Business information systems are usually linked to external networks. This is to facilitate communication and data exchange with customers, suppliers and business partners. The system under your control links with these other systems at the perimeter point.
The security measures you use to protect your system are unique to your business. The systems out of your influence can be less protected and possibly act as an entry point for attackers who aim to compromise your network. Perimeter security is used to defend against attacks originating in those external systems.
A computer connected to the Internet has its perimeter at the router or Firewall. Larger systems can have their perimeters defined as the servers that host company websites and those that handle email. Knowing where the boundary of your control ends is important if you want to maximise the steps you take to secure your information system.
The connection to the Internet is a common security focus because of the use of the Internet as an attack conduit. All types of malicious software can enter a system via the Internet if the entry points are not protected. A Firewall is configured to allow only desired types of traffic into a network. Fine tuning a Firewall is a technical challenge and the steps depend a lot on the type, make and model. Business owners must be aware of what resources they want from the Internet and set their Firewalls to allow those types of communication only.
Tuning a Firewall does not end your security woes because you may allow http traffic, web pages, and still need anti-virus to check the http content coming through. Firewalls can also inspect traffic leaving your network and protect against your machines being used by a hacker to send malicious messages to other systems.
Your machines must be protected from direct access to attackers. You can hide the IP addresses of your network machine through the use of Network Address Translation (NAT) which assigns new addresses to the machines rather than what they’d be known as if directly linked to the Internet. If your network is hosting a software service, you can conceal the address of the host machine.
When you export data to an external partner you must protect that data whilst in it is in transit by either providing secure channels such as VPN or encryption. Microsoft Office has an encryption facility for documents in the Save As dialog window. For email you can use PGP or send the sensitive document as an encrypted attachment.
A business owner is responsible for the safety of the information the company uses. The measures used to protect the system should be complemented by perimeter security. Always keep in mind that external systems are not under your control and may employ weaker security. It is very easy to link systems with today’s technology so it is vital that your perimeter security is maximised to shield your internal network.
Photo by Sanctu
Comments
You can follow this conversation by subscribing to the comment feed for this post.