|
Why care about Internal Network Security ?
Many normal users, such as employees within a company, should not have access to each other's machines, to administrative
functions, to network devices or similar rights. Incorrectly configured security could allow a user with minimal
skills to be able to do a successful penetration and achieve remote administrative rights of your network within
a few minutes of exploration.
Because internal networks need to be flexible for normal operation, internal networks cannot afford the maximum
security needed. However with no security at all, internal users can be a major threat for many internal networks.
Imagine that a user within the company already has access to many resources and does not need to bypass firewalls
or other security mechanisms which prevent non-trusted sources, such as internet users, to access the internal
network. Such an internal user could also make sure that it is difficult to identify or even detect heir presence.
Other than internal users, poor network security will mean that once a hacker gets hold of a computer within your
network, he or she also has access to the rest of the internal network. Many holes exist which allow hackers to
tunnel through different protocols, such as SMTP (e-mail) and HTTP, to bypass security mechanisms such as firewalls.
Such attacks will allow a more sophisticated attacker to easily penetrate and get administrative rights over an
internal network, meaning confidential e-mails and documents can be read, computers can be trashed leading to loss
of information, possible business information leakage and other problems.
Is your company at risk? I think that most companies that believe they have adequate security and don't believe
they could be attacked or believe they are too small a target are not performing the steps necessary to prevent
an attack. Think about it in terms of a learning curve. Keep up to date on the newest technologies and techniques
hackers and other unwanted visitors may use. And make sure you routinly try penetration tests on your own network
to discover it's current holes in security. Computer networks tie our country together which is one of our greatest
strengths but may also be one of our greatest weaknesses when it comes to attacks.
Seven Simple Computer Security Tips
for Small Business and Home Computer Users
consult www.nipc.gov for more information
1. Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords
to all accounts.
2. Make regular backups of critical data. Backups must be made at least once each day. Larger organizations
should perform a full backup weekly and incremental backups every day. At least once a month the backup media should
be verified.
3. Use virus protection software. That means three things: having it on your computer in the first place,
checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
4. Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software
products. They are essential for those who keep their computers online through the popular DSL and cable modem
connections but they are also valuable for those who still dial in.
5. Do not keep computers online when not in use. Either shut them off or physically disconnect them from
Internet connection.
6. Do not open e-mail attachments from strangers, regardless of how enticing the Subject Line or attachment
may be. Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been
sent without that person’s knowledge from an infected machine.
7. Regularly download security patches from your software vendors.
Survey for network security
1) Do you have a computer network?
2) Do you have someone on staff that maintains your computer network?
3) If you do have someone on staff to maintain your network, how up to date is their network security knowledge
and training?
4) Would you be interested in a free quick test for your network maintenance person?
5) Do you use an outside company to either maintain or repair your network?
6) Have you ever had a virus on your network?
7) Have you ever lost data due to a power surge, storm, or other catastrophe?
8) What was the longest your network was down?
9) Has your network ever been attacked malicious or otherwise?
10) Do you store important or sensitive data on your server?
11) Do you have a recovery procedure or disaster plan in case your network fails or you are attacked?
12) Did you know that the government is taking steps to make it mandatory to protect your network from attacks?
13) Would you like to have a professional company come to your business and do a sweep of basic network security
issues for free?
14) If a company came to your business and found issues with your network security would you consider them a resource
to call on to update your security?
Common Terms Used
Cybersquatting: The practice of registering domain names that are TRADEMARKED or FAMOUS names in the hopes
that the rightful owners will buy at a premium.
--------------------------------------------------------------------------------
Delegated Network Size: The number of IP addresses that this company delegated from this network. This is
representative of how many computers are actually connected to this network.
--------------------------------------------------------------------------------
Domains: A name which has 'name server' records associated with them to identify hosts or sub domains within
that name space.
--------------------------------------------------------------------------------
Domains Name Investing: The practice of registering GENERIC names to be sold in the aftermarket at a premium,
much like real estate investors.
--------------------------------------------------------------------------------
DNS (Domain Name Service):
DNS is the service which translates human recoginizable names (ex. www.netfactual.com) to their corresponding IP
addresses which are used by the computers to address each other during communication.
--------------------------------------------------------------------------------
Generic Top Level Domain (gTLDs):
The seven original Top Level Domains (com,edu,gov,mil,net,org,int). These are the Top Level domains domains in
use today.
--------------------------------------------------------------------------------
Hyper-Text Markup Language(HTML) :
HTML is the main language of the web developed solely for the purpose of presenting information. The language is
maintained by the World Wide Web Consotium (W3C) with International acceptance.
--------------------------------------------------------------------------------
Internet Corporation for Assigned Names and Numbers
(ICANN) :
This is the body that governs the registrars.
--------------------------------------------------------------------------------
IP Address:
Each interface of each computer on the Internet is identified by a unique number known as its 'IP Address'. The
names (ex. www.netfactual.com) that we are familar with are translated to the correct IP Address using DNS. When
two computers communicate across the Internet, they address / identify each other via their IP addresses.
--------------------------------------------------------------------------------
MetaTag: The Meta element is used in identifying meta-information. The meta information currently available
is refresh, keywords, description, PICS identification, author, generator, content-type, expires, transition, and
duration. Web browsers ignore this META element usage.
Meta Refresh: A meta refresh is a metatag with a refresh value to automatically direct visitors to a new
page after a specified number of seconds. It is typically used to redirect someone from a page that has moved or
to display a brief message. Web browsers ignore this META element usage.
Meta Keywords: A meta keyword is a metatag with a keyword value used to help enable search engines to index.
The "Keywords" value for the NAME attribute is a comma separated list of keywords relating to the current
web page. Web browsers ignore this META element usage.
Meta Description: A meta description is a metatag with a description value used to help enable search engines
to index. The "Description" value for the NAME attribute represents the current website description summary.
Web browsers ignore this META element usage.
Meta Author: The author value for a metatag is used typically by companies and consultants promoting their
work with the HTML page. Web browsers ignore this META element usage.
Meta Generator: The "Generator" value for the NAME attribute is very commonly inserted into documents
by HTML editor programs. It specifies as a value the name of the editor that generated the code. Web browsers ignore
this META element usage.
PICS Generation: The Platform for Internet Content Selection (PICS) is a system designed to associate categorizing
labels with document content. The system originated as a method to help control access to questionable content,
but can also be used to label and classify other types of document content as well, such as code signing, privacy,
and intellectual property rights management.
Multi-homed: A company has more than one Tier 1 Internet Service Provider from which this company purchases
Internet services.
--------------------------------------------------------------------------------
Network Service Provider(s): The company (or companies) that provide the Internet access for this network.
--------------------------------------------------------------------------------
Registrar:
One of the companies authorized to register domain names.
--------------------------------------------------------------------------------
SSL:
Secure Socket Layer - This is a protocol primarly used to secure communications across the Internet. It uses certificates
issued from certificate authorities to verify that a client is speaking to who they think they are, as well as
add a layer of encryption to the session in order to keep the conversation private.
--------------------------------------------------------------------------------
SSL Certifcates: SSL (Secure Sockets Layer) is a program layer that manages the security of message transmissions
in a network. It is commonly associated with E-Commerce. If a site is SSL Capable, than it has the capability of
providing secure transactions which are normally but not necessarily performing E-Commerce. Data is passed back
and forth between a client and a server program in a network or between program layers in the same computer. Your
browser uses the public-and-private key encryption system from RSA.
--------------------------------------------------------------------------------
Subnet Growth (# of Networks): The number of sub-networks added to this network in the last quarter.
--------------------------------------------------------------------------------
Subnet Growth (%): The percent growth of sub-networks in this network in the last quarter.
--------------------------------------------------------------------------------
Total Network Size: Maximum number of IP addresses that make up this network. This is representative of
how many computers can be connected to this network. (Total Network Size = Delegated Network Size + Un-delegated
Network Size)
--------------------------------------------------------------------------------
Top Level Domain: A top-level domain (TLD) is the portion of a Uniform Resource Locator (URL) or Internet
address that identifies the general type of Internet domain, such as "com" for "commercial,"
"edu" for "educational," and so forth.
--------------------------------------------------------------------------------
Un-delegated Network Size: The number of IP addresses that a company has not delegated from their network.
This is representative of potentially how many more computers can be connected to this network.
--------------------------------------------------------------------------------
Unique Sub-Networks Count: The number of networks that are delegated as sub-networks to other companies
by this ISP.
--------------------------------------------------------------------------------
Uniform Resource Locator (URL): Made up of the format protocol://user:password@host:port/path_to_resource
the most common example of this is for the 'web'. (example: http://www.netfactual.com)
--------------------------------------------------------------------------------
Unique Non-Subnet Domain Count: The number of companies that outsourced their web sites to this ISP. Total
number of domain names that are on this ISPs Un-delegated network.
--------------------------------------------------------------------------------
Webserver: A Web server is a program that serves files that form Web pages. Every computer on the Internet
that contains a Web site must have a Web server program.
|
