ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

IT for mere mortals - Securing the network

Updated on July 13, 2014

Security is a paradox. People demand it but refuse to acquire it.This is due to the fact that as the security goes up the convenience declines and vice versa. Safety vs. happiness -there is no right answer in it. You have to decide. You must help your boss to decide.


This is crucial because it is the base of what I am about to share with you. When the very owner of the business (hence the network) you are protecting doesn’t care, in security perspective, whatever you do will be wrong. It is not a theory, it is a natural law.
Do not proceed on any security initiative (well unless it is as obvious as physical security) before you succeed on getting the management’s commitment.

Once you have the commitment this short todo list will help you create an above average secure network

Deploy the firewalls and antimalware software and keep them updated.

They are the first thing you do because they will be the last thing you rely on. I mean with the virus and antivirus analogy, isn’t it clear that the cure is always one step behind the disease? Zero day attack is the official term for that unfortunate phenomenon. In the long run, anybody who rely solely on these solutions are as good as those who have no solutions. Nevertheless they are a quick and effective solution for known threats. They cover the bases.


Kill all usb ports on all user’s machine.

I kid you not. USB stick is the reincarnation of floppy disk - the backbone of the snicker net. Remember those dark ages? You do not want to revisit that memory in today’s more complex and more open network. After all, if you still allow people exchange files with removable devices why bother having a network?
Restrict files exchange through removable devices to several people who have the responsibility to scan the devices and know what to do when they do not pass the scan.

Never allow any user to run as local admin (or root for the enlightened ones).

Why?
You can kill the usb drives but you can not shut down the e-mail service. So allowing users to install their own program poses the same risk as the removable storage. Plus in worst case scenario where the machine does get hit by a virus, the virus will operate under the user’s right. Not the admin’s.

Need to install an application? Call IT support and have that questioner that assess why the application is a legitimate need, filled out and signed. Yes, needless to say, you need to standardize application used for the business before you implement this policy.

And make sure you implement strong password for that local admin account.

Whitelist the internet connection.

If blacklist act like parents trying to fend off bad influence to their children, whitelist is like a bouncer of a club that allow only legitimate guests to get in the party. So instead of banning bad links or sites, you banned everything (including search engines, news sources, EVERYTHING) except the legitimate links or sites. What kinds of business need users to have full access to the internet? How many of them? Is your business among those few? Precisely.
Customers, suppliers, governments and business partners -what is there left to consider?
If a user manage to give a compelling argument to have full access, provide half a dozen standalone (that means totally not connected to the company’s network) internet stations.
Need to download files? Use the usb stick and go to those few people addressed in the second point before.

Last but not least have a recovery plan ready and ensure it works.

Security is a myth.
An admin’s job is not to fight hackers, neutralized malwares or to create the most secure network in the planet. Admin’s sole purpose and responsibility is to keep the services needed by the organization to do business, running. This is very important to keep in mind especially when under attack and when you wonder why you go all the way to college just to sit and wait for a backup routine to finish the process. As dull as it is, this is how admins perform their magic of resurrecting a dead network.
From tape backup to disaster recovery site get and implement them when you can afford it.

Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      Sophia Angelique 

      7 years ago

      Nice hub! )

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)