Attacks are surprisingly common. We’re just hearing more about it these days (Hi there Epsilon and Sony) because they’re now affecting larger companies and millions of people. Before, outbreaks may have gone unreported, except at the Web sites of antivirus software vendors.
What makes you want to pull your hair out even more is that every time you learn to defend against one kind of attack, hackers seem to come up with new and more creative ways to send spam. And if hackers on the Internet aren’t enough to worry about, you also have to worry about your own network users deliberately or inadvertently causing damage.
Although this perpetual onslaught can overwhelm you and make you feel like you’re fighting a losing battle, the reality is that with some basic precautions, you can defend your network against the vast majority of threats.
Have a plan
Start by making a security plan. Generally, the larger the network you’re administering, the more formalized the plan should be.
Your security plan should include:
- Education — Teach network users how to avoid threats.
- Access policies — Control physical access to the network through lock and key or password protection.
- Software — This includes the software required to protect your network and the scheduling of regular updates of both antivirus software and patches issued by software vendors.
- Firewall — If a firewall is needed, consider what kind of a firewall is needed and schedule regular reviews of firewall policies.
- Backups — In case your network does fail, you should be ready to repair the damage and restore lost data.
Keep on top of the latest hoaxes and viruses and make sure your network users know about them. Teach your network users to be suspicious of and report anything that doesn’t look “right.”
This may seem like common sense, but common sense isn’t always common place. Be sure network users know never to reply to or forward spam. Hoaxes and scams run rampant across the Internet. Any e-mail that promises money, asks for personal information, asks you to forward or respond to something, or tells you something bad will happen if you don’t respond should always be deleted.
Warn your network users about bad neighborhoods on the Internet. If they start poking around on sites that offer pornography, gambling, and too-good-to-be true (It just fell off the back of a truck, really?) deals, they’re more likely to be exposed to viruses and scams. Although you can use a firewall to deny users access to dubious sites, it’s virtually impossible to filter out all of them so network users should be aware that dangerous sites are out there.
Be aware that security breaches happen “at home,” too. Anyone with network access can steal or damage your data or networking devices. Take the time to look at who has access to what, keep essential network devices under lock and key, and implement password access to sensitive data.
An important line of defense for your network is antivirus software. Buy a well-known brand and update it often. There are two major types of antivirus software: scanners and checksummers.
Scanners, the most popular variety of antivirus software, scan your hard drive or scan each file in real time as it’s accessed. Scanners work by comparing files to known viruses. They’re easy to use but must be kept up-to-date with the latest virus information to remain effective.
Because viruses change files, checksummers look for these changes to find signs of infection. They have the advantage of detecting unknown viruses that a scanner can’t detect; however, they also have trouble distinguishing between legitimate change and a virus infection. Another marked disadvantage of checksummers is that they can only detect infection after it happens-they’re useless for virus prevention. There is no such thing as ideal antivirus software, and different products have different strengths and weaknesses. For the most effective protection, it’s a good idea to use more than one antivirus program.
In addition to using antivirus software, it’s also wise to always install software patches as they’re issued. Modern software is very complex, making it difficult to thoroughly test for security holes. Often these holes are discovered after software has been out for a while. At this point, the vendor will release a software patch, usually available on its Web site. Many computer break-ins can be prevented simply by keeping your software patches up-to-date. Regularly schedule a check of software patches issued by your software vendors and use them where needed. Do NOT install software patches that arrive unsolicited through your e-mail, as many viruses masquerade as software patches.
Hackers probe computer networks for open ports looking for a way in. Your goal is to make sure that unused ports are blocked and that your network only accepts legitimate requests for service. This is where a firewall comes in.
The firewall blocks unwanted traffic while letting through the traffic you want. It makes decisions that allow or deny access to services and ports on your firewall.
A firewall enforces your access control policy, but it’s up to you to decide what that access control policy is. You can block whole ranges of ports-everything that you do not require to be open. Firewalls generally come preconfigured to deny all access to all ports. It’s then up to you to instruct your firewall to allow network traffic through to specific ports on specific PCs in your network. When a request for a service is made, the firewall inspects the request to make sure the type of request matches an available port.
Backup and recovery
Back up your files on a regular basis so if your network is invaded, you can replace corrupt or infected files with your backup copies. With regular nightly backups, even the worst disaster will never cause the loss of more than a day’s data. Backup copies should always be stored on hard media in a separate location-NOT on a server connected to the network.
Do you have a plan to cover an unexpected disaster?