Strengthen your borders

Let’s take it as given that we’ve all agreed it is part of our job to secure our networks from the scum who not only want to launch worms and viruses but also those who want to break in and steal what they can. Whether or not we agree on where the blame for the problem should be placed, it’s still necessary for us to take what steps we can to minimize or even prevent the damage.

We’ll divide this very large subject into three more manageable sections:

1) Strengthening the borders (firewalls and their ilk).

2) Maintaining the infrastructure (patch and update management).

3) Preventing disease (worms and viruses).

Today we’ll look at border security, in particular wireless, firewall, and perimeter security.

You’d probably notice if someone walked in to your wiring closet and plugged a computer into one of your hubs or switches. But what about your wireless access points? (If you don’t have wireless access to your network, you should read this anyway – you will have wireless soon.)

Those of you with wireless and have instituted Wired Equivalent Privacy (WEP), the standard encryption method for 802.11 wireless connections, and are feeling smug about it should read “Wireless LAN Authentication” by Steve Riley, senior consultant for Microsoft’s Trustworthy Computing Services. He says: “Certain flaws in the implementation of RC4 encryption in WEP … permit an attacker to determine the encryption key and gain access to a wireless network after capturing some data and passing it through commonly-available key generation programs.” Read his article at https://www.microsoft.com/technet/columns/security/askus/auas0303.asp for more on how to secure wireless.

You all have firewalls, right? Do you know what they do? Do you know how effective they are? Most firewalls act like a padlock service on a building. They block some doors and windows while leaving the main ones open. They can also be used to examine the credentials of things entering your network from outside as well as providing gatekeeper services to prevent users from venturing outside your protected environment. But they do come in all sorts of types, sizes, shapes and functionality. One size does not fit all. A good review of what’s available, how it works and who should use which types for the best protection can be found at https://www.microsoft.com/technet/security/prodtech/network/firewall.asp .

If a firewall is the network equivalent of a building’s windows, doors and locks then “perimeter security” is the equivalent of an alarm system. Put another way, firewalls are useful for intruder prevention while perimeter security deals more with intruder detection. You may be logging and auditing all sorts of access to your network but unless someone is being alerted to potential problems, all you’ll end up with is a record of your security failures. Go to https://www.microsoft.com/technet/security/prodtech/network/ where you’ll find literally hundreds of suggestions about various ways to secure and protect the edge of your network from attack. This should be required reading.

Next time, we’ll look at some maintenance issues.