Network Security Best Practices - Essay Example

? Network Security Best Practices Bryant Wiersema July 28, ISSC421 B002 Sum 13 Backherms American Public I. ASSESS THE ENVIRONMENT A. Assessing your infrastructure 1. Inventory of equipment 2. Evaluation of staff and their roles B. Conducting a risk assessment 1. What is involved? C. Creating a security policy II. PROTECT THE NETWORK A. Using anti-virus and anti-malware programs B. Firewalls 1. Creating proper firewall rules C. Addressing remote access III. PROTECTING SERVERS AND CLIENTS A. Hardening systems B. Keeping software and systems up to date C. Requiring proper authentication IV. MONITOR THE ENVIRONMENT A. Monitoring security logs 1. Checking for needed attention and applying a security fix B. Reviewing and updating the security policy Network Security Best Practices When it comes to securing your network, reliability and fail proof security are vitally important. With more and more data and sensitive information being conducted and housed on various networks, security has become an important part of the puzzle that must be considered moving forward. To ensure impeccable network security, comprehensive analysis and exploration of the entire network needs to be conducted. One should begin by accessing the environment, as it is through this mechanism that we can make a comprehensive risk assessment. By assessing the environment, we can observe what requirements are needed in order to optimize security. The environment is comprised of two primary elements: infrastructure and staff. A thorough review of infrastructure is required in order to conduct an adequate risk assessment. Once a company knows how much its assets are worth, and what threats could potentially affect those assets, they are able to formulate intelligent decisions regarding how to protect said assets. Network security is a balanced art. It is likely that a company can apply too much security, lagging down the infrastructure, or perhaps too little, exposing the network and making it vulnerable to attack. By assessing the current infrastructure, trained security analysis' can find the balance between the right amount of security required for the particular volume of infrastructure. (Bayrak & Brabowski, 2006). The evaluation of the members of staff and their specific role in the company is important in maintaining a secure network. Each staff and role needs to be assigned a financial value and the cost of comprised or lost data associated with that role needs to be calculated. In this way, financially speaking, administrators can determine the financial repercussions of a threat in relation to the staff, as well as determine the level of security each staff member should have. A risk assessment is a tool for identifying weaknesses and vulnerabilities within a network, and then assessing where to implement security and preventative measures. Risk assessment has four main goals: to indentify the assets and their worth, to identity threats and vulnerabilities, to identify the potential impact of threats, and to provide an economic balance between the impact of the threat and the financial cost of the preventative measures. This is generally the process in which an operation can access whether a risk is at an acceptable level or whether it should be counter measured. (Gerald, 2005). The first step of successful risk assessment is to identify the assets and their appropriate values. The value placed on assets is relative to the work hours required to develop it, the cost to maintain it, the potential damage caused if it were lost or stolen, and the potential financial gain another company or individual would receive through use of the stolen product. To assess and value the assets, the company must generally consider the following issues. Firstly, the cost of developing an asset should be carefully considered. Secondly, the cost to maintain and protect the asset should rise to the front of any discussion surrounding network security. Third, the estimated value to the asset should be calculated. Fourthly, the value to the adversaries should be analyzed. Lastly, the value of the work hours used to develop the asset. Understanding the value of the asset is the first step required to understanding the security needed to protect the asset. Once this value has been assigned, the risk assessment team can move on to the next step: identifying vulnerabilities and threats. All associated threats need to be identified and compared with each group of assets. These threats need to be identified in order to implement the correct countermeasures. (Misra, Kumar, & Kumar, 2007). Considering that there are numerous types of threats and vulnerabilities, it is especially important to categorize them into appropriate groups. The ultimate goal would be to determine which threats pose the greatest risk, therefore focusing resources and time on the higher priority threats. The third step in the risk assessment chain is quantifying the probability and financial impact of the vulnerabilities. The team conducting the risk assessment needs to figure out the business impact of the vulnerabilities. Key issues they would need to look at include: assessing what the physical damage of the threat could be, what value and productivity would be lost if the threat were successful, what the cost of recovery would be from a virus or a hacker attack, and what would the financial repercussions be overall from such attack. The team would then need to calculate the likelihood and potential frequency of the vulnerabilities and threats. A complete assessment of all the departments, staff, staff roles, and assets would be assembled and analyzed in great detail. The final step in this risk assessment process would be to determine the countermeasures to be implemented. The countermeasures have to be financial viable in comparison to the risks, and the benefits need to outweigh the cost. Typically, a cost/benefit analysis is conducted during this step. The analysis implements a formula that determines whether the countermeasure makes sense from a business aspect. Using this method, a security assessment team can accurately establish a comprehensive report of the most effective and most cost-effective strategies to counter threats. (Keller, Powell, Horstmann, Predmore, & Crawford, 2005). Once the risk assessment is complete, the security team can create a security policy. This document outlines the rules for accessing the computer network, enforces security policies and rules, and lays out the security plan for safeguarding the network. In short, this security policy keeps the malicious intruders out and keeps confidential and sensitive information in the network. With an established network, anti-malware and anti-virus programs are extremely important. Websites alone cannot be guaranteed to be safe and secure. Even reputable websites have suffered deliberate attacks, spam attacks, or made coding errors that allow for the transmission of viruses and malware to the computer accessing it. Beyond simple website access, the threat of viruses, malware, spam, cybercriminals, and data loss can be completely overwhelming and financially disastrous. By implementing a combination of security measures, a network can significantly reduce the chance of successful attacks. (Joseph & Gilliam, 2003). A firewall is equally as important as antivirus software within a network. It is designed to protect your network against from data that you do not want. When discuss firewalls, we need to look at two separate types: hardware and software. Hardware firewalls provide a first line of defense against attacks coming from outside the network. The hardware firewall in the router uses a technique called packet filtering. The packet filter examines the header of the incoming packet to determine its destination and source. It compares this information to a preset list of rules to determine whether the packet is legitimate or not, and whether it should be granted entry or disposed of. The other type of firewall is the software firewall. The software firewall runs directly on the computers within the network. A software firewall will either block or allow a program's ability to send and receive data. Due to the more flexible nature of the software version, it is able to detect malicious traffic both entering and exiting your network and take appropriate action. (Mayur, Richards, & Embse, 2002). When establishing a firewall, administrators need to create a set of rules to dictate what traffic the network allows in and out. In addition, firewalls are configured to determine which connections are allowed and which are blocked. Efficient firewall rules are highly important, as they are the first line of defense in protecting a network. By accurately assigning firewall rules based on the risk analysis and assessment, administrators can potentially safeguard the network effectively against vulnerabilities and threats. (Jennings, 2008). Remote access, although immensely useful and convenient, carries many risks. By accessing a network from outside the network, you are potentially opening the tunnel to other outside data, including malicious material. Safety precautions are a must. Firewall rules must be set up to recognize that particular line and filter unauthorized data within the connection. Furthermore, remote access users need to ensure that they have properly set up a secure tunnel between the two endpoints, or at least the remote access endpoint and the endpoint that is being accessed. Even with antivirus and firewall security measures in place, a network is still vulnerable to outside access. System hardening helps to minimize these security vulnerabilities. Removing all software and utilities on a computer that is not considered essential typically does system hardening. In so doing, administrators can minimize the opportunity programs could offer "back-door" access to the network. More advanced system hardening involves only installing the complete necessities that a computer needs in order to function. Secure passwords are created for all user logins and auditing is enabled to monitor any unauthorized access. Although system hardening could potentially reduce the efficiency of a compute r by not offering a wide range of helpful programs and utilities, it guarantees increased security and reducing risk to the network. (Kiekintveld, Marecki, Paruchuri, & Sycara, 2010). Keeping software and systems up to date is equally as important as implementing them in the first place. Every day new threats and vulnerabilities are developed. Even malicious software that has been around for a while can only be discovered through patches and updates. The more you update software, the more likely it will be able to detect harmful threats. The effectiveness of highly specialized and expensive software can be made redundant if not updated regularly. Furthermore, software often has flaws that may pose as a security threat, and the solution to this is updates. Regarding hardware, system updates are equally vital, as hardware is vulnerable to wear and tear and sensitive devices such as a hard drives and servers could potentially fail from age and important data would be lost. The safety measures listed above could be made redundant if proper authentication is not maintained. The most common type of authentication is through the means of logging onto a set account. If administrators and authorized users of a network did not authenticate their network, it would allow for any individual to access sensitive data with almost no restrictions. Furthermore, companies also need to ensure stringent authentication methods are in place when releasing their software. This is normally in the form of certificates of authentication. This guarantees and confirms that the software running on a particular computer is genuine and reliable. Without this, the chance that counterfeit programs riddled with malicious software could access the network is high. (M & Cerullo, 1999). Security monitoring practices are paramount to deterring security attacks. There are several reasons why security monitoring is important to a business. The security log, along with other systems and technologies, collects and queries information that can be analyzed to assess the security threats and best detection solution. The main goal of security monitoring is to identify any suspicious events on a network that would indicate future security breaches or threats. (Bhatnagar, 2009). Regular maintenance of a network is vital to its security. With a constantly changing technological environment, malicious threats are continually adapting and evolving. Therefore, regular checks throughout the network need to be administered. Any software that is not up to date with current threats needs to be promptly updates. In the same way, any software or systems suffering from bugs or problems need to be "fixed". (Bhatnagar, 2009). Based on the best practices for a secure network listed above, a company should then review and update its security policy. This policy states how the company will protect its assets and to what extend it will implement protection measures. The document should never be considered complete, as threats are continually adapting, and in this way, so should the security policy. Once the policy states how, where, and why security measures will be carried out, a company can rest assured that it has implemented the best practices for a secure network. References Bayrak, T., & Brabowski, M. R. (2006). Critical infrastructure network evaluation. The Journal of Computer Information Systems, 46(3), 67-86. Bhatnagar, A. (2009). How to secure client data. Journal of Financial Planning, 24-25. Gerald A. Marin. (2005). Network Security Basics.  IEEE Security & Privacy, 3(6), 68-72. Jennings, M. M. (2008). The need for firewalls between government and social responsibility. Corporate Finance Review, 13(3), 38-42. Joseph S. Sherif, David P. Gilliam, (2003). Deployment of anti-virus software: a case study. Information Management & Computer Security, 11(1), 5-10. Keller, S., Powell, A., Horstmann, B., Predmore, C., & Crawford, M. (2005). Information security and threats in small businesses. Information Systems Management, 22(2), 7-19. Kiekintveld, C., Marecki, J., Paruchuri, P., & Sycara, K. (2010). Risk Analysis for Security Applications. Informatica, 34(2), 127-128. Mayur S. Desai, Thomas C. Richards, Thomas von der Embse, (2002) System insecurity – firewalls, Information Management & Computer Security, 10(3), 135-139. Misra, S. C., Kumar, V., & Kumar, U. (2007). A strategic modeling technique for information security risk assessment. Information Management & Computer Security, 15(1), 64- 77. doi:http://dx.doi.org/10.1108/096852207107387 M, V. C., & Cerullo, M. J. (1999). Client/server systems security and control. The Internal Auditor, 56(5), 56-59. Read More