Wayne N. Kawamoto
Managing Editor, www.smallbusinesscomputing.com
According to Cameron Kelly Brown, IT expert and president of AMIT Consulting, the solution for securing a network from cyber attacks can be achieved by following and maintaining a five-step program that combines high-tech with common sense.
1) Do Not Rely on a Software-only Firewall Solution.
A firewall needs to be an external and independent hardware solutions, warns Brown, and not a software package running on the primary server. “There are some software packages that claim they can provide firewall protection without the need for separate hardware, but this cannot be recommended,” says Brown. “You can configure a standalone server with software to work as an external firewall device, but it must be dedicated to firewall use only and it must come between the Internet and your local area network.”
2) Separate Internet Hosting from Your LAN.
It is a grave mistake is to host your web site on your LAN using the same Internet pipe that is used for e-mail and web browsing. “At the barest minimum, you must have a separate port on your firewall for Internet hosting service areas and then run your LAN through a more secure port,” says Brown. “And for extra security, physically locate your host in an offsite location with secure backbones.”
3) Try to Rely on a Unix/linux-based E-mail Routing Host.
While Windows is still the dominant operating system, Brown favors its fast-rising rival to stop e-mail viruses from sneaking in. “The best is Unix, as it has yet to be breached with e-mail borne viruses,” says Brown. “Linux is almost as secure, but did have a landmark breach in 2000. However, that has yet to be repeated. Microsoft’s Exchange server is actually the least secure e-mail service host, with nearly all e-mail borne and server destroying viruses and other related breaches occurring on this platform. Exchange is fine as an internal e-mail distribution service with no direct connectivity to any external e-mail.”
4) Use a Comprehensive Anti-virus Package to Cover the Entire Network.
“Remember that besides protecting your network from e-mail borne viruses, you also want protection against server-infesting bugs, worms and viruses,” says Brown. “In searching for the right anti-virus package, make sure you install a solution which scans all content that is coming in through the e-mail system and the firewall…and also, scans all content going out, too. Furthermore, make sure the anti-virus package scans each client within the network to prevent the receipt and the creation of various digital intruders.”
5) Restrict Shady Web Sites & Ban “Rich E-mail.”
Shady web sites, besides diluting productivity, frequently contain digital time bombs that can crash browsers and even entire operating systems. “Rich e-mail” can be defined as media consisting of animation, video, audio and digital data which is transmitted via e-mail channels. “In the least, it can clog and even crash networks,” says Brown. “At worst, though, I could imagine a well funded terrorist organization using such a system to stream huge files into millions of e-mail boxes simultaneously, and thus causing major network and even client-level complications which could be quite difficult for a company to effectively prevent or remove.”
AMIT Consulting, LLC, is a New York-based business consulting firm focusing on IT, IS, MIS, e-commerce and advanced web technology solutions for companies and organizations of all sizes and in all industries.