Internal Security for Networks
There are various ways to secure networks against attacks, and protect data and information shared, from being misused or tampered with, such as:
Passwords are used as a means of authenticating users before they can access the network, or applications and resources on the network. They consist of a secret combination of letters and numbers, and are used with usernames for users to login to a system or application. There are several methods used by attackers to exploit passwords and unlawfully obtain login details to a network, or particular systems or applications on the network. Some of these methods are:
- Password guessing: when an attackers attempt to guess a weak password,
- Brute force attack: when an attacker changes one character at a time to obtain a password, in an attempt to obtain all possible password combinations.
In order to reduce the attacks on passwords, and thus minimize the risks associated with these attacks, organizations can introduce and apply an array of measures such as:
- Implementing a policy to prevent users from creating weak passwords. Password length should be not less than 8 characters, must contain a combination of letters, numbers and special characters. They can also set the passwords to expire every 30 days and restrict the use of the same password during 12 months.
- Using a security token, which is a device containing an embedded sequence of numbers that the users should input, along with their password, prior to being authenticated.
- Introducing biometric authentication, which uses a person’s fingerprints, voice, hand, iris, or retina, to authenticate that person.
File and Directory permissions
One of the most important measures for improving internal security in a network is managing users’ access to files and directories on the network. A network administrator should group users into various categories, based on their position in the company, and what they’re allowed to modify, access, or view. Some users can be granted “full access” on a directory, thus enabling them to access, modify, and delete files and folders inside that directory. Users with full access permissions are usually the owners of the directory, and can also grant other users access to it. Another level of permission is “Create only”, which allows users to create new files in a directory without being able to view, modify or delete existing files in that directory.
One of the most important steps in securing a network internally consists of educating the users who use the network and network resources. People should be educated and trained, in order to ensure good security practices and habits are established in the company, in order to protect the network.
For example, one of the simplest steps that users can take is to ensure that their screens are locked when they are away from their workstation. Unlocking their screen upon their return should require them to re-input their login details. This sort of second nature approach is critically important in shared work environments or when individuals other than employees may be near workstations.
Eternal Security for Networks
Firewalls as Intrusion Protection Systems (IPS)
Firewalls consist of software or hardware configurations, mainly used to filter traffic as it enters a network or its computers. These are designed to stop malicious traffic and only allow legitimate data to pass through. A firewall is usually located at the entrance point of a network, and is considered the first line of defence for the network. Firewalls are categorized as Intrusion Prevention Systems.
Using a firewall, a network administrator can also restrict access to some websites.
Intrusion Detection Systems (IDS)
An Intrusion Detection System is mainly used to monitor the activity on a network. An IDS can be either active (taking action whenever an attack is detected) or passive (transmitting information about attacks detected, without taking action). An IDS can also be host-based (monitoring critical files and systems on computers) or network-based (monitoring the traffic on the whole network).
Intranet networks, extranet networks, and Demilitarized Zones (DMZs) are various ways used to separate legitimate users from unlawful users.
Intranet networks use the same protocols used for the public internet, but they are only accessible locally to a company’s employees and trusted users. However, intranets are not accessible remotely by trusted users. To solve this issue, a company can implement extranets, which is accessible to trusted external users, without being accessible to the general public. Extranets are generally accessible by vendors and business partners. Both intranets and extranets present a measure of security for companies’ data from illegitimate users.
With Demilitarized zones (DMZs), they provide a means for separating networks situated outside of the secure network; therefore, only the DMZ is accessible by outside users, thus protecting the secure network from illegitimate access. A DMZ would typically include the following: Web servers, Remote Access Servers, E-mail servers, and FTP servers.
Virtual LANs (VLANs)
VLANs are another measure of further securing a network; they consist of segmenting the network by virtually grouping similar users together, such as having a VLAN for the accounts department, one for the human resources department, another for the IT department, and so on. This allows network traffic in one department to be accessible and viewed only by users of that department.
We use computers and systems everywhere in our daily lives. Whether you are concerned with running computers at home, in your business, or are interested in progressing a career in IT, we can help.
We offer a wide range of IT courses designed to develop your practical knowledge in areas such as servicing, security, and eCommerce.
Develop your skills and knowledge - enrol on an IT course with ACS today. Learn from expert specialists. If you have any questions, or want to know more about studying with us - get in touch with one of our Information Technology tutors today - they will be pleased to hear from you.