|
As MySBK Inc. has evolved into a larger organization our IT needs have have grown and changed. Below are some of the ways we've kept up with security.
10 ways to secure your small business network
By William Reyor
Technical Director
MySBK Inc
Use a commercial grade firewall with at least the following features: Access, Security, and Error logging
Deep inspection – also called unified threat management or intrusion prevention
VPN support
Extensive inbound and outbound traffic filtering
(optional) Wireless – Enterprise WPA2 | Anything less isn’t secure
Secure your clients/desktops/laptops
Ensure windows updates are functioning
Enable encryption for remote laptop users (use EFS, Truecrypt, or PGP)
Install and use antivirus software that includes malware/adware blocking capability
Do not allow regular users local administrative access
Use commercial antivirus on all servers and desktop computers
For networks with more than 5 computers use a centrally managed solution from a known vendor such as: Symantec, Mcafee, Trend Micro, or Kaspersky
Antivirus software works on a yearly subscription basis know when your renewal is due.
Assign and enforce separate administrative logins for configuration, maintenance, and installations
Assign secondary administrative logins to IT staff
Enforce policy so that IT staff login normally as regular users
Utilize an email filtering hardware solution
Many viruses, malware, and phishing attacks originate from email.
Utilizing a spam filtering appliance such as a Barracuda.
Educate your users on the risks of viruses, malware, phishing, and social engineering.
Security awareness training is paramount to operating a secure network
See http://technet.microsoft.com/en-us/security/cc165442.aspx
Log everything, and keep logs for at least a year
On your servers you should be logging failed and successful login attempts, and auditing file access to all sensitive areas.
Use a syslog server to aggregate log information from all firewalls, severs, switches, routers, and network devices to a single location
Kiwi syslog is a free tool that will let you do this. see: http://www.kiwisyslog.com/
Use commercial backup software and keep at least one generation of backup off-site.
Define what in your organization you need to backup – this might include: Active directory, specific file shares, email stores, and server configuration data.
At least once of month test your backup solution by trying to restore a file
Use industry standard software which includes: Symantec Backup Exec or CA ARCserve
Assign someone in your organization the responsibility of monitoring the status of backups, anti-virus, workstation and server updates, and logs.
Keep extensive documentation of your entire network including:
Firewall rules.
Allowed desktop applications.
Anti-virus management procedures.
List of backup jobs and exactly what’s backed up.
Document to restore files, servers, or other critical data.
Network topology (using Visio or equivalent).
Document and approve all network changes before they take place.
For more information like this see http://www.nesit.net 10 ways to secure your small business network
By William Reyor
Technical Director
MySBK Inc
Use a commercial grade firewall with at least the following features: Access, Security, and Error logging
Deep inspection – also called unified threat management or intrusion prevention
VPN support
Extensive inbound and outbound traffic filtering
(optional) Wireless – Enterprise WPA2 | Anything less isn’t secure
Secure your clients/desktops/laptops
Ensure windows updates are functioning
Enable encryption for remote laptop users (use EFS, Truecrypt, or PGP)
Install and use antivirus software that includes malware/adware blocking capability
Do not allow regular users local administrative access
Use commercial antivirus on all servers and desktop computers
For networks with more than 5 computers use a centrally managed solution from a known vendor such as: Symantec, Mcafee, Trend Micro, or Kaspersky
Antivirus software works on a yearly subscription basis know when your renewal is due.
Assign and enforce separate administrative logins for configuration, maintenance, and installations
Assign secondary administrative logins to IT staff
Enforce policy so that IT staff login normally as regular users
Utilize an email filtering hardware solution
Many viruses, malware, and phishing attacks originate from email.
Utilizing a spam filtering appliance such as a Barracuda.
Educate your users on the risks of viruses, malware, phishing, and social engineering.
Security awareness training is paramount to operating a secure network
See http://technet.microsoft.com/en-us/security/cc165442.aspx
Log everything, and keep logs for at least a year
On your servers you should be logging failed and successful login attempts, and auditing file access to all sensitive areas.
Use a syslog server to aggregate log information from all firewalls, severs, switches, routers, and network devices to a single location
Kiwi syslog is a free tool that will let you do this. see: http://www.kiwisyslog.com/
Use commercial backup software and keep at least one generation of backup off-site.
Define what in your organization you need to backup – this might include: Active directory, specific file shares, email stores, and server configuration data.
At least once of month test your backup solution by trying to restore a file
Use industry standard software which includes: Symantec Backup Exec or CA ARCserve
Assign someone in your organization the responsibility of monitoring the status of backups, anti-virus, workstation and server updates, and logs.
Keep extensive documentation of your entire network including:
Firewall rules.
Allowed desktop applications.
Anti-virus management procedures.
List of backup jobs and exactly what’s backed up.
Document to restore files, servers, or other critical data.
Network topology (using Visio or equivalent).
Document and approve all network changes before they take place.
For additional articles like this see http://www.nesit.net |
