Search

Thursday, 15 May 2008

Network Security

As an IT consultant something which must always be at the forefront of my mind when offering advice to a client is the security of the network. These days nearly everyone that I meet has a permanent broadband connection to the internet, normally ADSL via the phone line. While this is by all accounts a very positive move forwards for everyone, especially those of us in a rural location, a permanent connection does have its drawbacks.

Unfortunately, it does mean that we are exposed to the more lawless elements of the internet. For now, I'm going to ignore the exploits that we all hear about through the press, where someone has clicked on the wrong link in their web browser or opened a dodgy email and concentrate on those who attack the network itself across the internet. These are people, commonly referred to as hackers, who will, given half a chance like nothing better than to gain access to your computers, rifle through your files (maybe looking for passwords and/or credit card details) and perhaps leave some malware behind for good measure. To protect ourselves we need to have, at a minimum, a firewall between the computer and the internet.

Many hackers attempt to gain entry to a computer by sending small messages to the computer that are designed to open a way in to the computer to gain control, usually these messages will be rebuffed as the vulnerability in the software that it is trying to exploit will have been patched (that's why regular use of Windows update is so important). But they can also (and should) be rebuffed before they get to the operating system by the use of a good firewall. One way of looking at the job of a firewall it is to think of it as a castle wall standing between you and the arrows and artillery of the enemy outside.

When thinking about network security we should take that castle analogy a little further and remember that the most robust and impressive medieval castles consisted of more than one wall, the idea being that as one was breached the defenders had something to fall back to. We must think of our network in the same way. Most small businesses connect to the internet using a router with a built in ADSL modem, this router may well also be a Wi-Fi access point. These routers normally include a simple firewall which should be turned on and used as the first line of defence, they aren't perfect but it's a lot better than nothing at all.

The second line of defence should be the security software that you run on your computer. At a minimum this should include a firewall and anti-virus and anti-spyware scanners. With that in place then you have a reasonably secure network, providing you've only got two or three computers plugged into the router and sharing the internet connection. When you move up to the next level of network (which we all do as our businesses grow) with several computers connecting to a server and all sharing the internet connection, then our problems get bigger and that firewall in the router is no longer enough - but that's a topic for another post!

Comments
To leave a comment please login
Register