Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Some Easy Things To Do To Secure Your Network

I'm sure we all know IT managers who try their best to be proactive. They update their software as soon as possible, they apply patches as quickly as they can, and they make sure that they have updated firewalls, vulnerability scanners and intrusion prevention appliances. They also spend their time hopelessly backlogged with all of the work, and sometimes it comes home to haunt them as they find themselves being attacked through a opening they haven't patched yet or a vulnerability their scanner missed.
But it doesn't have to be this way. According to Peter Tippett, CTO of the newly-formed security company Cybertrust (formed from TruSecure, BeTrusted and Ubizen), you're better off looking for good solutions instead of perfect answers. "A few solutions that are only 80 percent effective give an overall 99.9 percent solution," Tippett says. In fact, he says that the most effective security solutions require little time and less expense, and can reduce your exposure 40-fold.

The most effective solution, he said, is to simply set your routers to what he calls "default deny." By this he means that your routers should be set so that all traffic from outside your network is denied entry or exit, except for traffic that's specifically allowed. How do you know what traffic to allow? Tippett suggests checking your router logs. You'll see over the course of a couple of days what traffic leaves your network, where it goes and where it comes from. The same is true for incoming traffic.

For example, Tippett said, e-mail traffic should only be allowed to go to or from your e-mail server. E-mail attempting to get to the internet from other sources shouldn't be allowed, unless you have specific devices that require e-mail to communicate, such as some types of instrumentation.

The same is true of other types of communication. You can assume, for example, that your Web server will receive requests at port 80. So you should set your router so that it only lets incoming port 80 requests go to that one address, and that it restricts requests to that one port.

Tippett said he realizes that this solution isn't perfect, but it will solve about 80 percent of the problems with worms and other malware gaining access to your network, and it will largely prevent communication to the outside world for those that do get in.

  • 1