There are many threats that today’s growing small businesses need to be concerned with. Paramount among these concerns are content-related and physical-access threats.
Content-related threats generally refer to access of content from the Internet by internal users of the network in violation of company policies. But a new type of content-related threat is an infected file that combines several standalone viruses or attack methods in one package. For example, the myDoom virus, using email as its carrier, set up an SMTP email relay engine on each computer it infected to propagate the virus throughout the network. These so-called blended threats are complex and often avoid detection entirely.
Unauthorized access to corporate network resources can occur in many forms. The most common example is an external hacker trying to gain access to equipment and information on a corporate network. Internal users represent a risk as well, either purposely or accidentally, by using restricted resources of the network. An internal user may even hide his or her identity by “spoofing” an IP address of a resource that already exists on the network.
Only a thorough, companywide security policy can protect your network equipment and information. It must be comprehensive enough to address both internal and external users of wired and wireless connections while ensuring that all access points of the network are properly defended.
A detailed security policy is the foundation for maintaining a secure enterprise network. Here are some of the key elements to consider when developing a security policy:
- Lock up and monitor physical access to all core network resources.
- Lock and password-protect all physical and logical ports of your network.
- Lock network services such as FTP, SMTP, Telnet and Web. Additional network services should be allowed on an as-needed basis.
- Install firewalls to protect all entry and exit points of the network.
- Block external access to all internal resources, offering access on an exception basis only. This excludes public servers, which should be isolated from the rest of the network by placing them in a protected demilitarized zone (DMZ).
- Secure all servers with a dedicated firewall to provide granular security and to enforce access privileges.
- Connect remote sites to the main campus by secure VPN communication links with attack protection, strong user authentication, and data encryption.
- Incorporate fail-over or redundant elements to protect pathways into and around the network.
- Define and implement clear maintenance and update policies for keeping current all scanning and filtering software and hardware.
- Inspect the broader context of supplier, partner, and independent contractor connections to block blended threats at all access points.