Protecting Your Network
April 16, 2015
According to Beaver (2010), to have a secure operating systems and applications, you need to have a secure network. Devices such as routers, firewalls, and even generic hosts (including servers and workstations) must be assessed as part of the ethical hacking process. There are thousands of possible network vulnerabilities, equally as many tools, and even more testing techniques. You probably don’t have the time or resources available to test your network infrastructure systems for all possible vulnerabilities, using every tool and method imaginable. Instead, you need to focus on tests that will produce ...view middle of the document...
* A hacker can set up backdoors into your network.
* A hacker can attack specific hosts by exploiting local vulnerabilities across the network.
Before assessing your network infrastructure security, remember to do the following:
* Test your systems from the outside in, the inside out, and the inside in (that is, between network segments and demilitarized zones [DMZs]).
* Obtain permission from partner networks to check for vulnerabilities on their ends that can affect your network’s security, such as open ports, lack of firewall, or a misconfigured router.
Because of the proliferation of technology use, it has become necessary that the Security Administrator, along with Management, develop a Security Policy to help create a secure environment in which to conduct business. This policy must be based on a system that is static enough to form a strong foundation to build security upon, but also flexible enough that it allows rapid growth and speedy response to keep pace with the new advances, problems, and issues that arise in the ever changing landscape of the IT field.
Understanding what the system is getting secured from is essential to the Security Administrator. He must recognize the threats and which of the three main categories that the threats fit into. Network attacks occur outside of the system and differ greatly from Intrusions, which are user controlled attacks that happen inside the system causing damage internally. Malicious Code, or Malware, is automated attacks that, once released, act independently.
There are many tools available to the Security Administrator to help in securing a work environment. Purchasing hardware and software additions and upgrades can make all the difference in the level of security. Antivirus software helps to protect the system against the naïve user who might jeopardize the system while software firewalls protect by controlling the data flow between computers before the user comes in contact with it. A router serves as a hardware firewall controlling data between the computer connected to it and the Internet. Having a reviewable security policy in place helps the Security Administrator when dealing with the user community on the system. By putting a policy in place, this allows the SA to define the allocation of IT resources, by setting up rules which determine access levels.
With the ever expanding use of technology in the workplace, the role of the Security Administrator (SA) becomes more and more diverse and critical, but what could be the SA’s most important job is monitoring the integrity of the many different interfaces between users, personal computers (PC) and servers. In this world of hi-tech information sharing, where all of a business’s data can be stored on a device the size of a stick of gum, it is paramount for the SA to control the flow and access to this information by whatever means necessary. And there are many means available for the SA...