October 15, 2018 Contact Us At (559) 733-1940       Login   
  
 
ResourcesIs your network Secure?    

Torian Group, Inc. - Live Support

 

 
Newsletter Sign-Up
 
 
Is your network Secure?

Is Your Network Secure?
 Technology with Integrity

By Tim Torian, Torian Group, Inc.

 

The SQL Slammer worm brought down a good part of the internet for a couple of days recently. This emphasizes the importance of having a security plan for your computer network, and keeping up with security updates.

Computer security is a big topic, but the biggest risks are easy to identify and prevent. The correct approach this:
1. Identify the information and resources that are important to your business.
2. Determine what bad things could happen – both deliberate and accidental.
3. Figure out how likely they are and what it would cost you if they did. This gives you a way of quantifying risk:  (% likelihood of risk) times (Dollar cost of potential hazard) = Risk Value
4. Estimate the cost of prevention, and the associated reduction in risk. This reduction can come from eliminating the cause, or from reducing the amount of potential damage. Compare that with the Risk value, and set priorities based on getting the most for your money.

Here are some of the top risks according to security experts:

1. Poor password policies. Many companies have no passwords, or ones that are easily guessed. Often people put their passwords on sticky notes next to the computer. The remedy is a good security policy, and educating your staff on its importance.

2. Improper network design, particularly not having a good firewall. A large percentage of the security risks from the internet are caused by the ability to connect from the outside to some program that is running on your network computers. A firewall is a filter that allows only certain kinds of information in and out of your network. It “hides” your computers from the internet. Simple firewalls for DSL or Cable connections cost less than $100. This is as important at home, particularly if you have a cable connection. Without some kind of firewall, everyone on the internet is a part of your computer network, and can connect to your printers, your hard drives etc. just like other computers in your office. You can easily do a basic check on your network to see what internet users can see from the outside: go to https://grc.com/x/ne.dll?bh0bkyd2 and click on “test my shields”.  The site has very good help, and explanations of what you find out about your network.

3. Antivirus Protection. Antivirus software works in two ways: it scans files for known patterns, called virus signatures, and takes action if a match is found. It also looks for activities that normal software would not be doing, such as modifying key files in your operating system. New Viruses are being developed every day. The more current your pattern files are, the more likely it is to protect you from viruses. Most antivirus programs can be set to automatically check via the internet for the latest updates and install them for you. Even the best antivirus software cannot protect you from a virus that has just been released, because it will not yet have the matching pattern to check against. That’s why it is essential to educate your staff to not do things that increase your risk. The most important are: Don’t open email attachments unless you are expecting them from a known and trusted source; Don’t download anything from the internet unless it is a known and trusted vendor; and Don’t bring in files from home or other places that might not be protected from viruses. These kinds of things belong in your computer use policy.

In addition to workstation antivirus software, you should have antivirus software on your server, and a separate program that scans email if you have an email server. There is also antivirus software that can scan files from the web if you have an internet proxy server.

A worm is a piece of software that installs itself on other computers, which then seek out more computers to install the software on. The SQL Slammer worm created so much network traffic from computers that were seeking other computers to infect that it slowed down parts of the internet to a crawl. Because it connects as a network service, people with a firewall were protected. In contrast, a virus is embedded in a program or other computer file, and copies itself when that program or file is executed.

4. Good backups. All kinds of problems can be mitigated with good backups. Your backup plan should include a way of retrieving a file from a particular point in time. You may discover that an important file was damaged, and that the damage occurred some time last week. With a good backup plan, you can retrieve the file from last week’s backup or from 3 weeks ago if necessary. Keep a recent full backup off site, in case the unthinkable happens. Make sure you could rebuild your computer system from scratch if necessary – have a disaster recovery plan. This means having off site copies of your system software, and your backup software, as well as the actual backups.

5. Stay current with security updates. Microsoft has made it very easy to update your computer using the windows update feature in your web browser. Most security flaws are well known and have fixes available. Most security problems are caused by not applying the fixes.

6. Good HR practices, backed up with access controls. More than half the computer security problems involve employees in some way. Be careful in hiring and firing – make sure unhappy employees don’t have the opportunity to damage your business. Have a computer use policy, and enforce it. Identify sensitive information, and think through who has access to it. Set rights to restrict access to files, and use auditing to see who is attempting unauthorized access.

80% of the companies that lose their data go out of business within 2 years. Information is an asset, and needs to be protected just like other business assets. The first step is in knowing what information you have, how it is stored and used, and what could happen to it. Computer security does not have to be expensive or complicated. A few simple precautions can protect you from the vast majority of risks.


Tim Torian has taught computer networking at the College of Sequoias and Cal Poly Extension. He has a BS in Computer Science, and has been consulting on computer networking for the past 30 Years. His industry certifications include: Cisco CCNA and CCNI, Microsoft MCSE. He was recognized as Entrepreneur of the year for 2008 by the Tulare County EDC. He is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, web and custom software development. www.toriangroup.com

     
 

Torian Group, Inc. Phone: (559) 733-1940  Fax: (559) 532-0207  Contact us