Security for a 10-computer network

I have a network with 10 computers with 2 NAS drives.  All connected to a Linksys router that is connected to the internet.  All computers have Norton Internet Security 2009 runnning.  What else can I do to make the network more secure and protect the data (Wireless on router is turned off)?  I have sensitive data on the NAS drives and it would be detrimental if the data is compromised.  

Would having a Windows 2003/2008 Server make the network more secured (i.e. connect the server to the router then to the rest of the network)?
Lee_NAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KevinCovertCommented:
If the data is extremely important, I would disable all unused ports on the LAN.  I would also make sure I was very strict with the permissions on the NAS drives.  If you have any services that are being hosted internally I would put those services in a DMZ.  I would also encrypt your offsite backups (assuming you have offsite backups).  I would also look into a centrally managed AV/antispyware solution like symantec endpoint.  Adding a 2003/2008 server would bring in resources that could improve the security of the environment, but by default it would make it either worse or no better.  So if you plan on bringing a server into the environment, make sure you harden it BEFORE putting it into production.

Hope that helps.

KMC
0
ChristophermageeCommented:
A hardware firewall would do wonders for security and lock off all used ports. Sonicwall has some good solutions for this.  www.sonicwall.com      A server would increase your security but it would have to have it setup as a domain, otherwise there would be little to no benefit.  Then you would be able to set better permissions on your NTFS drive. You could also use IPSEC on your network to increase security however it does take a small toll on speed.

Another good centrally managed AV is nod32 business edition I use it for 30 machines where I work and i love it.    

Also look at the user abiliies and habits, if something is going to get out usually it is from the user doing something silly (like leaving a USB drive  with sensitive information somewhere)
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sorry if the points I'm trying to make are not quite bullet points and are more like empassioned pleas for understanding about certain things...

What exactly are you concerned about?  What is LIKELY to happen?

Are you a military contractor?  A government agency?  Developing the "next big thing"?  Is your data worth millions (to someone outside your business)?  

If so, then you are probably being targeted for attack by specific individuals.  THEN you better have a seriously good firewall... inbound and outbound... and you better have a good password policy (of course, without a domain, your management of such a password policy will be SERIOUSLY Time consuming - if you want to KNOW that it's enforced.  And you should have Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) hardware appliances protecting your network.

On the other hand, if the data is valuable to YOU and potentially your employees (because, for example, an employee could take the data and start their own business and steal your clients/infringe on your business), then worrying about hackers (while important) is not THAT important.  Of course, you should be protecting your network, but automated attacks RARELY if EVER succeed against a reasonably protected and patched network.  More likely, you'll have users infecting their systems with malware from drive by downloads (so I would get rid of Norton - one of the most INEFFECTIVE products I've seen in the space) and replace it with something that works - McAfee is a resource hog, but it works (Your a business right?  Buy the ENTERPRISE version, not the HOME version - home is for home, not business).  Other products are probably fine - Norton/Symantec is among the worst in my opinion AND experience.

Stop and think for a minute... WHO is going to attack you and why?  WHO is going to steal your data and WHY?  

If your data is important, then SECURITY means PHYSICAL security and protecting it from your employees as well as hackers.  Understand, protecting it from the employees doesn't mean that they can't use the data, it means that they cannot COPY the data and/or remove it from your network (easily).  I have an attorney client that does commercial real estate - they are small - two partners, 2-4 employees and interns at any given time.  To protect themselves, they have a server and we implemented DriveLock (by CenterTools) that prevents users from using USB devices and CD/DVD burners to copy data off the network.  They can do all the work they need to AT the office... and they can connect REMOTELY through the server and work from home - but they CANNOT remove data from the network, so they cannot (easily) steal the data to start their own business.

Oh, and is your NAS devices stored in a secured location?  Because what's stopping someone from breaking into the office and simply walking off with the NAS devices?

There's a saying and it's very true - you have NO SECURITY if you don't have PHYSICAL security.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.