Protecting Your Network from Attack
Protecting your network from damage that can be caused by a network attack
requires an integrated design which encompasses the following areas:
- Internet connection security
- Remote user security
- Anti-virus system
- Power protection system
- Data backup regime
If all these areas are protected then even if an attack manages to break
through one of the components the network and the vital data stored on
it will not be completely lost.
Internet Connection Security
In an ideal security world business systems would not be connected
to the Internet, but that is simply not possible in today's business environment.
Therefore, a security strategy is required to protect both the actual
connection and the computers within the internal network from attack -
or hacking. Hacking computers is an offence under UK legislation; however,
most hackers do not operate from within the UK and thus are almost impossible
to prosecute. Anyway, retribution is not the name of the game, prevention
is the key.
As a baseline, your network should use Network Address Translation (NAT)
to mask the identity of your internal computers as your users browse the
Internet. NAT gives all your computers the same identity as they access
Internet servers and NAT also drops any data that is not part of an ongoing,
internally initiated, connection. If you have no requirement to let external
users access your network from the Internet NAT provides a reasonably
safe solution. There is however one major issue that should be addressed,
what device are you using to provide the NAT function? In the main we
recommend that you use a hardware device rather than software running
on a standard computer - if the software can be hacked then the NAT function
Remote User Security
If you need to let remote users, such as staff or customers, access your
network through the Internet then you really need to move up to a Firewall
solution. Firewalls inspect every data packet flowing through them and
can drop or accept the packet based on a set of configurable rules. Setting
up these rules correctly is vital to the secure operation of the Firewall.
When remote users need to access your servers they fall into two groups;
users who would be allowed to use the network if they were in the office;
and guests who only need to access certain information. For the former
you should consider a Virtual Private Network (VPN) solution, which effectively
allows them to 'appear' as local users. For the latter a secure, internally
hosted website or 'Extranet' will probably suffice.
A robust Anti-virus system should protect all the possible avenues of
attack in the network and provide automatic updates to the detection routines
to capture new viruses as they appear. The routes of entry for viruses
||CD & DVD
||Server data transfers
||Internet web pages
|Corporate Outlook email
||Internet Outlook Express email
||Web based email (Hotmail etc)
All these routes of entry and the storage devices on the network need
to be constantly scanned and protected.
Power Protection System
Most businesses fail to consider the need for power protection and un-interruptable
power supplies (UPS) as the mains supply in most buildings is quite robust.
However, have you considered what would happen if the kettle boiled dry
and blew the main fusebox or a disgruntled employee tripped the mains
on the way out of the office. The loss of power in those situations could
loose more data than any Internet hacker attack.
Data Backup Regime
The data backup regime for your business is the insurance policy when
one of the previous protection systems fails - or even if your network
administrator accidentally deletes all the users files on the server!
You should take regular backups of all your business critical data and
then store the backup media in a suitable fire safe, so that even if the
building burns down you can quickly recover your business. It is important
to note that filing cabinet fire safes are not suitable to store backup
media - they melt the tapes!
This quick overview of the methods to protect your network from attack
has provided basic information on the key areas of concern. For more information please complete an information request form and one of our
team will contact you to discuss your requirements