 |
|
||||||
 |
 |
 |
 |
 |
 |
||
Protecting Your Network from Attack
Protecting your network from damage that can be caused by a network attack requires an integrated design which encompasses the following areas:
- Internet connection security
- Remote user security
- Anti-virus system
- Power protection system
- Data backup regime
If all these areas are protected then even if an attack manages to break through one of the components the network and the vital data stored on it will not be completely lost.
Internet Connection Security
In an ideal security world business systems would not be connected
to the Internet, but that is simply not possible in today's business environment.
Therefore, a security strategy is required to protect both the actual
connection and the computers within the internal network from attack -
or hacking. Hacking computers is an offence under UK legislation; however,
most hackers do not operate from within the UK and thus are almost impossible
to prosecute. Anyway, retribution is not the name of the game, prevention
is the key.
As a baseline, your network should use Network Address Translation (NAT) to mask the identity of your internal computers as your users browse the Internet. NAT gives all your computers the same identity as they access Internet servers and NAT also drops any data that is not part of an ongoing, internally initiated, connection. If you have no requirement to let external users access your network from the Internet NAT provides a reasonably safe solution. There is however one major issue that should be addressed, what device are you using to provide the NAT function? In the main we recommend that you use a hardware device rather than software running on a standard computer - if the software can be hacked then the NAT function is meaningless.
Remote User Security
If you need to let remote users, such as staff or customers, access your
network through the Internet then you really need to move up to a Firewall
solution. Firewalls inspect every data packet flowing through them and
can drop or accept the packet based on a set of configurable rules. Setting
up these rules correctly is vital to the secure operation of the Firewall.
When remote users need to access your servers they fall into two groups; users who would be allowed to use the network if they were in the office; and guests who only need to access certain information. For the former you should consider a Virtual Private Network (VPN) solution, which effectively allows them to 'appear' as local users. For the latter a secure, internally hosted website or 'Extranet' will probably suffice.
Anti-virus System
A robust Anti-virus system should protect all the possible avenues of
attack in the network and provide automatic updates to the detection routines
to capture new viruses as they appear. The routes of entry for viruses
include:
| Floppy discs | CD & DVD | Server data transfers |
| Word documents | Excel spreadsheets | Internet web pages |
| Corporate Outlook email | Internet Outlook Express email | Web based email (Hotmail etc) |
All these routes of entry and the storage devices on the network need to be constantly scanned and protected.
Power Protection System
Most businesses fail to consider the need for power protection and un-interruptable
power supplies (UPS) as the mains supply in most buildings is quite robust.
However, have you considered what would happen if the kettle boiled dry
and blew the main fusebox or a disgruntled employee tripped the mains
on the way out of the office. The loss of power in those situations could
loose more data than any Internet hacker attack.
Data Backup Regime
The data backup regime for your business is the insurance policy when
one of the previous protection systems fails - or even if your network
administrator accidentally deletes all the users files on the server!
You should take regular backups of all your business critical data and
then store the backup media in a suitable fire safe, so that even if the
building burns down you can quickly recover your business. It is important
to note that filing cabinet fire safes are not suitable to store backup
media - they melt the tapes!
This quick overview of the methods to protect your network from attack
has provided basic information on the key areas of concern. For more information please complete an information request form and one of our
team will contact you to discuss your requirements 
