|
|
 |
| General
FAQs |
|
| Question |
What is the best way to prevent viruses from entering the network?
|
| Answer |
Don't connect to the network. The question really should be I'm connected to the network now how do I reduce the chance of a virus getting in?
|
| |
You need to take a three tiered approach to have good coverage, but you still need to have plans for the cases where despite everything you get one. Some kind of checking on every PC/Server is needed. In addition you should worry about email. If you are running a large shop then a virus checker on your email servers is essential. For small to medium shops or if you get your email service from your ISP you have a more severe problem because you don't have resources dedicated to the mail server. There are several ways to attack this problem that can be cost effective but there is not a single simple answer. Let's discuss you need and we can describe some alternatives.
|
| Question |
What is the biggest virus risk email or inside users.?
|
| Answer |
Email is the largest risk area because it is actively sent to you. Checking for a virus before your server gets it is the best way to reduce the chance for a virus outbreak.
|
| |
|
| Question |
What is the best way to secure my network from outside attacks?
|
| Answer |
There is no single best way other than disconnecting. There are three things you have to have regardless of the size, complexity and scope of your network.
|
| |
1. Something written down about what to do if something happens. This means that you have thought some about it A full procedure would be good but something is essential. 2. A working knowledge of what is normal in your network. If you don't know what is normal you won't have any way to identify a hacker exploit vs. a false alarm. After enough false alarms you miss the real thing. If you don't have time and resources to develop this knowledge then you need some help. 3. A correctly configured and periodically checked firewall. These are the absolute minimum requirements for the simplest needs. You probably need more than the minimum.
|
| Question |
Do I need to worry about threats from inside my network?
|
| Answer |
Just like most thefts of physical things, network threats mostly come from inside your business. Disgruntled or Ex-employees, vendors and customers with extranet access are identified in 50-80% of "hacking" events.
|
| |
Does this mean you have to have internal intrusion detection? Not necessarily. Network security is a little like insurance. You have to have enough to meet legal requirements and to sleep at night if you are responsible. Not having a firewall is like leaving your front door unlocked all the time. Internal security is more like having house guests. If you have a very large number of strangers or even a few really strange ones some attention to putting away valuables is prudent. If everyone in the company is too casual about security then some level of additional protection may be needed. If you really want to be protected then you have to have firewalls (probably not just one) and intrusion detection and a very good security policy and allocate the resources to make it effective.
|
| Question |
What is the difference between an intrusion detection system and a firewall? Do I need both?
|
| Answer |
In the simplest terms, a firewall inspects traffic between two networks and an intrusion detection device inspects traffic on a single network. The two technologies address different problems using different techniques and each is best suited for the class of problems it is designed for. A firewall cannot replace intrusion detection and you should never depend on intrusion detection with no firewall.
|
| |
A firewall inspects traffic in and out of your network from the outside. Generally the outside means the Internet because it is an obvious problem. It is also a good idea to firewall portions of your internal network because even internally it is rare that everyone should be able to go everywhere and do everything. Firewalls internally can enforce some access controls and report on intentional or accidental violations. Intrusion detection works more like virus checking for the network (this is an over simplification and I apologize to those who have delved into the details) It generally uses some kind of identifying signature to look at activity on the PC or server that has been identified as a threat. Intrusion detection will catch a far wider range of
|
|
|
