It’s that time of year again. The snow is starting to fall here in the Philadelphia area, it’s getting colder out each day and the wind chill is near unbearable. We all bundle up inside of our cozy offices, homes, and cars and brave the next couple of months. While you’re just chillin’ out waiting for the cold to pass, why don’t you start a list of things that you need to complete over the winter time? These few months are the best months to get things done inside since you really don’t want to get out there and shovel the walkway anyway.
I know that I started mine early — and not just in my personal life either. Here are just a few of the security projects that I’ll be looking at in the coming year. Go ahead, use these as a guideline to start to create your company’s security wishlist.
- Network Access Control
- This is something that I’ve been looking into here at Southco for quite a while. Something like Cisco’s NAC or FreeNAC (a free network access control system built on Linux) software would do just fine. Anything to help keep the bad guys off your network. I know that for me, I can’t be everywhere at once so I need something else that can help me figure out who’s placing unknown or unprotected devices onto my network.
- Firewalls
- It’s never too late to start looking at protecting your network from the outside. Keeping unwanted users and computers outside of your network out is one of the first lines of defense to any network. I look at too many networks that simply use a router without any logging or access control lists to keep people out. Also note: Make sure that you know what you’re doing before building your NAT tables and ACLs on your devices so that you don’t interrupt business too much — the C-level people usually aren’t too keen to that sort of thing.
- Some products to look at are: Cisco’s ASAs, Juniper’s firewalls, IPCop (a free, open-source firewall)
- Security management software
- Nothing gets to me more than a messy security configuration — alright, dirty dishes and overflowing trash are bad too but you get the point. But second to the dirt and grime of everyday life, a security configuration on a firewall or VPN appliance that isn’t kept clean can’t make for a horrible time when it finally fails. Take for instance a firewall with 60 rules that are in no particular order, have no descriptions and are not backed up. When that firewall dies one day, you will have one hell of a time building a new one to fit your company’s business. Make sure you keep up with the access controls that you have in your organization with tools like Kiwi CatTools or if you’re a Cisco shop, Cisco’s CSM.
- Antivirus and malware protection
- Finally one of the most overlooked pieces of any network, antivirus and antimalware protection. It’s easy to forget that in most organizations a user can bring in documents from home on a USB drive, email themselves attachments or simply visit websites that contain malicious material. All of these are entrance points into your network for viruses and spyware and once they’re in, they can wreak havoc. If you do nothing else this year, please make sure that you have a product like AVG, McAfee or Norton installed on all of your computers, servers, appliances, and anything else you can install antivirus/malware software on in your network.
You’ll thank me later if you do only a couple of these tasks this year. When everyone else is hunting down where the Nimda virus started or how their company documents got stolen off of their servers and plastered on a torrent tracker, you’ll be sipping that hot cup of joe by the warm firewall — I mean place.