In the past security exploits where generally created by several groups of people, namely kids/adults who wanted attention or “rep” by compromising the largest number of computers or terrorists who wanted to disable the economies of foreign states. Recently, however, the scene has shifted significantly.
Currently the most outstanding threat to computer users comes from organized crime. While in the older days (e.g. 1980s and 1990s) there wasn’t much money in the internet – now there is large sums and it is growing continuously. This means that there is plenty of opportunity for unprincipled individuals to avail themselves of unsuspecting individuals and fleece them for as much as they can.
The second group which has even more recently come into play is governments. Governments recognize the importance of our information technologies infrastructure and are gearing up for “cyberwarfare.” Many countries are already actively involved in launching or defending against attacks.
Needless to say, security is an important part of any system administrator’s job. Depending on the size of your company you may have an individual or even a team of individuals saddled solely with the responsibility of securing your network – there is even an executive position – CSO (Chief Security Officer) that may be in place to handle these issues. For many smaller companies, however, security management rests on the shoulders of the administrator(s).
In this section we will discuss various methods of protecting one’s network. It is by no means an all-inclusive list but should give some starting points as far as software goes in securing the network.
- Firewall – Most companies have hardware firewalls in place and we have discussed hardware firewalls elsewhere. These firewalls ensure that only certain portions of the network are open to the outside world, thus minimizing the likelihood of hackers or viruses penetrating the network. Still, some computers will require firewalls at the individual machine level, especially any form of mobile device (e.g. laptops) as they are oftentimes removed from the protection of the office firewall. The best known vendor of software firewalls is ZoneAlarm, while Microsoft has also included a built-in firewall with Windows which has become progressively more featureful and robust.
- Anti-Malware – In the beginning there was only anti-virus software, but then spyware and adware propagated. Each of these oftentimes had separate software applications to handle them nowadays most good anti-malware applications handle all of these and sometimes other threats. Still, in the arena of anti-spyware and anti-adware there are a few good products remaining including Lavasoft’s Ad-Aware, Spybot (free), Microsoft’s Windows Defender (free), Malwarebytes, and Webroot’s Spy Sweeper. In the arena of anti-malware generally there is a great variety of quality vendors. Amongst the most well-known are Symantec and McAfee but other quality vendors include Kaspersky, Avast, Grisoft, Microsoft Forefront, BitDefender, eEye, and F-Secure.
- Vulnerability Assessment – A software program that evaluates your network for known weaknesses, such as unpatched machines, misconfigured firewalls, or dangerous software. Companies such as eEye, Qualys, Hacker Safe, and AdventNet offer products in this arena.
- Intrusion Detection System (IDS) – An application that monitors the network for unusual traffic that may indicate a network compromise. Application companies in this arena include Snort (open source/free) and eEye.
- Patch Management – Ensuring that devices are updated with the latest firmware and software is important, especially when these patches relate to security vulnerabilities. One can get the free Microsoft WSUS to handle Windows Updates. BigFix is a popular choice for general patch management.