Network security is a broad topic that incorporates many different skill sets and types of network security devices, policies and education. An understanding of these issues is vital to a strong security plan.
Why It's Important
Protecting computer networks requires the implementation and maintenance of various security measures. Hackers and disenchanted employees are not the only threats to network systems, devices and data. Poor procedures and processes, ignorance of policy, lack of security awareness, and inappropriate physical access to systems increase the risks to data, personnel, and devices. Effective and efficient security plans include overlapping measures within the computer network.
The physical types of network security provide protection from fire, unauthorized access, and/or natural disasters. Restrict physical access to systems, routers, firewalls, etc. by combining the use of high quality locks with secondary verification systems, such as biometric scanners. Security guards, video monitoring and alarms are other ways to help keep areas secure. Password-protect and monitor physical access to all systems to ensure that only authorized users access data. Invest in fire detection and waterless fire suppression systems to protect data and equipment from damage.
Perimeter protection refers to the devices that separate your network from the rest of the world. Firewalls are the most commonly implemented perimeter security devices. Application and appliance-based firewalls block certain types of data from entering and leaving your network using standard and user-defined filters. Many wireless routers include basic firewalls. Another important part of perimeter security is the implementation of encryption and protocols to protect the wireless network from unauthorized access.
Scanners, sniffers and analysis tools give the trained administrator insight regarding system vulnerabilities. Many hackers use these tools to find weaknesses in network security. Port scanners reveal open ports, which may lead to the discovery of unnecessary or compromising services or applications. Content filters prevent users from accessing websites that are inappropriate for a work environment or contain malicious coding. Anti-virus and adware/malware scanners protect data and equipment from unwanted applications. Monitoring keeps those responsible for network security informed about the types of data and network events that take place on the network. Baselines are established over time during routine scanning and monitoring. Deviations from the baseline are clues to new and possibly compromising events on the network.
User Education and Training
Many people are surprised to learn that user education and training are forms of network security. User education and training should begin at orientation with an overview and discussion of the company’s expectations regarding employee compliance with security policies. Security awareness programs include items not covered by policy, such as social engineering, reasons for implementing certain processes and procedures and the effect of security breaches on individuals and the business.
Scheduled training and awareness events serve as a reminder of the importance of security policies, and help to keep employees apprised of changes and updates. Training and educational opportunities include presentations by fellow employees, videos, computer-based training, newsletters and other organizational communications, and presentations or courses given by external professionals or organizations.
Author's own experience.