Blog

Computer network is a necessity of every company be it a small or a large one. Like any other system, a computer network system has its own shortcomings. With the expansion of a company, its network also expands. Large networks are complex and a challenge to handle. The larger the network grows the more vulnerable it becomes. A computer network has many weak links and in order to make a corporate network secure and robust these large and small loopholes must be plucked, especially if it is a network of a large corporation. A careful plan needs to be in place while establishing and expanding a corporate network. Following are some of the important things to look at while planning and securing a computer network.

Planning

Whenever an important task is to be done, planning is the first and the most important step. Planning has to be done in two steps: network planning and then securing the network. At planning level, policies have to be defined. Policies like network and server infrastructure, management policy, user level access controls, delegation of duties, hardware and software requirements etc.

Applying Controls

When planning is completed it has to be implemented as well. Without implementation planning is useless. When it comes to network security some strict steps must be taken. Following are some of the important steps that can be taken in order to secure the network:

• Parameter security of network and server rooms. Physical access controls need to be applied so that unauthorized access to sensitive areas can be restricted.
• User policies must be strictly implemented. Any change in the privileges must be approved by relevant authority and properly documented.

• Disposing old hardware is a very critical task that is often overlooked as “not so important”. When disposing off old hardware it must be made sure that no data in readable or recoverable form is left on it. Simply formatting a hard drive is not enough because data from a formatted hard drive can be recovered, which can disclose important data like username and passwords etc.
• Vulnerable systems in a network can give access to these systems thus inviting an attacker in a corporate network. To fix the vulnerabilities in any software, security updates are normally pushed from time to time, so in order to keep the operating systems and software secure they must be regularly updated.

Auditing

Often controls are very well planned and implemented but they are seldom audited. It is in human nature that they tend to relax and be carefree when they are performing similar tasks over an extended period of time, no matter how critical the task is. On the other hand, old policies must also be audited. It is a possibility that over a period of time some of the policies that were relevant let’s say 2 years ago become totally irrelevant. Under such circumstances doing routine audits is extremely necessary and it helps in multiple ways. One, it helps evaluate the performance of people who are managing critical tasks and secondly it helps reviewing the already established controls in order to understand how useful they currently are. Auditing can fix these issues that are created due to negligence in repetitive tasks and helps accommodating changes in company structure that occur over a period of time.

Hardware

Appropriate hardware is extremely necessary for securing a network. A corporate network has to be layered in order to protect it from outside attackers. Attacker can sometime be inside the network as well. So a protected zone has to be created within the network that must not be accessible to anyone. Following is a list of very important hardware that can keep a network secure:

• Firewall
• Router
• IPS / IDS Devices
• Switches
• Security Cameras

Wireless

Wireless networks are an integral part of corporate networks. It has come to a point where wireless networks are overtaking wired networks. Penetrating a wired network is difficult as compared to a wireless network. To penetrate a wired network, an attacker has to gain physical access. On the other hand, sometimes an attacker doesn’t even have to enter premises of the company to gain access to the wireless network. Special care has to be taken while configuring security of wireless networks. Following are some tips to keep corporate wireless networks secure:

• Use an SSID that is not associated with your company name. Secondly suppress the signals as much as possible. Although this will not deter a serious attacker but will keep the noise off.
• Use 802.1 x authentications in wireless network so only approved devices can connect.

• Use strongest authentication. Currently WPA2 Enterprise is the strongest for wireless networks.
• Every company has visiting guests and they often need to connect to internet. It is a good practice to create a separate network for guest users. Make sure that the guest network is isolated from the company network.

Changing Defaults

All devices come with default username, password, IP address etc. for initial configuration. Changing these default values must be made mandatory as a company security policy. Often these values are left on default which makes it extremely easy for attackers to penetrate networks. There is no point in purchasing, configuring and implementing high end devices when you are going to leave access username and password to default.

Users

Network users often turn out to be the weakest link in network security. In a corporate environment users can be of all types. Those who understand the technology and risks associated with it are usually least in number even within a tech environment. Therefore, it is extremely important to educate users on security. This will help greatly in securing corporate assets as well as their personal data and information. Some of us will argue that they are already well versed with the threats that technology brings with it so what is the point of telling the same story over and over again? Actually security is an issue that needs constant reminder and while attackers are inventing new techniques and exploits rapidly, every computer user must also be updated so that they can avoid these new hacking techniques.

Securing a network is not a task that can be done with applying few controls and adding some fancy hardware. It’s a continuous process and it is about doing small things right and keep evaluating and reevaluating. It is about educating every stakeholder; it is about developing a culture in organization where security is given importance. Hiring a security team and a competent network team may not be enough in certain cases. Upper management has to take ownership and establish a system that should influence every task that is being performed.