Prevent attacks On your Enterprise Network 

If someone tells you he is the network administrator, an external consultant or an influential person in an organization that you have just joined and asks you for your username and password, would you give it? Probably, yes. You'd think, "It's the network administrator after all, and he's supposed to know what he's doing." Or, "How can I refuse a senior manager? He's saying he needs it to get some critical information." In either case, think again.

	Get Ready for the Intruder Security is not about simply investing in equipment; it's about putting in a security life cycle that's driven by your business needs An Ideal Security Policy There is no one-size-fits-all security policy. To help you draft one that suits your organization, we have given a template that you can use Do’s and Don’ts for Users We have created an Acceptable Usage Policy for the Internet and e-mail usage. On its basis, you can create one for your organization After an Attack If your network has been hacked, first isolate the affected machine Internal Security Creating and deploying Group Policies in Windows networks Block Kazaa Use a Linux-based firewall to block the most popular peer-to-peer file-sharing app from doing heavy downloads from the Internet Linux Firewalls Setting up three popular Linux firewall distributions Your Own Firewall You could buy a hardware or software firewall or build one as we did using open-source software Catch the Intruder Use an IDS to analyze and respond to possible intrusions Patch Management Manage and distribute Windows patches in your network effectively with MS SUS Updates in P2P How to deploy service packs and patches in a peer-to-peer network

No matter what firewalls, patches, anti-virus and anti-spam software or even intrusion-detection systems are in place on your network, if users are not educated about security and the breach of it, your network will always be vulnerable to threats.

Network security, therefore, begins with an educated user, and the first step towards making users aware is devising a proper policy for your organization. Investment in security infrastructure comes second. In this article we will talk about the security infrastructure. On how to create an ideal security policy, read the article An Ideal Security Policy, page 26.

Once your policy is in place, it is easier to work on your security infrastructure. Here, the size of your organization determines the level of implementation that you need to do. An organization's size can be broadly divided into three: a large enterprise consisting of more than 500 nodes and having offices in multiple locations, an SME having 50 to 499 nodes, and a SOHO setup having a handful of nodes.

The four corners of security



Security breach can happen from either inside or outside your network. Outside threats can come in either through your Internet gateway or e-mail. Inside threats can be from a disgruntled employee or an imposter gaining access to a vulnerable system-the imposter could be a human being or a malicious code like a worm or Trojan that infects an unpatched system. Given the sources of threats, you need to consider four aspects when implementing network security.

w Firewalls. To protect your network from threats coming from the Internet.

w Patch management. To eliminate vulnerabilities from servers, desktops and networking hardware such as firewalls and routers.

w Anti-virus/anti-spam. To protect all systems from viruses and threats entering through

spam.

w Intrusion-detection

System (IDS): To do timely detection of suspicious activity on your network.

Each of these areas applies both to the network and individual nodes, and has also been explained in the diagram. For instance, a firewall can be implemented on a network as well as on a desktop system. Similarly, you can do a network wide roll out of patches and updates, or do it on individual nodes. An intrusion-detection system can be used to detect suspicious activity on the network or on a particular host. Finally, anti-virus and anti-spam solutions can sit on a server as well as on clients.

Implementing a firewall



Implementing a firewall is a must for a large enterprise network, whether to protect your Internet gateway or a WAN link between two offices. It would also help prevent unauthorized traffic from flowing out of your network. A good firewall would, therefore, keep track of the kind of applications that are trying to access the Internet and control their access. For instance, the latest worms tend to generate a lot of traffic on the network, which would even end up going out of your network. The recent Welchia worm, for instance, sends a sequence of ICMP and ARP requests on your network. The firewall should be able to detect this anomaly on your network and be able to do packet rate limiting.

A firewall is usually not required on every node of a large enterprise network, mainly because managing so many personal firewalls can become a nightmare. You would, therefore, need to configure your network firewall with proper rules and also enforce strict policies on the network.

A medium-sized organization would also require a firewall, but cost might become a barrier to buying a good one.

Fortunately, there are cheaper options such as the various Linux-based free firewall distributions that can be implemented on a standard PC configuration. We've given some of them on this month's CDs as well, and the details on how to set them up are given later in this story. The disadvantage here would be that you would be responsible for managing the firewall yourself. This would include keeping it patched with the latest updates, configuring the appropriate rules on it, etc. An SMB would also need to implement personal firewalls on each desktop as the network would be smaller and more manageable. Plus, you may not be able to enforce all the policies that a large enterprise would.

At the SOHO level, firewalls may not be required at the network level, even though cheaper hardware-based firewall appliances are available. This is simply because a small network may not even be able to afford a network administrator for managing the network. It, therefore, becomes very important to implement personal firewalls on each desktop. Various options are available here, starting from the free version of ZoneAlarm to Norton personal firewall, which also has an anti-spam functionality built-in. Implementing the firewall alone isn't sufficient. You would also need to provide your users with proper non-technical guidelines on how to use the firewall most effectively along with a few other general dos and don'ts. This would be easy to do on such a small network.

Rolling out patches



This is the most critical part of any network security and must be taken seriously. Most times, networks get compromised because a hacker or a malicious code manages to find one unpatched vulnerability on a system, be it a server, desktop or even your networking hardware like firewalls and routers. It's, therefore, critical to keep all your systems on your network up to date with the latest patches and the bigger your network, the tougher your job.

Whether you're a large enterprise or an SMB, you must devise a strategy to do a proper network wide roll out of patches.

While it would not be possible to be able to completely automate the process, you do need some amount of automation, which is only possible through the use of patch-management programs. These should be able to take care of patching all machines on your network, including desktops and servers. In a large enterprise network, users shouldn't be made responsible to update their systems. This is again because of the sheer headache of managing so many users.

On a smaller network, an automated solution may not be feasible, and would be easier to just tell the users to keep their machines updated. It would probably be easier to check each machine individually and update it manually.

Setting up IDS



What if despite keeping your firewall properly configured and systems updated, somebody manages to get into your network? That's where IDSs come into the picture. Every organization, big or small, must have some form of an IDS in place. An IDS need not be a huge and expensive commercial package. A simple packet-monitoring utility can also serve the purpose. For instance, the Welchia worm tends to throw a lot of ICMP traffic on the network. If you know this, then you'll be able to identify which machines are infected using a simple and free packet-capturing utility like Ethereal.

In a large enterprise, you could possibly set up an IDS in key parts of your network, say your Internet gateway, the switch on each subnet and on various servers. The degree of complexity here would vary and depend upon the size of your network.

You may or may not need protection at the desktop level.

In SMEs and below, you should have some basic tools on each desktop, such as a personal firewall, spyware and script blockers. On the network, you could use packet-monitoring software to keep track of suspicious activity. We said personal firewalls because most of them can also serve as basic IDSs at the desktop. Norton Personal Firewall, for example, can be configured to warn you the moment any remote host tries to connect to your system; or if some suspicious application that has somehow landed up in your system tries to access other hosts on the network.

Anti-virus, anti-spam



Most security threats today happen because of worms coming in through e-mail. The e-mail could be from a legitimate source like another user on your network or from spam. Therefore you need both anti-virus and anti-spam solutions in place, both on servers as well as all desktops. In case of a large enterprise or SME, you would need a solution on the server and a central-management console that would ensure that all the clients are kept updated with the latest anti-virus/anti-spam updates. A small organization consisting of a handful of computers may simply have a peer to peer network without any server. In such a case, you would need an anti-virus/anti-spam software on each desktop and have proper guidelines that users should follow.

Anil Chopra