=================================================

Keep Information Secure from Intruders

Written by Joshua George

Capitol College, WA

MS in Network Security

============================================

Today, companies of all sizes have unique information in order to be competitive in their markets.  If by chance, their unique information gets manipulated, made public, or even destroyed, a company could lose their competitive advantage, compromising the viability of the business.  While keeping information secure and protected can be financially daunting, this guide is intended to educate entrepreneurs and small businesses to develop information assurance and security in a cost-effective manner.

              To keep information secure from intruders, one needs to understand the tactics and methodologies intruders use to break into networks.  The most common tactics used are through the following:  

• Ports
• Trojan Horses
• Backdoors
• Third-party software
• Social Engineering (pretending to be someone else to acquire confidential information)
• Services (tools integrated into an operating system)
• Passwords
• Indirect Sources (websites, newsgroups, etc.)
• Direct Sources (using employees to get information)

While it’s impossible to assure 100% protection in any of these categories, here is a simple ten-step process to greatly decrease the probability of intruders:

• Keep current on all patches and updates on network operating systems, its services and third party software. Updates are continuously created to patch known exploits (weaknesses). 

• Make sure the network has updated virus scanners to prevent Trojan Horses and backdoors from getting into a network.

• Install an intrusion detection system to identify attackers in action.  Also, check your logs constantly to ensure no outsiders are entering a network without anyone’s knowledge.

• Use multiple firewalls, both internal and external.  Avoid default settings because they usually are not secure.

• Use strong passwords which have at least twelve characters composed of letters, numbers, and special symbols. They should be changed every couple of weeks.

• Use encryption in all communication.  The more encrypted information is, the harder it is for outsiders to decipher and read.

• Minimize open ports. The more ports that are open, the more opportunities an attacker has to compromise a network.  Ports are opened through services and third-party software.  Stop unused programs and services from running on a computers background to close ports.

• Be cautious of social engineering.  Social engineers use psychology via email and telephone to exploit people’s feelings, thus making them more vulnerable to help intruders. The best defense for social engineering is to develop and enforce policies.

• Minimize personal information on the company’s website. Do not disclose full names, phone numbers, detailed technology updates, etc.  If this information is necessary, try using initials for first names and keep company updates short and brief.

• Develop a positive corporate culture. Unhappy employees are more liable to be direct sources of information for intruders as compared to happy employees.

In the end, a company must balance between security and functionality.  If a company’s networks are too secure, it reduces employee functionality. On the other hand, excessively functional networks become vulnerable to attack. Through determining a proper security-functionality balance and following these ten steps, any company is guaranteed more secure informational assets.