Saturday, April 29, 2006

Network Security - Not With a P2P Network!

Most small business networks grow and evolve as the business grows. In one way, this is good. It shows the business is growing, becoming stronger. Unfortunately, from a network perspective, it can be a disaster in the making.

Most small business networks are setup in a peer-to-peer (P2P) format. In contrast, large corporate networks are setup in a domain format. What does this mean to you?

First, let us define the two network formats. In a P2P format every PC is responsible for its own security access. Basically, each PC is equal to every other PC in the network. These networks generally consist of less than ten computers and require a large amount of administrative overhead to function securely.

In this format the attitudes of the user population is of prime importance. If they have a high level of security conscience then your network will be more secure, if they don’t your network will be wide open to insider exploitation.

You can see the problem. Ten computers and ten administrators equal little accountability.

In a domain system there is a single point of administration, your network administrator. He is responsible for maintaining the network.

A network setup in this format consists of at least one server, a domain controller, to administrate the rest of the network. This domain controller manages user and computer access, freeing the network administrator from the necessity of touching every PC in the network.

When a user logs onto her PC in a P2P network she only authenticates on it, in a domain system it is a little more complicated.

In a domain system she logs onto her computer, her login ID is first checked with the domain controller. If it is found she is granted access to the network resources assigned to her. Then she is allowed to log on to her desktop. If her ID isn’t found then she only has access to her local PC.

Now that you know a little about the two network structures you can see the advantages of the domain design.

As stated earlier this format requires planning to achieve. You must sit down and outline what you want your network to accomplish.

Consider what access your users really need to do their jobs. In the computer security world this is called granting the least amount of access required to do the job. Do your sales reps really need access to your financial files? What about external vendors?

All of this needs to be thought out and addressed.

Here’s an example of how I setup a small sales organization. This business consisted of about eight employees and the two owners. With the assistance of the owners we defined three user groups.

The owners group was granted full and complete access, while each of the other groups received lesser and different accesses. The admin group received access to the financial and administrative functions, and the sales groups receive assess to the sales and customer management data. Specifically, they were excluded from the financial and administrative and the owner’s functions.

Additionally, we setup auditing of both successful and unsuccessful attempts to view certain types of data. We did this to add a layer of accountability to the network. This increases the security of their customer’s data because we can now tell who and when the data was accessed.

Network security personnel know that most network security breaches occur from the inside! In my experience most small businesses use the P2P format because it is the easiest to implement and because they don’t know the security compromises they are working under.

This can be a ticking time bomb for your business. Eventually, you will experience a security lapse that could land you in court.

For instance, you have an employee leave your business. This employee downloaded all of your customer data before he left. Next, he sells this data to someone who uses it to steal the identity of several of your customers. Eventually, this theft is discovered and traced back to your employee.

Your former customers in fully justifiable outrage take you to court charging you with negligence. Specifically, they hold you responsible for failing to safeguard their personal information.

Your case will be much stronger if you can show you have positive control of your network. You can point out your security procedures. Employee logon auditing, security updates, acceptable use agreements, etc. In short you can show that you have taken the steps that a reasonable person would take to secure your network and customer data.

Hopefully, your lawyer can then place the blame directly where it belongs. On the employee who stole the information in the first place. Ask your attorney about this! Don’t just take my work for it, I’m not a lawyer.

Remember, network security is a result of through planning, not hap hazard improvisation. Give your network the same attention you give to the rest of your business.

If you do not have the skills or the time to be your own network administrator, you can contract with someone to handle this for you on a part-time basis. Just make sure they are reputable, you are putting your business in their hands.

Friday, April 21, 2006

7 Simple Reasons Why You Need a Network Security Camera for Your Home

Pros

1. Easy to install: Most of the network cameras on the market are plug and play and/or have very simple to follow instructions for both the hardware and software end.

2. Comparatively cheaper than other security systems: Instead of paying a highly trained technician to install a complex CCTV system, and pay him on an ongoing maintenance arrangement- you can have a network camera security system that can stand on it's own against CCTV and traditional security systems.

3. Works with your existing computer network: If you already have a home network, then the network camera works with your settings, so you don't need to pay more for the proper security infrastructure.

4. Provides peace of mind: watch your home, watch your childs room, watch your vacation home, watch your pets while you are on vacation, etc

5. See remote areas: as far away as across the globe, or your own front porch from a centralized area. Can even remotely view your children at the nursery (depending on the nurseries policies though this is becoming more standard)

6. Flexibility: Prefer not to be tethered to the security control panel or hire a full time security professional to monitor things, then get security alerts which you can view from cell phone, laptop, or PDA device, and provide multiple users access to the various security assets.

7. Receive alerts via email when detects motion, either when someone visits your home, or when your children leave home to hang out.

Cons

1. May have poor image quality depending on model and configuration, and wireless cameras in general have poorer image quality on the lower to mid range.

2. For more bells and whistles, like sound recording, scheduled emails, and motion capture, it varies greatly from model and software description.

3. Generally, outdoor surveillance equipment is more costly, especially if you want the ability to remotely pan/tilt, zoom in, zoom out, and want a waterproof camera. However for a home system this is probably not as urgent as opposed to for a business situation.

4. Drains computer network resources, so if you don't have a speedy computer, then there's a chance of a slight slow down in your collective resources.

Remember that despite the cons, the benefits outweigh them as they provide great security results at a lower installation and maintenance cost than traditional Closed Circuit Television systems.

Wednesday, April 19, 2006

Network Security - Methods For Controlling Threats

Since firewalls are so commonly used it is worth exploring them in greater depth. Corporations often set up rules for managing their Web connections using firewalls. A firewall enables a company to designate how all end users can use their network and decide what information is passed through Web servers and other servers.

There are several methods a firewall uses to control traffic that comes into and goes out of the network. One way firewalls do this is through packet filtering. During this process a firewall analyzes small packets of information against pre-designated filters. All data is sent via small packets of information through filters. Safe information is passed through and unsafe information is generally removed.

Another way firewalls mitigate traffic is through proxy service. This means the firewall retrieved information from the Web and sends it to the requesting computer. Still another method of traffic control used by firewall is stateful inspection. This technique allows the firewall to compare certain parts of the data packet to information gathered from trusted sources. Information going to the firewall from the Internet is monitored to determine whether it contains key characteristics that suggest the information is safe rather than harmful. Information designated as safe passes through freely and other information is blocked.

The methods a company selects will depend on a number of factors including personal preferences. Regardless of the method a firewall uses however a company or network administrator can customize the firewall to filter information based on a pre-established set of criteria.

Thursday, April 13, 2006

Network Security - All About Firewalls

The Importance of Firewalls to Network Security

Most networks should have a firewall in place before they are up and running. A firewall is the most common form of network security employed by companies large and small. If you own a personal computer your anti-virus software company may at one time or another have offered you firewall protection.

A firewall on a home network is just as important as one on a corporate network. Why? Most smaller networks have as many security issues that larger corporate networks have. A firewall helps protect a network against potential data loss, corruption and hackers.

What Is A Firewall

A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network. It is called a firewall because it prevent information or data loss from one place to another. Typically a firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network. A firewall provides a series of filters that screens information allowing only safe information to pass through to your network.

In a large company, multiple computers are often linked using network cards. Companies usually provide multiple connections to the Internet. In order to protect all of these computers a firewall is necessary so that only certain people can access corporate computers through the Web (those that are authorized to do so). While a firewall is not foolproof it basically does a good job of protecting computers from Internet threats at their connection points.

Sunday, April 09, 2006

Network Security - Little Known Threats

Little Known Network Security Threats

There are a number of common network security threats that can damage your network. Some prime examples include remote login capability, SMTP hijacking and backdoor entry to a computer network. There are however dozens of other ways someone can inadvertedly access your network and steal or damage your data. Here are just a few network security threats you should be aware of, whether you operate a private or corporate network.

DNS – DNS or denial of service involves a major attack on Websites. Usually this threat is reserved for large computer networks. When a denial of service attack occurs there is often little a company can do immediately to recover from the attack. When this happens a hacker connects to the server multiple times purposefully even though the hacker is denied access. Over time these repeated requests cause the system to slow and crash.

Macros – This is an application that allows someone to create a script of commands that can run on your network. These macros are capable of crashing computers and destroying data.

Virus – A computer virus is one of the most common threats any private or corporate network user faces. Fortunately viruses can usually be prevented using modern anti-viral software.

OS bugs – Operating system bugs occur when backdoors are accessed to operating systems. Usually a backdoor is left open to attacks when inadequate network security systems are in place. Fortunately adequate network security including use of firewalls can help limit ones exposure to this security threat.

Wednesday, April 05, 2006

Threats Network Security Protects Against

Top Reasons You Need Network Security

Whether you engage in global commerce or have a network established simply to communicate with others on the Web, there are a number of threats that exist when operating in the realm of the World Wide Web. Network security is an important function that ultimately will protect your computer and data from multiple threats. Here are some examples of common threats networks are exposed to every day:

Session Hijackers – Hijackers can access your computer in a number of ways. One way they can do this is through SMTP hijacking. This means a hijacker can gain access to your list of e-mail addresses through an SMTP server of an unprotected host. By doing so a hijacker is able to send spam to any users listed in the e-mail address book. This is actually a frequent problem networked computers have to deal with. It is usually very difficult to track the origin of a spammer in this case as email is usually redirected through various hosts.

Backdoors – Certain programs allow remote access through application backdoors. Still others have glitches or bugs in the system that allow someone to gain access to the network via a backdoor. This is very dangerous as the interloper can then take control of multiple programs.

Remote login – In some situations a person can connect to your computer network from a remote location and take control of certain computer functions. They may for example view or change files and run programs unbeknownst to you on your computer network.