Home and office - Network security in the Internet Age
Sunday, August 15, 2004
With broadband Internet connections now running in more than 50 percent of American homes and making significant inroads in small and medium businesses, the threat of malicious viruses, hacker attacks and other forms of Internet mischief has never been greater.
Taking advantage of this powerful technology without falling victim to potential perils is easier than you would think. It does, however, require some diligence. In securing your network and your users there are three key components to consider: firewalls, wireless security and virus/content protection.
Firewall: The first line of defense
Typical broadband Internet service, either ADSL or cable based, is provided via a specialized modem (i.e., cable modem/ADSL modem) that connects to your computer. In cases where the broadband connection is shared among multiple computers, a router may also be integrated with the modem.
Routers typically provide a basic level of firewall protection by making the addresses of the devices in your network "invisible" to the Internet. Unfortunately, many techniques used by hackers can defeat this type of firewall capability.
To assure real security, you need to place a SPI (Stateful Packet Inspection) firewall between your Internet connection and your network. Firewall appliances, like the USR8200 from U.S. Robotics, actually inspect each package of data and each request to connect to your network for potential malicious code, rejecting those that represent a threat.
A rock-solid firewall eliminates Internet threats while allowing seamless connections to the information you desire.
Wireless, wireless everywhere
As the use of wireless networking has exploded, so has network vulnerability, especially for homes and small businesses that typically do not have sophisticated support available. The good news is that wireless security was an important consideration in the development of wireless standards.
All wireless solutions (802.11b and 802.11g) come with basic encryption technologies, typically 56/128-bit. This provides for a passkey for allowed connections up to 128 characters long -- not easy to crack. Some products even expand this encryption to 256 bits. In addition, there is the Wireless Protected Access (WPA) standard included in many wireless products that can be turned on to add an additional layer of security.
Additionally, every network device has a unique MAC address authentication, a 10-digit alphanumeric code. By inputting this code into the wireless router or access point for each computer or other device on your network, only those addresses specifically authorized can connect to it. While none of these is entirely infallible, each provides powerful protection for your wireless network.
With network and wireless security in place, the third tier of security focuses on threats in the form of viruses and inappropriate content. Viruses can infect your computers from malicious Web sites, email and files (from diskettes, etc.). Every computer on your network should have an anti-virus software package running (i.e., Symantec Anti-Virus, McAfee VirusScan, etc.). Keep in mind those virus developers are constantly inventing new ways to cause a nuisance. Be sure to subscribe to anti-virus updates in order to maintain strong protection.
Internet content filtering also is an important component of network security. With the vast amount of information on the Web, the ability to limit access to inappropriate Web sites is a real concern for both homes (e.g., age specific restrictions) and business (e.g., lost productivity). A simple but powerful content filtering service, like that provided by SurfControl, allows you to choose categories of information to block, on a user-by-user basis. Again, constant updates are key, as Web sites are added daily.
In summary, to be sure that your network is secure and your network users are protected:
* Add an SPI firewall between your broadband modem and your network.
* Take advantage of the security protection built into your wireless products, at least turning on the encryption capability.
* Install anti-virus software and subscribe to the service for the latest updates.
* Consider adding content filtering to eliminate inappropriate Web surfing/content downloads.