All computers in the office are networked, the printers and scanners are accessible, and the access to the Internet as well as the retrieval of the e-mails also work. So all right and no further measures necessary? If you want to be sure that your office is safe to operate, you should be concerned about the security of your network.
1. Check Point: Which devices are really on the network?
The checkpoints in this article do not claim to be complete, but give a good indication that regular action can make small networks safer, with basic security devices such as antivirus software on the systems.
2. Check-Point: Updates, patches and new versions
If a network installation is restricted to a physical space, users should be able to find and name all devices connected to the network by means of visual control. However, do you also know how these devices are ordered, and are you sure you have really captured all the devices? So it is also useful in smaller networks to regularly check which devices are on your network and which software is installed on them.
3. Check point: Device protection - who has connected what?
With small installations of four to five devices in total, it is certainly fast and easy to record them in an Excel spreadsheet, for example. Keep in mind, however, that there are more devices than just computers on the network: printers, scanners and routers, as well as mobile devices that are regularly operated on the network, should be part of this lineup. This is the only way to ensure that there are no vulnerabilities and potential threats from unknown devices enter the network.
4. Check-Point: How does it look on the router?
Professional administrators in company networks use special software, which automatically scans systems and programs in the network, finds devices and programs and places them in a table or database. But also for smaller network installations, there are corresponding programs that can make this work easier. The freeware Softperfect Network Scanner, which is unfortunately only available in English, allows users, for example, to quickly determine which systems and which hardware configuration are in their network. By means of such a software, it is then also possible, for example, to determine which UPnP devices are active in the network. This is unintended, but is usually undesirable for security reasons.
Fing test-full control in home network
Even file servers, which perhaps a user has activated without knowledge of the responsible person, are so discovered. Some professional tools for inventorying networks are also available in free versions if the number of devices does not exceed 15 or 20 systems. Here the program of the American company Aagon or the American administration tool LOGINventory offer itself as good solutions. However, both programs require some time to work from the user, but they can also give him a comprehensive overview of the systems and programs in his network.
The second checkpoint also refers to the individual workstations in the small network and to their software. Already for licensing reasons, those responsible for the network should know how often and on which computer a software is installed. This information can usually also be read out and collected using the tools presented in the first checkpoint. Another important point is the updates and patches. Although it is now clear to most users that it does not make sense to disable the automatic updates for the Microsoft operating systems, the applications are often forgotten. Only too often is
Malicious software through gaps in application programs that are not or only insufficiently patched into the network. Two negative examples are certainly the Java software - which should be ignored by their installation in their own network, so to speak non-important reasons for their use - and the Adobe Flash software.
But also here software tools can help: The free solution PSI (Personal Software Inspector) of the Danish company Secunia allows, for example, to examine the PCs and the software installed on it to their release level. The manufacturer runs a very up-to-date database, and the software can be installed in such a way that it automatically supplies the computers with the necessary updates. If you want to install new Windows computers with Office programs in your network and do not have a Windows Server with the Windows Update Service (WSUS), you should also consider using the WSUS Offline Update open source solution that helps To keep the system up-to-date with the latest Microsoft Office software.
What use the sophisticated firewall systems with highly complex rules when users connect all conceivable USB devices to their systems? It is not obscure USB sticks, which a user immerses in his computer, but also first unsuspected devices such as cameras, MP-3 players or smartphones, which then bring malicious software to the computers. Many responsible persons believe that this danger is sufficiently banned by the anti-virus software installed everywhere today: Current cases prove that unfortunately is not so. Here, it is useful to use solutions that can control and prevent the use and access to the USB and, ideally, to other connections such as Firewire and Bluetooth.
The freeware solution USB Watcher is such a program that can use the standard means of the Windows systems to prevent users from storing data on unknown USB devices or using them on their system. Anyone who has a larger network and who also has concerns that, among other things, also ignore important company data through copies from his network, should then consider the use of a so-called DLP solution (Data Leak Prevention). The solution is DeviceLock, which can be used free of charge for 30 days.
Hand on your heart - when did you last log on to the router, which controls the access of your network to the Internet? The experience shows that most users and those who are running a small network must first search the password for accessing the router's web interface, because no one has ever looked at the settings stored there . In this case, the case of the AVM routers, to which unauthorized accesses via the supposedly secure port 443 (for the protocol HTTPS) were carried out at the beginning of February 2017, shows how quickly a security gap can arise here.
5. Check-Point: What comes from the outside - and goes out?
The provider has responded very quickly in this case and an update of the firmware of its routers provided. But here again, the question arises: Who is responsible for checking the settings on the router, checking whether such updates are automatically imported or if not, ensure that these important software updates are coming to the device? Quite often, one of the rare looks at the settings of the routers also shows that an employee may have set up an external access via DynDNS a long time ago - but no one has ever thought of closing it again.
Test the security of computers on the network
6. Checkpoint: See all data packages with Wireshark
Therefore, the regular tasks must be to check the settings on the router and adjust accordingly. On this occasion, it is certainly also useful to deactivate the IPv6 forwarding on the router if this network protocol is not used in the network - many firewalls filter this traffic
Not right or not at all, and modern Windows systems such as Windows 7 or 8 automatically support this protocol.
Security gaps in applications and operating systems are among the biggest problems for all systems and networks: discovering such gaps and closing them as quickly as possible is essential. Until a problem is fixed, the security of the computer or the entire network often depends on this single component firewall.
Although usually the primary firewall (usually in a combiner with the router) protects the input and output of a network towards the Internet, you should nevertheless ensure that the firewall, which is activated by default on the Windows systems, is not switched off by the users: It is a security-relevant problem within the own network, the client systems are not protected by the firewall on the router. Therefore, the use of personal firewalls on these computers is recommended. If you are running a server, it should be protected against the client network by another central firewall.
While personal firewalls are often provided as freeware or shareware,
Hardware-based systems payable. But there are also basic versions for free use, such as the UTM Essential Firewall of the security company Sophos. This solution, which is based on a hardened Linux system, can be installed locally on a dedicated computer or in a virtual machine.
Especially if security problems have already existed or the responsible persons suspect this, then they need a tool with which they can analyze the network traffic down to the last detail. This is the task for a so-called sniffer: such programs examine the network traffic and then offer various analyzes for the analysis. A very well-known representative of this program category is the free software Wireshark, which was formerly known as "Ethereal". Weeshark, available for Unix, Linux, Solaris, OS X, BSD and Windows operating systems, is developed by the Wireshark community and distributed as free software under GPL.
To help users in the network do nothing
After installation, which can be easily done by any user in a matter of minutes, the software, which is available only in English, offers the possibility of recording the network traffic of a selected interface and viewing it directly on the monitor. For convenience, the user can save a recording (tcpdump) and reapply at a later time using the software. This is necessary, for example, if a network abnormality has to be analyzed at rest. Depending on the network size and the ability of the switch to use the necessary promiscuous mode, in which the device reads the complete network traffic of an interface, the user is confronted with a very large number of network packets, which are displayed by software on a double-click in detail.
Practically, the developers have implemented comprehensive filter functions, which a user can already use when recording for reduction to the desired selection of protocols, target or source addresses. The interested reader finds on the Internet many instructions on the Internet, which show in a few steps, how uncertain an uncrypted POP3, LPR or FTP connection over a network in reality is. From the sum of the data packets, savvy users can also restore the complete content of emails, printouts, or files.
No comments:
Post a Comment