Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What would make one of the securest networks out there

Posted on 2014-12-20
8
Medium Priority
?
137 Views
Last Modified: 2014-12-23
Listening to the Sony hacks that have been going on and hearing the SONY ceo say that 80% of companies would have been hacked with that type of attack - I'm wondering what would make for a sort of *ultimate* secure network.

Taking in considerations that the network would still interact with the internet.
0
Comment
Question by:Network Zero
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 375 total points
ID: 40511173
The ultimate secure network is one that is unplugged from the Internet.  Seriously.
0
 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 750 total points
ID: 40511176
While I understand fully the previous post, we generally need to be connected. With that in mind, if someone absolutely wants to break into your network they probably will.

However most people do not have the required expertise. So:

1. Put a top brand, commercial firewall in front of your network and have a skilled consultant set it up and secure it.

2. Make sure all of your servers and all of your workstations are fully patched.

3. Train your people NOT to click on bogus "I can help you" and "Free stuff" links.  Most attacks (viruses, malware, cryptolock and so on) come from people inviting the stuff in by clicking on bogus links. Train your people. You are not a hapless victim.
0
 
LVL 7

Author Comment

by:Network Zero
ID: 40511183
@Jan Springer @John Hurst - to keep things interesting lets say the company is an IT security firm and all employee's are trained in basic security prevention. There's a hardware firewall in place  and everything is running the latest security patch which is automated by a system that patches servers + desktops on a regular basis.

Taking out the human element and keeping connecting to the outside world an option what can we do too fortify the network even more?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 750 total points
ID: 40511198
So long as standard ports are blocked, firewall rules prevent intrusions, firmware is updated and servers are patched, you have done about all you can do.

Further, I keep myself and my clients behind VPN firewalls, so the only way in from outside is via secure IPsec VPN. I have had such structures in place now for nearly a decade and no on has broken into our systems.

Our clients are trained and we have very few viruses.
0
 
LVL 79

Expert Comment

by:arnold
ID: 40511220
The only absolute way is as Jan pointed out.
Though note prior to the existence of the Internet's availability, people were dumpster diving to get information from discarded documents. The social engineering to get access ..........
Francisco, as you and John pointed out, one can only secure it through assumptions/reliance on others to follow through.
One has to weight the complexity I.e. Firewalls/proxies/vlans that deal with both incoming and outgoing traffic.  I.e. You have a defined rule on outgoing new traffic.  Proxy servers/reverse proxy server through which requests go to internal servers or to external fields.
If you have VPNs connecting remote offices, users, have to be tightly controlled as those old be th weakest link.
Data encryption.
The question such as this always deals with the weaknesses exposed with this latest event.  

One has to navigated the exposure risk/versus the counter measures one has to employ.
I.e. There was a time where a server was directly exposed to the Internet, then it was shielded behind a firewall, then it was secured by a firewall and a reverse proxy,  etc.
0
 
LVL 5

Accepted Solution

by:
Sean Jackson earned 375 total points
ID: 40512400
A truly secure network is as easy to find as a unicorn.

And it's always a moving target.

That being said, a secure network needs to have sufficient defenses in place (good firewalls (good usually means nextgen, or adaptive -- can respond to behavior of humans), load balancers (for incoming traffic), a web proxy (to filter outgoing traffic -- watch for the malicious insider), etc), and it must have sensors that can detect an attack (it's not a question of 'if you're going to be hacked' but 'when you're hacked'), so the staff can take action. A good network will also be able to tell what was stolen/altered.

And on top of all that, you MUST have well-trained, current-skills staff on hand to mitigate and deal with vulnerabilities and attacks.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40514285
@Francisco C  - Thank you and I was happy to help.
0
 
LVL 5

Expert Comment

by:Sean Jackson
ID: 40514937
@Francisco C, thanks for the points, and I am always available should you have any more questions.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question