Networks & Security
What is involved in Network security?
- Allowing the people that need access to your corporate computers access
- Not allowing all the other people access
- Password integrity
- Allowing company personnel access to the Internet
- Not allowing the Internet to have access to your computers
- Allowing company personnel access from remote locations (like home)
What tools are used in network security?
At the office typical tools used include
- Firewalls
- Proxy servers
- Virtual Networks
- Secure Shell
- User ID and password
- Routers
- Mail servers
At remote locations (laptops and home use)
- Firewalls
- Virtual Networks
- Secure Shell
- FTP
- User ID and password
- IdentiCards
_____________________________________________________________________
What do all these terms mean and do?
Ultimately, what we are attempting to do is to make sure that all the people that need to see the appropriate information for their work can see what they need to see and nothing more.
If you are not in the payroll department, then you probably do not need to know how much everybody makes. That's just for the payroll people.
If you are not working on a specific database, then you probably do not need to have access to it.
You don't need to be able to read anyone else's email.
The development team doesn't need access to the production environment
_____________________________________________________________________
How do we accomplish this?
This is where those tools mentioned at the top come in, I shall now go through and explain their purposes in electronic security.
Firewalls
These work on the same principal as the firewall in your car. They are attempting to keep the fiery things in the engine compartment away from the passengers. In the computer world this would basically be to separate the company's computers from the outside world (Internet). So the only connections that can be made are the ones that are allowed. These are set up as a bunch of rules so that the firewall can differentiate between a wanted connection and an unwanted connection
Proxy Servers
This is usually applied in connection with a firewall and basically adds some distance to the connection that a user inside the company makes. What happens here is that you are at your desk and you wanrt to connect to a website. So you type in the name of the website (www.rigneer.com) and that request goes out from your computer to the proxy server. [Proxy means "authority to act for another"]. So what happens is that the proxy server actually substitutes its own IP address (xxx.xxx.xxx.xxx) for your desktop machine's IP and sends out the request. When the request comes back it looks up in its data tables to find out who requested this information, finds that it is you, and sends it on to you. From your perspective you didn't even know that this happened. The value of this is that if someone was going to try and hack into the machine by using 'your' IP address, all it would get is the proxy server. And the information residing on the proxy server is useless, it is just old web pages that people like you requested.
Virtual Networks
Mostly used with Windows connections over the internet, this is a special connection that can be made over phone lines and over the internet that are secure, meaning that anyone attempting to get the information as it was passed from your computer (maybe the one at home) to the server at the office, all the information would be encrypted so that unless they were prepared to take all the information and attempt to decrypt it, they wouldn't have much success. And the effort required to actually decrypt this information would require the super computers (CRAY and the like) to accomplish within the next 2 years. By which time the information would ultimately be useless.
Secure Shell
A variation on the virtual network, this is primarily used when communicating with Unix servers.
User ID And Password
Exactly what you think. It is amazing how many people do not password protect their home computers, even though they password protect their computers at work and think nothing of it. If it is important at work, it is important at home too. Think of the information that is contained at home, bank statements, Visa numbers and passwords (there is that password thing again) and personal information that you so jealousy guard at work. A good password should be hard to crack. It should be minimum 6-8 letters long, contain at least one each of the following: lower case, upper case, number, special characters (~#$%^&-_=+). So the following would be a great one: a$rFv#tc while admin would not be. Hackers often use a brute force dictionary approach to obtaining access to an account. So if your password is a combination of words that can be found in the dictionary, then it might not be a good choice. Try taking a word and alternating it, so you get words like p0rsche or b33ter (3 replaces E) which will help you at least remember the word. Don't use your last name, pet name, birthday, spouse's name, etc.
There are several programs out there that can be used by system administrators that will actually go through and break most passwords in an organization in under 5 hours simply by doing a dictionary approach to supplying passwords. Add on to that if they know anything about your personal life (spouse's name, birthdays, kids and dogs names, favourite sport) and it gets even easier.
Routers
This is a device that determines where a particular piece of information, whether it is an email, a file off the server, web page material or database information should go. By configuring a router properly it is possible to make it so that the development servers do not come in contact with the production servers and the people working on them don't either. It would make it so that the mail server is separate from the working servers so that if a virus did make it into the system the worst that it could do is to stop the mail server, but everything else would go along just fine.
Mail Servers
As mentioned above, these are generally created so that the only thing on them is your mail. That way if a virus got into the system it would also be restricted to just that one server, which is way easier to fix than the entire system of servers that you own.
FTP
If you are away from the office and need to transfer files to and from your computer to the company servers, File Transfer Protocol is the method used, and there are several programs out there that are available for use, some excellent ones that are free even.
IdentiCards
More complete password protection. These are little dogtag like keyfobs or credit card size electronic counters that automatically generate a new 'key' number every 30 or 60 seconds. This is synchronized with a similar device at the company's main server that accepts incoming (external) connections. When you dial in, you have to type in your user ID, as you normally do, a 4-digit personal number, known only to you, and then the 6-digit number showing on the IdentiCard. If this 4+6 number does not match the number in the main server, you are not allowed access. So not only do they need your ID now, they also need your 4 digit PIN number and the constantly changing IdentiCard value. Makes it trickier, don't you think?
Want More Information? Please contact us: Ask for more Info