Network Security - What You Don't Know Can Hurt You

By Laura McInerney



What is network security? To some, it is a lifelong career - a never-ending quest to stay ahead of the bad guys. The average person envisions a social deviant tucked away in a dark room, face fixated on a monitor, untiringly hacking at the keyboard, connected by the Internet to anywhere. And, it could be anyone - from the socially misguided but intelligent youth next door to a terrorist with a mission and unlimited funding from an organization who strives to destroy American commerce.

Yet, external hacks represent only 20% of all security breaches. Most data threats are caused by things closer to home, such as disgruntled employees, viruses or crashed hard drives. About 12,000 new viruses are introduced yearly and hard drives carry a 365-day warranty for a reason. But, chin up - here are 10 key ways to protect your business.

1. Have a good backup strategy. First, have an offsite data storage plan. Second, install redundant hard drives in mission-critical machines. Configure a daily backup of the entire operating system and all data. For a few hundred proactive bucks, mission-critical machines can be up and running in minutes when their primary drive crashes, with no downtime for operating system reloads or data restores from backups.

2. Keep an up-to-date, reputable virus scanner. Top virus scanners such as MacAfee and Norton distribute updates daily if necessary, and they need to be run on any machine that gets e-mail, surfs the net or shares files.

3. Keep your virus scanner running. Yes, it may slow down your computer. A slow computer can be remedied in more elegant fashions - but not by turning off the virus scanner. Set your scanner to delete infected files and automatically scan floppies, e-mails and documents. Here's the tricky part - occasionally a virus can squeak through, especially if you don't religiously follow #2. Make it a habit to manually scan your entire hard drive to catch this.

4. Be smart about loading programs. Don't load illegal copies of software rife with viruses. Don't download programs like Kazaa, Morpheus or BearShare that are not Microsoft-signed applications. Don't click "okay" on pop-ups. Ignore virus hoaxes telling you to delete files from your machine.

5. Be cognizant of behavior changes. If you find your browser acting strange or characters are delayed - get help. Your browser may be redirected so keystrokes can be copied. Someone is waiting for you to type a password or credit card number. With global e-commerce revenues of $1.1 trillion in 2002, Economics 101 dictates there is an enormous demand for ongoing development of hijacking programs that bypass casual security measures.

6. Have an appropriate firewall strategy. If your network is connected to the Internet, you need a good firewall. The device (either a host computer or router) that is directly connected to the Internet should be the only one that has a firewall. Firewalls are not virus scanners. They prevent intrusion by blocking unauthorized external packets. They also prevent backdoor trojans from sending unauthorized internal packets back out to the Internet after they may have copied your files or keystrokes.

7. Secure your network devices. It may surprise you to know there are free programs on the Internet so even a marginally motivated hacker can easily scan wired and wireless networks for default passwords and logins for access to your private network. It might surprise you even more to realize how common it is that network installers never bother to change the default passwords and user IDs.

8. Use a secure operating system, and keep it up-to-date. Like all packaged "new" software, operating systems on the retail shelf are out of date before you even buy them. They all need Internet patches to update them against ongoing security holes. Some holes are designed to cripple a computer so a hacker can steal the computer's identity and perform transactions. In addition, secure operating systems like XP Professional require user names and passwords that older operating systems may skip. The diligent use of user names, conscientious file privileges, passwords and regular attention to security patch updates makes a far more difficult environment to crack.

9. Only allow certified professionals who are bonded and insured have access to your computer. You wouldn't let a contractor repair your roof who didn't have a license, insurance and experience. If they goof and leave you with no roof, at least you can move into a hotel and sue them. You can't suddenly restore your business environment if your "neighbor's daughter's teenage boyfriend who is really good with computers" accidentally deletes your boot partition.

10. Most importantly, remember that good network security is a process, not an end result. By definition, a solid firewall, virus scanner and patched up operating system that is "foolproof" today will be compromised in the future. The bad guys aren't going to give up. Fortunately, the good guys won't either. Your job is to implement what the good guys are doing, and keep it updated.



Laura McInerney lives in Columbia and is the local franchise owner for Geeks on Call covering Howard County and Baltimore. She can be reached at 410-274-7961 or 1-800-905-GEEK for technical support.