Network Security

Network security is an issue for all businesses. The challenges faced by small-to medium size businesses (SMBs) are unique and significant. Taken together, the ongoing threat to network security and myriad challenges to SMBs necessitates a unique and comprehensive approach to risk management, auditing and best practices.

While larger businesses have substantial resources with which to identify and defend against network security threats, all businesses face the same significant and constant risks. A large business can afford to dedicate staff time to network security, or hire an outside firm, or both, but SMBs (generally) cannot.

However, there are steps that can be taken by SMB's that can substantially reduce the risk of their being attacked and, more importantly, damaged.

Here are seven actions you can take to create a more secure network for your SMB:

Create a Network Intrusion Security defense. This means that ALL computers have an up-to-date Internet Firewall such as Norton's Internet Security software. Be sure and have them updated automatically on a regular basis.

Implement a Hardware Firewall. Ideally, one that provides stateful packet inspection. This can be through a dedicated router. The firewall will need at least three interfaces- LAN, WAN, and DMZ.

Implement and use the "Principle of least Privilage" in determining appropriate access to network resources. This essentially means that if a given group of users, whether they are internal or external, do not need access to certain systems, or applications, then they should be restricted from this access.

Use anti-virus software. This includes the network AND each individual computer, including laptops that connect to your network, since anyone can bring in a disc and accidentally introduce a virus. Also consider blocking some categories of attachments (such as .exe) that can introduce a virus or Trojan.

Use Strong Authentication. Left to their own devices, most users will pick short and frequently predictable passwords. There are many attack tools that try to guess user ID/password combinations, based upon a brute force approach (trying every possible combination) or that use a dictionary approach (trying common words from an electronic dictionary). Many operating systems provide the ability to force minimum password standards including length (longer is better), avoidance of using dictionary terms, and use of special characters (using punctuation characters, for instance, makes passwords less susceptible to dictionary attacks). Anything that can be done to avoid using standard dictionary words will help to improve security with regards to authenticating users. In addition, all users should periodically change their passwords.

Develop a computer incident response Plan. Even small companies need to think through how to respond in the event of a security incident. The computer incident response plan should identify the resources that will be involved in analyzing the incident, and the plan for analyzing and recovering from the incident.

Back up, back up, back up. There should be an off-site location where all critical data is backed up on a daily basis. There are many services that offer this protection. IN addition, you need to test that the back up/restoration actually works.

Network security is worth investing in. The downside of doing nothing may well be that your business ceases to exist when a malicious attack destroys customer records or valuable proprietary data. However, addressing the problem needn't necessarily mean hiring direct, expensive staff. If you would like to get an assessment from an outside company, there are many great security system integrators and managed security service providers who can assist an SMB to implement the appropriate solutions. When considering using a third party to assist with solving security problems, it is important to make sure that the organization has qualified personnel, and proven expertise.