Secure Your Network Beyond The Firewall

If your security stops and starts with a firewall, you're in big trouble. The security pros tell you what else you need to do.

April 17, 2006

4 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Sure, network firewalls will help protect you against a wide variety of threats. But if your security plans stop and start with a firewall, you're in big trouble.

So network security extends beyond simply setting up a "good enough" firewall. There are other things you need to consider to help secure your network, and not all of them are tied directly to the network itself. Here are six tips from the experts to give you help.

1. Software that enables your business also threatens your business.

Even though new applications like instant messaging, VoIP, Web conferencing or other voice/data convergence software can potentially increase your company's productivity and cost savings, they are also increasingly becoming vulnerable to hackers.

"Personal e-mail, instant messengers and Skype are all ways to shunt data of all types from [Point] A to B, usually without any permanent record of this occurring," warns Tom Newton, Product Development Manager for SmoothWall, Ltd., which produces SmoothWall Express, an open source firewall."As your applications evolve, so must your security. It's no longer enough to just look at network security, remote access, and host security individually. They must all work together to stop attacks that are piggybacking on your latest applications," say Bill Jensen, Product Marketing Manager for ZoneLabs, LLC, makers of the popular ZoneAlarm network security software.

2. Secure the hardware, not just the software.

Network security is usually thought of in terms of software, but don't forget about the hardware itself. Jensen gives one such example: "Ensure those sockets you patched in temporarily last month have been removed. In fact, get into those patch panels and ditch everything that's not needed."

Similarly, treat outside hardware devices with caution. iPods and digital cameras -- virtually any gadget -- can be used to move important data off of your network, and bring in malicious data you would rather keep out. No one should be able to add or remove USB, IEEE or other devices at will. Consider deploying lockdown software to disable unused ports.

3. Rope in your wireless network.How far does your wireless network spread? Make sure you know how far your network's wireless access points reach, and reduce the transmission power, if possible.

"There's no need to cover next door as well!" Newton points out. "Even if you're confident in your wireless security, few users truly need wireless access. Those that can't live without it should be monitored carefully, and perhaps forced to authenticate over VPN. You may as well keep track of who's got what, IP-wise -- a network scan might show up a few unexpected visitors."

4. Your SSL VPN could be delivering information to the wrong hands.

SSL VPNs enable users to access information with their home computers, PDAs or even cell phones -- and you have no control over these devices.

"For all you know, an employee of your company could be downloading spyware off the internet and then accessing your confidential information. SSL VPNs [could] become a way for spyware to make off with your data," says Jensen. "You need to change from a 'control paradigm' to an 'assurance of trust paradigm.' In other words, let any computer on but check them to make sure they meet your level of security."

5. Who's the "admin"? No one.While you are tightening the ability of users to add and remove hardware, establish what they are allowed to do not only on the network but also their local PCs.

"Make sure your users can only do what they need to do. In almost every case this means they should not run as 'administrator' -- I never do, our CEO never does, no one does. If you're using a piece of software that demands you run as admin, you should look at alternatives, as this is a sign of poorly written code," Newton says.

6. Establish an Acceptable Use Policy and keep it up to date.

Your company's Acceptable Use Policy must reflect its current business and network conditions. Most importantly, both new and existing employees must be aware of it, and fully understand it.

"A recent survey by SmoothWall indicates almost 40% of employees are unaware of their company's AUP. Not only does the AUP offer assistance when disciplinary action must be taken, it also determines network policy. So as a network admin, you really should know it inside out," Newton says.0

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights