Friday, June 19, 2009

Network Security - All About Firewalls

The Importance of Firewalls to Network Security

Most networks should have a firewall in place before they are up and running. A firewall is the most common form of network security employed by companies large and small. If you own a personal computer your anti-virus software company may at one time or another have offered you firewall protection.

A firewall on a home network is just as important as one on a corporate network. Why? Most smaller networks have as many security issues that larger corporate networks have. A firewall helps protect a network against potential data loss, corruption and hackers.

What Is A Firewall

A firewall is nothing more than a fancy term used to describe a blockade that prevents outside forces from accessing your network. It is called a firewall because it prevent information or data loss from one place to another. Typically a firewall is some program or hardware that you have to install in your computer that helps filter information coming from the Web to your computer network. A firewall provides a series of filters that screens information allowing only safe information to pass through to your network.

In a large company, multiple computers are often linked using network cards. Companies usually provide multiple connections to the Internet. In order to protect all of these computers a firewall is necessary so that only certain people can access corporate computers through the Web (those that are authorized to do so). While a firewall is not foolproof it basically does a good job of protecting computers from Internet threats at their connection points.

Inexpensive Radius Server Gives Wireless Networks The Security They Need

Many small businesses have considered connecting computers and other devices to their corporate network via wireless (WiFi) connections, and a brave few have actually done so. Many of these early networks required that wireless devices be carefully placed within the building so that the wireless signal reached all intended recipients. Typically, these networks lacked adequate security features, which left them vulnerable to information and resource theft by unauthorized persons. These two problems have now been largely solved, meaning that it may be time for more small businesses to look into the potential advantages a wireless network can offer.

Wireless Networking Basics

Building a wireless network requires two distinct types of hardware components, wireless access points, and wireless access cards. The wireless access point is a device, which is attached to an existing computer network via a standard Ethernet cable. It has an antenna on it, which allows it to broadcast and receive signals from PCs and other devices. Each device wishing to communicate with the access point needs a wireless access card, which also contains an antenna. The current wireless standard, called 802.11g, allows for up to 54 megabits of data per second to be transmitted between the desired access point and the access card. While not quite as fast as wired networks, which typically run at 100 megabits to 1000 megabits per second, wireless networks offer more flexibility, and can be less expensive to install. This is especially true for older buildings where installing cable can become cost prohibitive.

Cutting Corners

Wireless networks use radio frequency waves to transmit information, and thus they are susceptible to being blocked by walls and other obstructions in a building. These obstructions can cause "dead zones" where the radio waves are unable to reach their intended recipients. Microwave ovens and other radio frequency emitting devices can also wreak havoc on wireless signals. The solution is to place your wireless access points strategically around your building so that interference is minimized. When the distance from a wireless access point to the wireless device is more than a few dozen meters, wireless repeaters can be installed to boost the signal. These repeaters can also be placed so that the wireless signals can be accessible from all corners of the building.

Wireless Network Security Solved

Installing a simple wireless network is pretty straightforward, but installing a secure wireless network can be substantially more difficult. However, an Ann Arbor company called Interlink Networks now offers their LucidLink products, which make installing comprehensive wireless network security a snap. Before LucidLink became available, an organization wishing to lock down their wireless network would need to hire expensive network security consultants to install and manage the wireless portion of the network. LucidLink packages all of this expertise into a software add-on that is so easy to use that even a small company's office manager can easily take control over who is accessing the company network via wireless. It goes above and beyond simple address authentication (standard with most wireless routers), and implements what is called a RADIUS server. RADIUS servers are what large organizations spend thousands of dollars installing and maintaining in order to secure their large (1000+ node) wireless networks. Until now, installing a RADIUS server was out of the price range for all but the largest companies. In contrast, LucidLink's product can be purchased for as little as $99 for a 3 user Home Office Edition, $449 for a 10 user version, and goes up to $3995 for a 250 user version.

3 Ways Computers Can Hurt Your Ministry - Part 2 - Weak Network Security

Our computers have become almost indispensable ministry tools. What would you do if the worst happened and you had to function without your computers? Would your ministry survive?

This article is the second in a 3-part series on how to protect your ministry from serious computer-related loss. This time we’re going to focus on the basics of securing your network against potential inside and outside threats. In the final installment, we’ll cover what every ministry should know about software license compliance.

Good network security is an area many people in ministry neglect, simply because it can be so overwhelming. Even though there are lots of technical details involved with adequately securing your ministry’s network, if you focus on the handful of key areas presented in this article, you can prevent many of the potential threats you might face.

Passwords

The cornerstone of securing your network is to make sure you use strong, secure passwords. This is your first line of defense, and it’s often the weakest link in the chain. If someone can guess your password, they can impersonate you on the network and get to everything you have access to. Even worse, a hacker can use your password to try to “escalate” his level of access and possibly take over the whole network. Most ministries would suffer great loss if sensitive data (like donor information) was leaked out to the Internet by a hacker or disgruntled employee. Making sure your passwords are secure will help prevent this from happening.

Start by putting a password policy in writing. Some good practices to include in the policy are:

•Make all passwords at least 6 characters long, and require a mixture of numbers & upper/lowercase letters. They should be hard to guess, but still pretty easy for the users to remember.

•Require everyone to change their passwords on a regular basis and enforce a password history. This keeps users from recycling their old passwords again and again.

•Make sure no one writes their password on a “sticky note” and posts it in plain sight. This is a common security problem, and it’s almost as bad as having no password at all.

A good IT consultant can help with more suggestions, and these items can all be automatically enforced by your servers, so that everyone on the network will be protected.

Security Updates and Patches

Have you ever noticed that annoying message popping up at the bottom of your computer screen saying “New Updates Are Ready to Install”? Have you ever been tempted to ignore it? Don’t! Every month Microsoft releases security updates for many of their products, and the only way to stay secure is to install them faithfully.

As soon as software companies become aware of security problems, they release patches and updates to correct the issues. It’s your responsibility to download and install the patches so your system will stay up-to-date. I recommend configuring Automatic Updates on all your machines so this process will happen automatically. In a server environment, installing the latest updates can be automated for all your computers and managed from a central location. Just like maintenance on your car, you should plan to apply security patches and updates regularly to keep out potential hackers and viruses.

Firewall

If your ministry uses a dedicated high-speed Internet connection, make sure you have a good firewall in place. This device serves as a barrier to keep hackers out of your internal network. You would never dream of leaving your building at night without locking all the doors, and you should always make sure that the “doors” to your computer network are locked, as well. There are hardware and software firewalls available, but we usually recommend purchasing a hardware-based firewall for security and reliability reasons. Some good firewall manufacturers to check into include Cisco, SonicWall and WatchGuard.

Regular Security Audits

Another benefit of having a relationship with a good IT consultant is that they can perform ongoing security audits on your ministry network. Securing your passwords and applying all the current updates will help, but to make sure everything is locked down you should perform a thorough security audit at least once a year.

A competent, trusted IT consultant can approach your network like a hacker would, using many of the same hacker tools and techniques. He or she can try to penetrate your Internet firewall, test the strength of your passwords, verify the physical security of your data and backups, scan your whole network for security holes and vulnerabilities and provide a detailed report of the findings. They will also be able to give you recommendations and cost estimates on what it would take to fix any issues they find and thus increase the security of your ministry’s network.

Making sure your network is secure is still only another part of the solution. In the final installment of this series we’ll talk about some simple steps you can take to protect your ministry from huge fines and potential prosecution by making sure you comply with software licensing laws.

Donnie Schexnayder is a ministry technology expert. He holds industry certifications from Microsoft and CompTIA and has over 10 years experience in supporting churches and Christian ministries with technology. With a mixture of passion and expertise, Donnie helps ministries advance their mission of bringing the Gospel of Jesus Christ to the ends of the earth by using cutting-edge technology. Donnie lives with his wife and 2 children in Colorado Springs, CO.