How Secure is Your Network?
15 July 2008
Did you know that around 25% of large and medium size companies do not have a budget put aside for IT security? If you apply this statistic to smaller companies, the number of businesses not addressing IT security is far higher. So why is this?
At Axamba we understand the challenges businesses face in delivering products or services to their customers. The majority of our clients are small to medium size businesses and it's fair to say that their IT infrastructure, whilst important to the running of the business, is rarely the top priority from a budget allocation point of view.
However it becomes a matter of great urgency if anything goes wrong! So, why not plan in advance?
In your daily life you make conscious decisions about risk and as a business the principle is exactly the same. You need to decide on the level of security and the level of access you require for your network.
The types of threats to your network vary considerably and include unauthorised access, executing commands illicitly, confidentiality breaches, destructive behaviour, for example data destruction or the changing of data.
These threats can come from a variety of sources - through any connection that you have to the outside world. This includes Internet connections, dial-up modems, and even physical access. (How do you know that one of the temps that you've brought in to help with the data entry isn't really a system cracker looking for passwords, data phone numbers, vulnerabilities and anything else that can get them access to your systems?)
So, in order to be able to adequately address security, all possible avenues of entry must be identified and evaluated.
Start by having a written security policy in place. Creating a relatively short list of high-level practices can help prevent security disasters, and also help limit the damage if the preventative measures you have undertaken are unsuccessful.
Some good basics for your network security start here:
- Keep your anti-virus software up to date
- Make sure your firewall is appropriate for your network
- Data back-up - keep copies of business critical data off site
- Keep up-to-date with all operating system patches
- If you are using a wireless network, make sure you use encryption on your wireless access point
- Make sure your password policy is robust and that employees do not write their passwords on a post-it note that is stuck onto their computer!
- Specify someone in your organisation to be responsible for all of your security practices (or outsource).
Once you have established the basics its good to provide a level of separation between your intranet and internet - in other words what you have internally and what is coming in from external sources - this will require a firewall. A firewall is a device that forms a barrier between two networks.
With so many options available, it makes sense to spend some time with an expert, either in-house, or an experienced consultant who can take the time to understand your organisation's security policy, and can design and build a firewall architecture that best implements your policies. Other issues like services required, convenience, and scalability might also be factors in the final design.
Security is a very difficult topic and everyone has a different idea of what it is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization. Once defined, everything that goes on within the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices.
Remember the importance of getting feedback about everything that you implement in the organization - only then can you continue to improve but this will also enable you to minimize your organization's exposure to the risks.
Security is everyone's business, and only with everyone's cooperation, an intelligent policy, and consistent practices, will it be achievable.