Solved

What would make one of the securest networks out there

Posted on 2014-12-20
8
129 Views
Last Modified: 2014-12-23
Listening to the Sony hacks that have been going on and hearing the SONY ceo say that 80% of companies would have been hacked with that type of attack - I'm wondering what would make for a sort of *ultimate* secure network.

Taking in considerations that the network would still interact with the internet.
0
Comment
Question by:Network Zero
8 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 125 total points
ID: 40511173
The ultimate secure network is one that is unplugged from the Internet.  Seriously.
0
 
LVL 93

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40511176
While I understand fully the previous post, we generally need to be connected. With that in mind, if someone absolutely wants to break into your network they probably will.

However most people do not have the required expertise. So:

1. Put a top brand, commercial firewall in front of your network and have a skilled consultant set it up and secure it.

2. Make sure all of your servers and all of your workstations are fully patched.

3. Train your people NOT to click on bogus "I can help you" and "Free stuff" links.  Most attacks (viruses, malware, cryptolock and so on) come from people inviting the stuff in by clicking on bogus links. Train your people. You are not a hapless victim.
0
 
LVL 7

Author Comment

by:Network Zero
ID: 40511183
@Jan Springer @John Hurst - to keep things interesting lets say the company is an IT security firm and all employee's are trained in basic security prevention. There's a hardware firewall in place  and everything is running the latest security patch which is automated by a system that patches servers + desktops on a regular basis.

Taking out the human element and keeping connecting to the outside world an option what can we do too fortify the network even more?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 93

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 40511198
So long as standard ports are blocked, firewall rules prevent intrusions, firmware is updated and servers are patched, you have done about all you can do.

Further, I keep myself and my clients behind VPN firewalls, so the only way in from outside is via secure IPsec VPN. I have had such structures in place now for nearly a decade and no on has broken into our systems.

Our clients are trained and we have very few viruses.
0
 
LVL 77

Expert Comment

by:arnold
ID: 40511220
The only absolute way is as Jan pointed out.
Though note prior to the existence of the Internet's availability, people were dumpster diving to get information from discarded documents. The social engineering to get access ..........
Francisco, as you and John pointed out, one can only secure it through assumptions/reliance on others to follow through.
One has to weight the complexity I.e. Firewalls/proxies/vlans that deal with both incoming and outgoing traffic.  I.e. You have a defined rule on outgoing new traffic.  Proxy servers/reverse proxy server through which requests go to internal servers or to external fields.
If you have VPNs connecting remote offices, users, have to be tightly controlled as those old be th weakest link.
Data encryption.
The question such as this always deals with the weaknesses exposed with this latest event.  

One has to navigated the exposure risk/versus the counter measures one has to employ.
I.e. There was a time where a server was directly exposed to the Internet, then it was shielded behind a firewall, then it was secured by a firewall and a reverse proxy,  etc.
0
 
LVL 5

Accepted Solution

by:
Sean Jackson earned 125 total points
ID: 40512400
A truly secure network is as easy to find as a unicorn.

And it's always a moving target.

That being said, a secure network needs to have sufficient defenses in place (good firewalls (good usually means nextgen, or adaptive -- can respond to behavior of humans), load balancers (for incoming traffic), a web proxy (to filter outgoing traffic -- watch for the malicious insider), etc), and it must have sensors that can detect an attack (it's not a question of 'if you're going to be hacked' but 'when you're hacked'), so the staff can take action. A good network will also be able to tell what was stolen/altered.

And on top of all that, you MUST have well-trained, current-skills staff on hand to mitigate and deal with vulnerabilities and attacks.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40514285
@Francisco C  - Thank you and I was happy to help.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40514937
@Francisco C, thanks for the points, and I am always available should you have any more questions.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question