Anthony C. asked:
Network security should encompass all aspects of a network from the desktop to the perimeter. A multifaceted and multilayered approach to network security for any organization or business provides the ideal protection coverage against internal and external threats. For small networks or even a single computer, a router with integrated firewall is usually sufficient. For larger networks a dedicated firewall at the network perimeter may be more appropriate. A good number of dedicated firewall appliances can also provide secure Virtual Private Network (VPN) connectivity. The most common feature provided by dedicated firewalls is their ability to inspect, block and report malicious network activity usually initiated from the internet. Firewalls that provide this functionality are often designated as an Intrusion Prevention System (IPS).
A content filtering device is a good complement to a dedicated firewall. These types of devices usually include the ability to monitor, filter, regulate and report on all web related traffic. They are usually installed transparently in line between an internal switch and router or firewall. All internet inbound and outbound traffic is then forced to pass through it. This type of installation is often referred to as “bridged mode.” Some content filtering devices can also be integrated with a network directory for individual, detailed monitoring of end user web related traffic. Microsoft Active Directory and Novell eDirectory are examples of directory services that can integrate with a good number of content filtering devices.
Desktops and servers should be protected by antivirus and anti spyware applications. There is a wide variety of enterprise level threat protection software available in today’s current marketplace from numerous vendors. The ideal threat protection software should include at a minimum, frequent if not daily virus definition updates, centralized management and reporting, active protection and the ability to guard against unknown threats.
Another aspect of the network that needs security related consideration is what the users are allowed to do on desktops and laptops. Management may want to evaluate and implement access and rights appropriate for their environment and the nature of the organization. Should users be allowed to install software on their own or should the use of removable devices be disabled company wide are examples of issues that should be addressed when defining security policies and procedures.
Lastly, physical security is also important when considering all security related aspects of the network. Servers should be secured and access regulated and documented. It is also best to make sure that backup media is secured whether stored on-site or off-site. In conclusion, a proactive effort in utilizing these network security best practices coupled with consistent monitoring, constant re-assessments and adaptive reconfiguration are all essential in ensuring the safety and protection of an organizations data, intellectual properties and physical assets.
Network security should encompass all aspects of a network from the desktop to the perimeter. A multifaceted and multilayered approach to network security for any organization or business provides the ideal protection coverage against internal and external threats. For small networks or even a single computer, a router with integrated firewall is usually sufficient. For larger networks a dedicated firewall at the network perimeter may be more appropriate. A good number of dedicated firewall appliances can also provide secure Virtual Private Network (VPN) connectivity. The most common feature provided by dedicated firewalls is their ability to inspect, block and report malicious network activity usually initiated from the internet. Firewalls that provide this functionality are often designated as an Intrusion Prevention System (IPS).
A content filtering device is a good complement to a dedicated firewall. These types of devices usually include the ability to monitor, filter, regulate and report on all web related traffic. They are usually installed transparently in line between an internal switch and router or firewall. All internet inbound and outbound traffic is then forced to pass through it. This type of installation is often referred to as “bridged mode.” Some content filtering devices can also be integrated with a network directory for individual, detailed monitoring of end user web related traffic. Microsoft Active Directory and Novell eDirectory are examples of directory services that can integrate with a good number of content filtering devices.
Desktops and servers should be protected by antivirus and anti spyware applications. There is a wide variety of enterprise level threat protection software available in today’s current marketplace from numerous vendors. The ideal threat protection software should include at a minimum, frequent if not daily virus definition updates, centralized management and reporting, active protection and the ability to guard against unknown threats.
Another aspect of the network that needs security related consideration is what the users are allowed to do on desktops and laptops. Management may want to evaluate and implement access and rights appropriate for their environment and the nature of the organization. Should users be allowed to install software on their own or should the use of removable devices be disabled company wide are examples of issues that should be addressed when defining security policies and procedures.
Lastly, physical security is also important when considering all security related aspects of the network. Servers should be secured and access regulated and documented. It is also best to make sure that backup media is secured whether stored on-site or off-site. In conclusion, a proactive effort in utilizing these network security best practices coupled with consistent monitoring, constant re-assessments and adaptive reconfiguration are all essential in ensuring the safety and protection of an organizations data, intellectual properties and physical assets.
