Skip to main content

Best Practice for securing the organization network.

The best and most important practice is the creation and enforcement of I.T security policies, there must also have the system specific rules to address the policies for the individual systems & data. The policies can address or point to any security controls from password to backup, applications to servers. The most important of all is the proper use of the I.T resources. Each and everyone in the organization must have to understand his responsibility, must use the I.T resources in a limit. All the I.T security policies or other policies have to be available in the organizations intranet.The best of all practice is to have DMZ (Demilitarized) zone. DMZ is logical network separating LAN (Local Area Network) from the Internet (Untrusted Network.). DMZ provides the extra layer of security as it restricts the attackers or someone else to access the internal servers and data via internet. Any service that is being provided to users on the Internet should be placed in the DMZ. The most common of these services are: Web, Mail, and FTP.

There are various ways to design a network with a DMZ. The two most common methods are with a single or dual firewalls. These architectures can be expanded to create very complex architectures depending on the network requirements. A single firewall with at least three network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. Different sets of firewall rules for traffic between the Internet and the DMZ, the LAN and the DMZ, and the LAN and the Internet tightly control which ports and types of traffic are allowed into the DMZ from the Internet, limit connectivity to specific hosts in the internal network, and prevent unrequested connections either to the Internet or the internal LAN from the DMZ.

A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the DMZ to the internal network. This is considered more secure since two devices would need to be compromised before an attacker could access the internal LAN.

Always keep the inventory of all the devices (Laptops, desktops, routers, switches, and firewalls including the Operating Systems installed on each devices etc.), provide the limited internet access, user’s must not have the access to USB, CD-ROM or other peripheral devices.

The users must not have the administrative rights.

Antivirus have to be installed on all the system and must be up-to-date, auto scanning have to be configured.

No unauthorized & Unwanted software must be installed which are not meeting the organization need and requirement.

 Different departments users must have their data kept on the shared drive over file server must be permitted to access only their departmental folder.

Always have training session for the user’s to make them aware of the new trend in information security.

 Don’t ever click on to the attachment in the spam mail.

Don’t use your official mail Id on non-business sites.

Always lock the system if you are not on the desk.

Have the clear desk policy clear your desk before going to home at end of the day.

Always shutdown the system if you are no longer in the office.

Comments

Popular posts from this blog

DoS Attack: - Don’t let your network to be a next victim

Understand the Dos Attack, how it can cause damage to the network.  Internet the network of a network was the wonderful result of many geniuses and intelligent guys who has changed the world totally. Now a day everyone is free to access the internet from any corner of the world and with any devices. It is not secure to surf on internet as the internet is now is the hub of infections like: - viruses, worms, attacks, malwares and most important the hackers. No one is secure if you are surfing on internet you must have to keep in mind what to do and what not to do then only you are secure otherwise not. Everything is now digitalized, no need to go anywhere sit at home and do what you want to do, if you want to pay the bills (electricity, telephone, mobile) pay it online, you want to do shopping go to online shopping site do it and get your product delivered at your footstep, you need to buy a electronics purchase online, why to go to bank to transfer money do it through intern...

Take Email Security seriously

Now a days Email or Electronic Mail has become the important part of entire organizations as well as per personal life, now a days 5-10 % are dependent or relays on postal mail. Approximate 1000’s of the mails are send & received by each of the organizations related to work as email has made our life easy, fast and convenient, we are  now able to get response of our mail within a second. Now a day’s as a technology is changing we have to take the security of our IT assets or resources seriously most important is of Email security. Now a days hackers are creative and they can create mail which look life professional mail (either from bank, form other organizations) asking for your personal details. Some hackers make a fraud mail which looks like professionals’ mail having the attachments photos or something else at the backend bind with virus so as soon you open the mail system got infected with virus and can be a risk to entire network. Organizations have to provide the aware...