extra layer of security to the network. They are aware of certain patterns and traffic signatures and prevent users (inside or outside) from using loopholes in access-lists to get into your network.
Firewalls should be placed just inside of the network border router so that it inspect all traffic that makes it to or from the router and catches anything that should be allowed to be sent. One of the most popular types of firewalls on the market today is the Cisco PIX or the newer model ASA. These come in all types and support different size networks.
Switches are very similar to routers and can also use access-lists or policies to prevent unauthorized access. They can also use MAC address (hardware address) filtering to prevent users from connecting to the network. Some software allows end stations to only connect for a certain period of time and only to join a certain part of the network, often referred to as a VLAN (virtual LAN). This also ensures that these end users can only access the appropriate resources.
Even with the above it is important to keep in mind that access to these devices themselves is important. If a hacker can gain access to your router, switch, or firewall then they will have full access to the network. Make sure that passwords are secure and encrypted if possible. Only network admins should have full privileges for configurations and you should use an authentication server for permission to access the device. A server like ACS or Radius will authentication and authorize user access to network devices.
When most hackers try to get into a network they are looking to access important servers, whether they are simple file servers or important servers containing human resources or financial information. It is important that only authorized users can access these servers and using secure passwords can help to accomplish this. Passwords should generally be 8 characters minimum and contain letters, numbers and special characters. They also should not contain common words or a user's date of birth.
As with other network devices only administrators should have full privileges to manage these servers. A user should only be given as much permission as they are needed, no more. One of the biggest threats to the network is internal users and it is important that they only can access what they need. Important files or directories should be locked down and periodic audits or scans should be run on the server file system.
It is also important that only authorized or licensed software be installed on these servers. Very often users download and install applications on a server and it actually contains a Trojan or other malware that allows access to the server.
Physical access to all of the above network devices should be secure as well. They should be in a separate server or network room where only authorized individuals can gain access. If an intruder has physical access they can also do damage in a number of ways. They can either power down devices or console into them directly and make changes.
The end user or the internal network users who do their day to day job from a PC or laptop often pose a serious risk to network security. Very often they don't even know they are doing anything wrong or pose this risk. In order to make sure that these end users are secure and follow procedures there are certain recommended guidelines:
1) Always have antivirus or malware detection software installed on the end user station. It is also important to constantly update virus definitions as new viruses and spyware are released daily. You can also install a tool such as CSA on the end users system which will allow or deny actions such as opening files and making connections to systems.
2) The end user station should only be an authorized system and not the user's personal or home use device.
3) Only authorized software should be installed on these systems and users should not have system administrator privileges. End users often install apps they download from the internet which can block security measures or corrupt the file system.
4) Passwords should be secure and whenever possible encrypted or randomly generated by a tool such as ACE.
(ACE is used to generate one time passwords which expire after a period of time keeping passwords secure).
5) Make end users aware of "social engineering" methods to security.
Social engineering occurs when a user unknowingly gives us confidential or personal information to a hacker or network intruder who is looking for pieces of information. This can be via phone, email, or one on one conversation. They are smart enough to collect enough pieces of information to gain access to someone's system, files, or even the network.
Remote access to a network is now also a hot security issue as many workers connect to their work network remotely from home or while on the road. This provides even more security risks with information flowing freely over the internet for all to see. This is where the technology of VPN comes in handy.
With a VPN (Virtual Private Network) a user can create a secure connection to their corporate network which is encrypted and outside intruders will not be able to snoop or capture the packets for information. In order to VPN though a network will need 2 items:
1) The client will need VPN software to initiate the connection. This client is typically software based and installed very easily.
2) The network will need a device like a VPN Concentrator or ASA which terminates the VPN connection.
This allows workers to keep working while mobile and at the same time keep data confidential and protected.
Even with all of the above measures to increase and add security it is important to continually monitor the network. An NMS can monitor and receive alarms for security threats and in turn take appropriate action. This action could be anything from paging the network administrator to shutting down a connected interface on a router. It is important to both proactive and reactive when it comes to network security. An efficient NMS can make both security configurations and also receive alarms, thus saving on the number of applications you need to install.
Once you have configured network security it is a good practice to go back and periodically review your network topology and secure measures. By reviewing your network topology you still know where your devices are located, if any new additions have been made, and if any unauthorized devices are on the network. There are a number of network management tools available that will map out the network automatically and report all discovered devices.
Network security is ever evolving and new threats are created every day. Network and system administrators must make sure that they are up to date on all threats and that their devices are ready to handle any threat to the network. A secure network is very often an efficient network where traffic flows smoothly without interruption.