Best Practices for Network Security is the Topic - Essay Example

 Best Practices for Network Security Introduction There is no doubt that technological advancements have revolutionized how people live and conduct business. It has increased effectiveness in communication, enhanced convenience at work places, and facilitated networking of people from different parts of the world among other benefits. Individuals and organizations use networking technology in their daily use of devices such as computers to perform their tasks (Hui et al, 2012). Considering the threats posed in networking, network security has emerged as a top concern among many users of computers and internet. In the absence of security policy, the availability of network for individuals and organizations can be compromised. It is important for users of networks to develop a sound security strategy, which involves paying close attention to the reality of internet speed, changes in technology and other realities of the technology world. Users need to know how and what to ensure network security (Convery, 2004). Individuals and organizations ought to take security management, planning, design of procedures, and policy development in order to protect themselves from compromised security. Due to rapid technological advancements, network security is faced with new challenges frequently and this can significantly compromise the privacy and security of users. Therefore, it is important for organizations and individuals to meet the challenges of network and computer security by adopting best practices (Pauzet, 2011). In order to have an understanding on network security, this paper will discuss the best practices for network security. The first best practice for network security is creation of usage policy statements. It is important for organizations and other users to create usage policy statements outlining the roles and responsibilities of users in respect to security. The starting point should by establishment of general policy that covers all data and network systems within the company (Juels and Oprea, 2013). Such a policy should outline the general user community with the security policy understanding, its aims, and guidelines to improve their security practices, as well as the definitions of their responsibilities to security. Along with the creation of usage policy statements, a company should create a partner acceptable use statement providing partners with an understanding of the information that they have, the conduct of the company’s employees, and the expected disposition of the information available to them. It is important for the company to describe explicitly any particular acts that have been noted as security attacks and the punitive actions that will be meted in an event of detection of security attack (Pearce, Zeadally and Hunt, 2013). The final aspect in this regard is establishment of an administrator acceptable use statement in explaining the rules and procedures for privilege review, policy enforcement, and user account administration. In an event that a company has particular policies regarding handling of data or user passwords, it should present those policies clearly (Dey et al, 2012). The second best practice for network security is delivering corporate security training and awareness. Since it is the responsibility of all employees to ensure network security is achieved, it is important that they should be educated about acceptable and responsible usage of networks and other corporate resources. There is need to train them on network security including aspects of password policies. They should be invited for training sessions on network security after certain duration of time (Liska, 2003). During these sessions, employees should receive training about the do and don’ts of various network and computer usage that may compromise network security. For example, they can be taught about what they should do or not do in instant messaging. The training sessions should be interactive enough in order for employees to appreciate the need to ensure network security. In addition, a company should educate all employees on the need to join the mission of protecting corporate (Stallings, 2002). It is also important for a company to use awareness tools such as posters in order to create security-awareness. These tools can be pinned up in the offices as reminders. If employees are empowered, they will most likely willing to comply with the network security procedures. This will not only result to better network security, but it will also to enhance productivity and revenues for the company (Santos, 2008). Conducting of a risk analysis is the other best practices for network security. This practice will be essential in identifying the risks to the company’s data, network, and network resources. This does not imply that a company should not identify all possible entry point to its network (Hui et al, 2012). The main purpose of risk analysis is identifying portions of the company’s network, assigning a threat rating to specific portion, as well as applying appropriate security level. This maintains a workable balance between required network access and security. Each network can be assigned three levels of risks. The first one is high risk where if data is compromised it will extremely disrupt the business by causing major financial or legal consequences. The second level of risks is medium risk where if data or systems is compromised it will cause moderate disruption in the business with minor financial or legal ramifications. The third level of risks is low risk where if data or system were compromised it would not disrupt business, nor result to financial or legal ramifications. Each risk level should be assigned each of the following: network monitoring devices, e-mail systems, network application servers, core network devices, network file servers, access network devices, data application servers, distribution network devices, and network print servers among other devices (Convery, 2004). Running frequent information security self-assessments is additional best practice for network security. A company should make sure that its IPS or firewall is patched and is up to date. In addition, it should make sure that there are no rogue devices or wireless routers attached to its networks (Pauzet, 2011). Common Vulnerabilities and Exposures system (CVE) is accepted worldwide as the de fact standard internationally for vulnerability tracking on all networking equipment and computers. In order to ensure network security, a company should use such a system to minimize the security risks related to each computer software or hardware (Stefanek, 2002). In addition, it will be important for a company to perform its own security self-assessment against all possible risks. It should identify areas of weaknesses and work towards addressing them in order to harden the network security. Network security is not a product, but rather a process. As such, a company should self-assess its network security frequently in order to ensure enhanced security (Juels and Oprea, 2013). Another best practice for network security is performing regulatory compliance self-assessments. Chief Executive Officers, Chief Financial Officers, and Board of Directors are under extreme pressures for compliance. Apart from being charged with enhancing company’s performance, they are also required to protect their networks against data theft, as well as ensuring compliance with all aspects of Information Technology (Liska, 2003). Compliance requires that a company should accept legal responsibility. A company can either hire consulting firms to perform IT compliance audits or do it through the company’s IT department. When either is used it should start performing measurable compliance self-assessments. Also, a company should comply with regulations such as publishing information on their websites in an event there has been a confidentiality breach due to a successful hacker attack (Stallings, 2002). One of the ways of proving that a company is in compliance is to document its steps of data protection. A company should be in a position to prove that it has in place all the best practices and policies and the right tools and countermeasures to maintain integrity, availability, and confidentiality of corporate data. This practice is important because if a company’s network is ever compromised, it will have done its best in protecting against this occurrence and it will be less catastrophic for the organization (Pearce, Zeadally and Hunt, 2013). Establishment of a security team structure is the other best practice for network security. A company should create a cross-functional security team that is headed by a Security Manager with participants from specific operational areas of company. These representatives should be aware of the technical and security policy aspects of security implementation and design (Dey et al, 2012). Primarily, the security team has three responsibility areas: development of policy, practice, and response. Development of policy entails focusing on developing and reviewing company’s security policies. The responsibility of practice entails conducting the risk analysis, turning plain language security policy requirements, reviewing security alerts from vendors and mailing list, and the security change requests approval into specific technical implementations (Santos, 2008). Response is the stage where actual troubleshooting and fixing of security violation. Members of security team should know in detail the security features that are provided by the equipment in their operational areas. It is important that while the responsibility of the security team is defined, a company should define the individual responsibilities and roles of the security team members in its security policy (Hui et al, 2012). Moreover, prevention is considered as one of the best practices for network security. It has two main parts: approving security changes; monitoring security of user’s network. In regard to approving security changes, a company needs to do changes to network equipment that have impact on the company’s overall network security (Pauzet, 2011). The security policy of a company should identify particular security configurations needs in non-technical terms. For instance, one of the requirements should be that outside connections should not retrieve files from inside network. Such a unique security requirements of an organization should be well defined. It is critical for security team to review the plain language requirements list in order to identify particular network design or configuration issues that meet the set of requirements (Swaminatha and Elden, 2002). After the security team has created the required network configuration changes of implementing the security changes, a company needs to apply these changes to all future configuration changes. Although it may be possible for the security team to review each of these changes, this process only allows them to review changes that is considered to pose serious risk that warrants special treatment. It is recommended that the security team should review the following forms of changes: changes to control lists access, changes to Simple Networks Management Protocol configuration, updates or changes in software that differ from the approved software, and changes to the firewall configurations (Liska, 2003). The second part of prevention is monitoring security of the company’s network and it is a critical practice for network security as well. This practice starts from the determination of what violation of network security is. The level of monitoring needed is based on the identified threat to the system (Juels and Oprea, 2013). For example, in the practice of risk analysis, the firewall is one of the high-risk network devices and therefore it needs monitoring in real time. As such, any change to the firewall should be monitored frequently. This implies that Simple Network Management Protocol (SNMP) polling agent should monitor changes such as unusual traffic, connections setup via the firewall, access granted to firewall, changes to the firewall, and failed login attempts. The security team should then create a monitoring policy for areas identified in the risk analysis (Stallings, 2002). It is recommended that monitoring of high-risk equipment should be done on an hourly basis, while those of medium-risk equipment, and low-risk equipment should be done on daily and weekly basis respectively. If an organization needs faster detection, it should do monitoring within a shorter period. It is important that security policy of a company should address ways of notifying the security team of any security violation (Santos, 2008) (Santos, 2008). The other best practice for network security is response to security violations. Once violation is detected, the ability of security team to determine the intrusion extent, protect network security, as well as to recover normal operations largely depends on swift decisions. If these decisions are made ahead of time, it will make responding to any violation much easier and manageable (Pearce, Zeadally and Hunt, 2013). The first response action in an event of detection of violation is notifying the security team. A procedure should be in place to avoid any delays in getting the security team to apply corrective measures. Therefore, apart from defining a procedure for an organization’s security policy, the level of authority given to each member of security team should be defined (Stefanek, 2002). The possible corrective actions once intrusion has been detected include implementation of changes to prevent further violation, isolation of the violated systems, informing the ISP or carrier in an effort to trace the attack, gathering evidence using recording devices, and disconnecting sources of violation. Others include shutting down violated systems, informing legal personnel and internal managerial staff, contacting government agencies such as the police, and restoring systems according to prioritized list. It is important that any changes that can be conducted without approval of the management as regards the security policy be detailed (Pauzet, 2011). To enhance network security further, security team should determine the extent of the violation in order to respond not only appropriately, but also to prevent future violations. Extent of violation can be determined by recording the event to obtain sniffer traces of the network, active user accounts, network connections, and copies of log (Pearce, Zeadally and Hunt, 2013). Secondly, extent of violation can be determined by limiting further violations by disconnecting from the internet, disconnecting devices from the network, and by disabling accounts. Thirdly, extent of violation can be determined by backing up the compromised system with the view of aiding in a detailed analysis of the method of attack and of the damage done. Moreover, the extent of violation can be determined by looking for other signs of violations. In most cases, when a system is compromised, there are other accounts and systems that are involved (Dey et al, 2012). The final way of determining the extent of the violation is by maintaining and reviewing the network monitoring files and security device log files because they can provide clues regarding the methods of attack that was used. Prevention of future violations can also be achieved through legal action; a company can take legal action against suspected violators. This process should involve authorities and procedures of gathering evidence (Swaminatha and Elden, 2002). In an event of intrusion, it is the ultimate goal of any organization to restore normal network operations. Therefore, it is would be important for the organization to define in its network security policy procedures of conducting, securing and making available normal backups (Stallings, 2002). Since each system has its own procedures and means for backing up, the security policy should mainly act as the overall policy that has details on the security conditions requiring restoration from backup. In an event that it is established that approval is needed before restoration is done, the process of obtaining approval should be obtained as well (Juels and Oprea, 2013). The final best practice for network security is the practice of review. Any company that intends to have a secure network should have a review process included in its security policy (Convery, 2004). A company should constantly review its network security policy, posture, as well as practice. An organization should be alive to the fact that the security policy should be a living document that adapts to the dynamic technological environment. As such, an organization should review the existing security policy against the known best practices in order to keep its network up to date. It is also important for an organization to review the posture of its network in the light of the desired or ideal security posture (Liska, 2003). A company can hire an outside firm specializing in security to try to penetrate its network in order to test the network posture and the security response of the company. It is recommended that for high-availability networks, the tests should be carried out on an annual basis. The practice of the company concerning network security should also be reviewed to ensure that staff has a clear understanding of how to ensure network security and how to respond to security violation. Such a review is important in identifying gaps in training and procedures of personnel so that appropriate measures can be taken (Pearce, Zeadally and Hunt, 2013). Conclusion Apparently, since threats to network security are real and can have serious legal and financial ramifications to an organization, best practices for network security should be adopted and implemented. Each company should have security policy that ensures that its network is not compromised. As has been noted, there are numerous best practices for network security. These practices include: creation of usage policy statements; corporate security training and awareness; conducting risk analysis; performing regulatory compliance self-assessments; establishment of a security team structure; prevention of security violation; response to security violations; and reviewing of best practices for network security. Therefore, in order for any organizations to have effective network security, it should adopt and implement these practices. References Convery, S. (2004). Network security architectures: [expert guidance on designing secure networks]. Indianapolis, Ind: Cisco Press. Dey, D et al. (2012). Hacker Behavior, Network Effects, and the Security Software Market. Journal Of Management Information Systems, 29(2), 77-108. Hui, K et al. (2012). Information Security Outsourcing with System Interdependency and Mandatory Security Requirement. Journal Of Management Information Systems, 29(3), 117-156. Juels, A., & Oprea, A. (2013). New Approaches to Security and Availability for Cloud Data. Communications Of The ACM, 56(2), 64-73. Liska, A. (2003). The practice of network security: Deployment strategies for production environments. Upper Saddle River, NJ: Prentice Hall PTR. Pauzet, O. (2011). Cybersecurity Best Practices for Wireless Networks. POWERGRID International, 16(10), 44-46. Pearce, M., Zeadally, S., & Hunt, R. (2013). Virtualization: Issues, Security Threats, and Solutions. ACM Computing Surveys, 45(2), 17-17:39. Santos, O. (2008). End-to-end network security: Defense-in-depth. Indianapolis, Ind: Cisco Press. Stallings, W. (2002). Cryptography and network security: Principles and practice. Upper Saddle River, N.J. : Prentice Hall. Stefanek, G. L. (2002). Information security best practices: 205 basic rules. Boston, Mass: Butterworth-Heinemann. Swaminatha, T., & Elden, C. (2002). Wireless security and privacy: Best practices and design techniques. Indianapolis, IN: Addison Wesley. Read More