Network Security - All About Firewalls

The Importance of Firewalls to Network Security

Most networks should have a firewall in place before they are up and running. A firewall is the most common form of network security employed by companies large and small. If you own a personal computer your anti-virus software company may at one time or another have offered you firewall protection.

A firewall on a home network is just as important as one on a corporate network. Why? Most smaller networks have as many security issues that larger corporate networks have. A firewall helps protect a network against potential data loss, corruption and hackers.

What Is A Firewall

A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network. It is called a firewall because it prevent information or data loss from one place to another. Typically a firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network. A firewall provides a series of filters that screens information allowing only safe information to pass through to your network.

In a large company, multiple computers are often linked using network cards. Companies usually provide multiple connections to the Internet. In order to protect all of these computers a firewall is necessary so that only certain people can access corporate computers through the Web (those that are authorized to do so). While a firewall is not foolproof it basically does a good job of protecting computers from Internet threats at their connection points.

Inexpensive Radius Server Gives Wireless Networks The Security They Need

Many small businesses have considered connecting computers and other devices to their corporate network via wireless (WiFi) connections, and a brave few have actually done so. Many of these early networks required that wireless devices be carefully placed within the building so that the wireless signal reached all intended recipients. Typically, these networks lacked adequate security features, which left them vulnerable to information and resource theft by unauthorized persons. These two problems have now been largely solved, meaning that it may be time for more small businesses to look into the potential advantages a wireless network can offer.

Wireless Networking Basics

Building a wireless network requires two distinct types of hardware components, wireless access points, and wireless access cards. The wireless access point is a device, which is attached to an existing computer network via a standard Ethernet cable. It has an antenna on it, which allows it to broadcast and receive signals from PCs and other devices. Each device wishing to communicate with the access point needs a wireless access card, which also contains an antenna. The current wireless standard, called 802.11g, allows for up to 54 megabits of data per second to be transmitted between the desired access point and the access card. While not quite as fast as wired networks, which typically run at 100 megabits to 1000 megabits per second, wireless networks offer more flexibility, and can be less expensive to install. This is especially true for older buildings where installing cable can become cost prohibitive.

Cutting Corners

Wireless networks use radio frequency waves to transmit information, and thus they are susceptible to being blocked by walls and other obstructions in a building. These obstructions can cause "dead zones" where the radio waves are unable to reach their intended recipients. Microwave ovens and other radio frequency emitting devices can also wreak havoc on wireless signals. The solution is to place your wireless access points strategically around your building so that interference is minimized. When the distance from a wireless access point to the wireless device is more than a few dozen meters, wireless repeaters can be installed to boost the signal. These repeaters can also be placed so that the wireless signals can be accessible from all corners of the building.

Wireless Network Security Solved

Installing a simple wireless network is pretty straightforward, but installing a secure wireless network can be substantially more difficult. However, an Ann Arbor company called Interlink Networks now offers their LucidLink products, which make installing comprehensive wireless network security a snap. Before LucidLink became available, an organization wishing to lock down their wireless network would need to hire expensive network security consultants to install and manage the wireless portion of the network. LucidLink packages all of this expertise into a software add-on that is so easy to use that even a small company's office manager can easily take control over who is accessing the company network via wireless. It goes above and beyond simple address authentication (standard with most wireless routers), and implements what is called a RADIUS server. RADIUS servers are what large organizations spend thousands of dollars installing and maintaining in order to secure their large (1000+ node) wireless networks. Until now, installing a RADIUS server was out of the price range for all but the largest companies. In contrast, LucidLink's product can be purchased for as little as $99 for a 3 user Home Office Edition, $449 for a 10 user version, and goes up to $3995 for a 250 user version.

3 Ways Computers Can Hurt Your Ministry - Part 2 - Weak Network Security

Our computers have become almost indispensable ministry tools. What would you do if the worst happened and you had to function without your computers? Would your ministry survive?

This article is the second in a 3-part series on how to protect your ministry from serious computer-related loss. This time we’re going to focus on the basics of securing your network against potential inside and outside threats. In the final installment, we’ll cover what every ministry should know about software license compliance.

Good network security is an area many people in ministry neglect, simply because it can be so overwhelming. Even though there are lots of technical details involved with adequately securing your ministry’s network, if you focus on the handful of key areas presented in this article, you can prevent many of the potential threats you might face.

Passwords

The cornerstone of securing your network is to make sure you use strong, secure passwords. This is your first line of defense, and it’s often the weakest link in the chain. If someone can guess your password, they can impersonate you on the network and get to everything you have access to. Even worse, a hacker can use your password to try to “escalate” his level of access and possibly take over the whole network. Most ministries would suffer great loss if sensitive data (like donor information) was leaked out to the Internet by a hacker or disgruntled employee. Making sure your passwords are secure will help prevent this from happening.

Start by putting a password policy in writing. Some good practices to include in the policy are:

•Make all passwords at least 6 characters long, and require a mixture of numbers & upper/lowercase letters. They should be hard to guess, but still pretty easy for the users to remember.

•Require everyone to change their passwords on a regular basis and enforce a password history. This keeps users from recycling their old passwords again and again.

•Make sure no one writes their password on a “sticky note” and posts it in plain sight. This is a common security problem, and it’s almost as bad as having no password at all.

A good IT consultant can help with more suggestions, and these items can all be automatically enforced by your servers, so that everyone on the network will be protected.

Security Updates and Patches

Have you ever noticed that annoying message popping up at the bottom of your computer screen saying “New Updates Are Ready to Install”? Have you ever been tempted to ignore it? Don’t! Every month Microsoft releases security updates for many of their products, and the only way to stay secure is to install them faithfully.

As soon as software companies become aware of security problems, they release patches and updates to correct the issues. It’s your responsibility to download and install the patches so your system will stay up-to-date. I recommend configuring Automatic Updates on all your machines so this process will happen automatically. In a server environment, installing the latest updates can be automated for all your computers and managed from a central location. Just like maintenance on your car, you should plan to apply security patches and updates regularly to keep out potential hackers and viruses.

Firewall

If your ministry uses a dedicated high-speed Internet connection, make sure you have a good firewall in place. This device serves as a barrier to keep hackers out of your internal network. You would never dream of leaving your building at night without locking all the doors, and you should always make sure that the “doors” to your computer network are locked, as well. There are hardware and software firewalls available, but we usually recommend purchasing a hardware-based firewall for security and reliability reasons. Some good firewall manufacturers to check into include Cisco, SonicWall and WatchGuard.

Regular Security Audits

Another benefit of having a relationship with a good IT consultant is that they can perform ongoing security audits on your ministry network. Securing your passwords and applying all the current updates will help, but to make sure everything is locked down you should perform a thorough security audit at least once a year.

A competent, trusted IT consultant can approach your network like a hacker would, using many of the same hacker tools and techniques. He or she can try to penetrate your Internet firewall, test the strength of your passwords, verify the physical security of your data and backups, scan your whole network for security holes and vulnerabilities and provide a detailed report of the findings. They will also be able to give you recommendations and cost estimates on what it would take to fix any issues they find and thus increase the security of your ministry’s network.

Making sure your network is secure is still only another part of the solution. In the final installment of this series we’ll talk about some simple steps you can take to protect your ministry from huge fines and potential prosecution by making sure you comply with software licensing laws.

Donnie Schexnayder is a ministry technology expert. He holds industry certifications from Microsoft and CompTIA and has over 10 years experience in supporting churches and Christian ministries with technology. With a mixture of passion and expertise, Donnie helps ministries advance their mission of bringing the Gospel of Jesus Christ to the ends of the earth by using cutting-edge technology. Donnie lives with his wife and 2 children in Colorado Springs, CO.

Exclusive research from Samsung shows more than half the offices in Europe are not taking steps to protect confidential printed information

Survey reveals low awareness of behavioural and IT security risks

17 June 2009, Chertsey, Surrey - Samsung Electronics, a leading name in the world of consumer electronics and information technology, has today released the results of a Europe-wide survey of more than 4,500 workers in the public and private sectors, which revealed that companies are not putting in place appropriate measures to protect confidential information. According to the research, 56 per cent of workers regularly see confidential documents abandoned on the printer and over half (51 per cent) of those surveyed are not aware of any processes or technologies in place at their organisation to protect the printer network itself.

Despite public concerns about the protection of sensitive information, organisations across Europe are failing to take steps to protect it. Those working in the banking/finance sector were most likely to see confidential documents, with more than two thirds (68 per cent) of respondents seeing these on the print tray. The healthcare sector did perform better, but still more than one third of respondents (34 per cent) admitted to finding personal patient information left on the printer - including health records (38 per cent) and lab results (34 per cent) that they never were meant to see. These respondents were not just doctors and nurses - almost half (44 per cent) worked in roles such as marketing, operations, finance and IT.

The survey, conducted by Lightspeed Research, polled workers at companies with at least 50 people from eight European countries. The results reveal that although people know that safeguarding confidential documents is crucial, with almost two thirds (65 per cent) recognising serious consequences as a result of confidential data being exposed beyond their organisation, most do not realise the security risks that uncontrolled printing introduce to their business. IT security loopholes are emerging, which combined with careless printing habits compromise corporate and personal security. 

Are You Being Scammed by the PCI Compliance Fee?

Torrance, CA. - [b]Merchant Solutions[/b], a premier provider of merchant accounts and credit card processing solutions has broken the mold for credit card processing.

Lately there have been reports of processors that are starting to charge their customers $19.95 per month for not being PCI compliant. To fix this problem, these processors are requiring their customers to install some PC based scanning software that is supposed to magically make the business PCI compliant, thereby allowing them to avoid the monthly charge.

[b]Let me start out by saying: This is a scam[/b] Reputable processors will have already paid this fee for their merchants, do your due diligence and shop for the right merchant processor.

There is nothing that you can just put on your PC that will make your business PCI compliant. This is so far off course that it hardly can be related to PCI. PCI compliance is in reference to networks, computers, hardware and software that play a part in the processing, storage, or transfer of a credit card transaction.

It is now required that every business be PCI compliant, but let me assure you that there is no simple computer program that will do this for any business. Even if only a single computer is used to enter card data, it is unlikely that it is the only piece of the puzzle, and even more unlikely that a single piece of software can guarantee PCI compliance.

Steps to get compliant:

1. Determine whether you need to be PCI compliant. (If you accept credit cards, or play any part in the processing of a credit card, you need to be PCI compliant.)

2. Determine which Level of compliance is required for your business.

* Level 1: Greater than 6 million credit card transactions per year or any business that has suffered a hack or data breach, or any business deemed Level 1 by card associations. * Level 2: 1 to 6 Million credit card transactions per year. * Level 3: 20K to 1 Million credit card transactions per year. * Level 4: Less than 20K ecommerce, or 1 Million total transactions per year.