Doug Lowe - Networking All-in-One For Dummies

There is no way you can absolutely prevent such scenarios from ever happening, but with proper security, you can greatly reduce their likelihood. This chapter presents a brief overview of some of the basic principles of securing your network.

Cybersecurity goes hand in hand with networking. In fact, the moment you think of building a network, you should lay the groundwork for how you’ll keep it secure. You should consider the security aspects of a network from the very start and throughout the design and implementation of your network. Security will touch every aspect of your network environment — not just network equipment such as firewalls and switches, but also servers, end-user computers, user accounts, data storage, and so on.

It’s tempting to think that cybersecurity is important only to large enterprises. In a small business, everyone knows and trusts everyone else. Folks don’t lock up their desks when they take a coffee break, and although everyone knows where the petty cash box is, money never disappears.

Cybersecurity isn’t necessary in an idyllic setting like this one — or is it? You bet it is. Here’s why any network should be set up with built-in concern for security:

Mitts off: Even in the friendliest office environment, some information is and should be confidential. If this information is stored on the network, you want to store it in a directory that’s available only to authorized users.

Hmm: Not all security breaches are malicious. A network user may be routinely scanning files and come across a filename that isn’t familiar. The user may then call up the file, only to discover that it contains confidential personnel information, juicy office gossip, or your résumé. Curiosity, rather than malice, is often the source of security breaches.

Trust: Sure, everyone at the office is trustworthy now. However, what if someone becomes disgruntled, a screw pops loose, and he decides to trash the network files before jumping out the window? Or what if someone decides to print a few $1,000 checks before packing off to Tahiti?

Temptation: Sometimes the mere opportunity for fraud or theft can be too much for some people to resist. Give people free access to the payroll files, and they may decide to vote themselves a raise when no one is looking.If you think that your network contains no data worth stealing, think again. For example, your personnel records probably contain more than enough information for an identity thief: names, addresses, phone numbers, Social Security numbers, and so on. Also, your customer files may contain your customers’ credit card numbers.

Malice: Hackers who break into your network may not be interested in stealing your data. Instead, they may be looking to plant a Trojan horse program on your server, which enables them to use your server for their own purposes. For example, someone may use your server to send thousands of unsolicited spam email messages. The spam won’t be traced back to the hackers; it will be traced back to you.

Whoops: Finally, bear in mind that not everyone on the network knows enough about how your operating system and the network work to be trusted with full access to your network’s data and systems. One careless mouse click can wipe out an entire directory of network files. One of the best reasons for activating your network’s security features is to protect the network from mistakes made by users who don’t know what they’re doing.

There are two basic elements that you must consider as part of your cybersecurity plan:

Prevention: The first pillar of cybersecurity is the tools and technology that you can deploy to prevent bad actors from penetrating your network and stealing or damaging your data. This pillar includes firewalls that block unwelcome access, antivirus programs that detect malicious software, patch management tools that keep your software up to date, and antispam programs that keep suspicious email from reaching your users’ inboxes.

Recovery: The second pillar of cybersecurity is necessary because the first pillar isn’t always successful. Successful cyberattacks are inevitable, so you need to have technology and plans in place to quickly recover from them when they hit. This pillar includes such things as creating backup copies of all your data and having recovery plans in place to quickly get your organization back up and running.

I cover both of these pillars in greater detail in the following sections.

A comprehensive cybersecurity plan will be filled with prevention measures.

First and foremost, your prevention measures should start with a complete understanding of your IT environment, the threats it’s exposed to, and the vulnerabilities it presents to would-be attackers. The foundation of this knowledge is an asset management system that lets you keep track of absolutely everything that’s connected to your network. This inventory includes at least the following:

All the hardware connected to your network: That includes all the desktop computers, mobile devices, servers, switches, Wi-Fi access points, routers, printers, and every other piece of hardware connected to your network.

All the software connected to your network: That includes operating systems, web browsers, Microsoft Office applications, and any other programs your organization uses. It also includes cloud service providers such as Office 365, online meeting platforms, cloud storage providers, and so on. Finally, it includes the software that runs on devices such as routers, switches, printers, and other similar devices.

All the people connected to your network, typically represented by Active Directory accounts: You need to understand who they are, what their jobs are, what permissions they require, what devices they use, and so on.

With the information gleaned from this asset management, you can deploy specific preventive measures to protect each asset. The following list is not complete, but it’s a good starting point:

Firewalls: Your Internet connection must be protected by a firewall device that’s configured to keep dangerous traffic out of your network. (For more information, see Book 10, Chapter 2.)

Wi-Fi security: All wireless access to your network must be encrypted and protected by password access. (For more information, see Book 4, Chapter 2.)

Antivirus software: Every computer on your network must be protected by active antivirus software. That includes every computer — workstations, laptops, tablets, and servers. All it takes is one unprotected computer to expose your entire environment to attack. (For more information, see Book 10, Chapter 2.)

Antispam software: Most cyberattacks come in through email. Make sure all email is protected by antispam software that can block email that contains malicious code or suspicious links. (For more information, see Book 10, Chapter 3.)

Strong passwords: All accounts that have access to your systems should be secured by strong passwords. (For more information, see Book 10, Chapter 1.)

Multifactor authentication: The most critical access, such as for those with administrative control, should be controlled by multifactor authentication, which requires additional verification beyond a username and password. (For more information, see Book 10, Chapter 1.)

Data protection: All shared data on your network should be protected with roll-based security so that only those users who have a demonstrated need for the data are allowed access. This is done by controlling access permissions on files and folders, as well as share permissions. (For more information, see Book 6, Chapter 5.)