IT security is an important as well as critical factor in today's business world. However, it's still hard for small and medium-sized businesses to apply the manpower and money to make their security better. Here's a list of the Top 10 items you should check before you even start your security project. As all these have same importance these are not in any particular order.
1. Choose your platforms wisely. Many small businesses had suffered through the recent economic downturn, though business is improving. There couldn't be a better time to retire any remaining Windows 9x devices you're allowing on the network. These computers have absolute no security. Windows 2000 or XP would be a great replacement.
2. Replace your old network equipment by some new one. Perhaps you are one of the few organizations that is still using hubs. If so, you should replace them. They have a low bandwidth as well as they are also a security risk because they allow anyone on the network to easily eavesdrop on sensitive traffic.
3. Patch your Web server. Sure, you have some dedicated IP addresses and computers which are capable of hosting your Web site, but should you really do it? This all depends on the amount of time and effort you can devote to this activity. It is important to know that your Web site is the one thing that attackers can easily find and access. So be sure you update your Web server software regularly. Be sure you are always running the latest versions of software to stay ahead of attackers; otherwise they could use your Web server as a beachhead into your network.
4. Forget about peer-to-peer. Maybe the small satellite office you maintain seems to work fine with a peer-to-peer network. If so then get rid of it! Peer-to-peer networks should not be in any size of business. They lack security and have no centralized control and is a security disaster going to happen.
5. Change default passwords. I am sure some of you are saying, "Everyone changes their passwords!" Well, it's not true. I cannot count the number of security assessments I have performed where unauthorized access was but one password away because the passwords had never been changed. I found some default passwords. If you see your password on this list, please take a few minutes to change it.
6. Enforce a strong password policy. Everyone likes easy passwords, but it is critical to enforce a strong password policy. Microsoft makes a free tool called Passprop, which makes configuring strong password policies.
7. Educate your employees. If you can't afford this year's newest security gizmo, if so then no problem. Many network security breaches are human-based so just spend extra time educating your employees on the importance of IT security. This process should start the day an employee is hired and continue throughout his/her employment. Contests, newsletters, tips and policy reminders are all easy ways to get the message out that security is everyone's job.
8. Think about total security. I wish I could tell you that security is something that can be done and then forgotten about, but this is not the case. Security is a process, not a product. Practice really makes one perfect or at least very close to perfect!
9. It is not just the outsiders. While you may have installed a firewall or other border device to keep the bad guys out, just remember that firewalls only secure the perimeter. The best approach is "defense in depth." One idea is to install host-based firewalls on internal devices.
10. Beware of the cleaning crew. It is unfortunate but true, that once everyone has gone home, the lingering employees and other after-hours crews are sometimes overlooked as being security threats. These people usually have full access to the facility and are aware that not many people are around. Don’t think that they cannot do anything.
No comments:
Post a Comment