Network Security

Secure network is vitally important for most network systems.Whilst email viruses and denial-of-service attacks (DoS attack) maycause us headaches on our home systems, for businesses, these sorts of attacks can cripple a network for days – costing businesses hundreds of millions each year in lost revenue. Not to mention corporate legitimate to clients.

Creating secure network to prevent this type ofmalicious attack is usually of paramount importance for network administrators, and while most invest heavily in some forms of security measures there is often vulnerabilities inadvertently left exposed. Aswe always heards that security is as secure as the weakest link.

Firewalls are the best place to begin when you are trying to develop a secure network. A firewall can be implemented in either hardware or software, or most commonly a combination of both. Firewalls are used to prevent unauthorized users from accessing private networks connected to the Internet, especially local intranets. All traffic entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified criteria. If the packet do not meet security criteria then the system will not allowed those packets entering network system.

Anti-virus software works in two ways. Firstly it acts similarly to a firewall by blocking anything that is identified in its database as possibly malicious (viruses, Trojans, spyware etc). Secondly Anti-virus software is used to detect, and remove existing malware on a network systems or workstation.

You can build your own firewall by using linux, there is a lot of tutorial and white papers on how to build your simple yet powerful firewall by using open source programs. Many company start their simple security by using linux server as their first line of defense.

One of the most over-looked aspects of secure network is time synchronization. Network administrators either fail to realise the importance of synchronization between all devices on a network or the system simply don’t work. Failing to synchronize a network is often a common security issue. Not only can malicious users take advantage of computers running at different times but if a network is struck by an attack, identifying and rectifying the problem can be near impossible if every device is running on a different time.

Even when a network administrator is aware of the importance of time synchronization they often make a common security mistake when attempting to synchronize their network. Instead of investing in a dedicated time server that receives a secure source of UTC (Coordinated Universal Time) externally from their network using atomic clock sources like GPS, some network administrators opt to use a shortcut and use a source of Internet time.

There are two major security issues in using the Internet as a timeserver. Firstly, to allow the time code through the network a UDP port(123) has to be left open in the firewall. This can be taken advantage of by malicious users who can use this open port as an entrance to the network system. Secondly, the inbuilt security measure used by the time protocol NTP, known as authentication, doesn’t work across the Internet which means that NTP has no guarantee the time signal is coming from where it is supposed to.

To ensure that you have a secure network, isn’t it time you invested in an external dedicated NTP time server?

Other related articles:

• Kevin Rose at FOWA: DIGG Adopts OpenID – It’s definitely time to declare OpenID a winner and the hope for a single-sign on world a reality. This Digg news comes just after Microsoft and AOL announced their support as well. Yahoo, LiveJournal, and Wikipedia are among the other services that have previously announced adoption.
• George Willman: Patents for the Startup « www.brendonwilson.com – This is part of my set of notes from the Startup School 2006 sessions at Stanford. There are two major sets of issues with intellectual property: avoiding.
• A Web 2.0 Documentation Idea Gone Wrong | I’d Rather Be Writing … – Many of us want to integrate innovative Web 2.0 practices into our online help. But if we create blogs, wikis, or other interactive features outside the help file, users may never use them. I’ve been using SharePoint 2007 as a file …
• Society of Payment Security Professionals – Payment Security Blog … – The “Ultra Secure” Network Architecture. May 16th, 2007 by Jeff Hall Posted in Compliance, PCI DSS, Web Applications. network.jpg This is a somewhat self-serving post because it is related to an article I already wrote for my employer. …
• Coffee Shop Wireless Router | Arizona Coffee – Here’s an interesting device (~ $600). It’s a wireless router that enables you to run a public WiFi connection as well as a private network. I’m sure most.
• Felipe Alfaro Solana » Blog Archive » WPA Enterprise – This document explains how to set up WPA/WPA2 Enterprise using EAP-TTLS (with PAP) as the authentication mechanism. Introduction. The original IEEE 802.11 standard defined two basic security mechanisms: Open System Authentication, which …