Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 139
  • Last Modified:

What would make one of the securest networks out there

Listening to the Sony hacks that have been going on and hearing the SONY ceo say that 80% of companies would have been hacked with that type of attack - I'm wondering what would make for a sort of *ultimate* secure network.

Taking in considerations that the network would still interact with the internet.
0
Network Zero
Asked:
Network Zero
4 Solutions
 
Jan SpringerCommented:
The ultimate secure network is one that is unplugged from the Internet.  Seriously.
0
 
John HurstBusiness Consultant (Owner)Commented:
While I understand fully the previous post, we generally need to be connected. With that in mind, if someone absolutely wants to break into your network they probably will.

However most people do not have the required expertise. So:

1. Put a top brand, commercial firewall in front of your network and have a skilled consultant set it up and secure it.

2. Make sure all of your servers and all of your workstations are fully patched.

3. Train your people NOT to click on bogus "I can help you" and "Free stuff" links.  Most attacks (viruses, malware, cryptolock and so on) come from people inviting the stuff in by clicking on bogus links. Train your people. You are not a hapless victim.
0
 
Network ZeroCloud Engineer Author Commented:
@Jan Springer @John Hurst - to keep things interesting lets say the company is an IT security firm and all employee's are trained in basic security prevention. There's a hardware firewall in place  and everything is running the latest security patch which is automated by a system that patches servers + desktops on a regular basis.

Taking out the human element and keeping connecting to the outside world an option what can we do too fortify the network even more?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
John HurstBusiness Consultant (Owner)Commented:
So long as standard ports are blocked, firewall rules prevent intrusions, firmware is updated and servers are patched, you have done about all you can do.

Further, I keep myself and my clients behind VPN firewalls, so the only way in from outside is via secure IPsec VPN. I have had such structures in place now for nearly a decade and no on has broken into our systems.

Our clients are trained and we have very few viruses.
0
 
arnoldCommented:
The only absolute way is as Jan pointed out.
Though note prior to the existence of the Internet's availability, people were dumpster diving to get information from discarded documents. The social engineering to get access ..........
Francisco, as you and John pointed out, one can only secure it through assumptions/reliance on others to follow through.
One has to weight the complexity I.e. Firewalls/proxies/vlans that deal with both incoming and outgoing traffic.  I.e. You have a defined rule on outgoing new traffic.  Proxy servers/reverse proxy server through which requests go to internal servers or to external fields.
If you have VPNs connecting remote offices, users, have to be tightly controlled as those old be th weakest link.
Data encryption.
The question such as this always deals with the weaknesses exposed with this latest event.  

One has to navigated the exposure risk/versus the counter measures one has to employ.
I.e. There was a time where a server was directly exposed to the Internet, then it was shielded behind a firewall, then it was secured by a firewall and a reverse proxy,  etc.
0
 
Sean JacksonCommented:
A truly secure network is as easy to find as a unicorn.

And it's always a moving target.

That being said, a secure network needs to have sufficient defenses in place (good firewalls (good usually means nextgen, or adaptive -- can respond to behavior of humans), load balancers (for incoming traffic), a web proxy (to filter outgoing traffic -- watch for the malicious insider), etc), and it must have sensors that can detect an attack (it's not a question of 'if you're going to be hacked' but 'when you're hacked'), so the staff can take action. A good network will also be able to tell what was stolen/altered.

And on top of all that, you MUST have well-trained, current-skills staff on hand to mitigate and deal with vulnerabilities and attacks.
0
 
John HurstBusiness Consultant (Owner)Commented:
@Francisco C  - Thank you and I was happy to help.
0
 
Sean JacksonCommented:
@Francisco C, thanks for the points, and I am always available should you have any more questions.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now