The computers that make up a business’ network will host different types of software depending on their role. Typically there are servers and client machines.
Servers can be further classed as web servers, email servers and network servers. Client machines are usually desktop computers with the software systems that are specific to users’ requirement. Additionally there are laptops and other mobile devices that make up a company’s network of machines.
All the machines run an operating system which comes with default security settings. The settings are there to protect from attacks that bypass the perimeter and network security defences. These types of attacks such as viruses and Trojans are aimed at the operating systems.
The operating systems on servers come with many services turned on by default. If your business is not using a service it should be turned off else you will be leaving an unmonitored hole for attackers to exploit.
On client machines the security updates must be current. These patches are automatically available but some require that the machine be restarted in order to complete installation. Client machines use software firewalls to control the types of traffic coming into the system. Again if a certain type of service is not needed in your business operations, for example Instant Messaging, turn it off.
Client machines can be centrally managed through software such as Microsoft’s Group Policy where protective policies can be set. You can have policies for mobile machines that are different when they are attached to the business’ network and when they are used remotely. Machines can also be restricted from installing unauthorised software.
Good security is the successful balancing of defence and usability. Full defence calls for completely limiting a machine’s ability to interact with the rest of the business’ network and the Internet. Full usability wants a connection to everything to allow users to freely call on services with no interruption.
It is important to fulfil the basic security requirements of updating anti-virus and anti-spyware software, monitoring network activity and using firewalls. Above this level security must be designed around the business functions of the network to allow users to work free of obvious restrictions.
Photo by patrick h. lauke
Comments