Solved

What would make one of the securest networks out there

Posted on 2014-12-20
8
123 Views
Last Modified: 2014-12-23
Listening to the Sony hacks that have been going on and hearing the SONY ceo say that 80% of companies would have been hacked with that type of attack - I'm wondering what would make for a sort of *ultimate* secure network.

Taking in considerations that the network would still interact with the internet.
0
Comment
Question by:Network Zero
8 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 125 total points
Comment Utility
The ultimate secure network is one that is unplugged from the Internet.  Seriously.
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
Comment Utility
While I understand fully the previous post, we generally need to be connected. With that in mind, if someone absolutely wants to break into your network they probably will.

However most people do not have the required expertise. So:

1. Put a top brand, commercial firewall in front of your network and have a skilled consultant set it up and secure it.

2. Make sure all of your servers and all of your workstations are fully patched.

3. Train your people NOT to click on bogus "I can help you" and "Free stuff" links.  Most attacks (viruses, malware, cryptolock and so on) come from people inviting the stuff in by clicking on bogus links. Train your people. You are not a hapless victim.
0
 
LVL 7

Author Comment

by:Network Zero
Comment Utility
@Jan Springer @John Hurst - to keep things interesting lets say the company is an IT security firm and all employee's are trained in basic security prevention. There's a hardware firewall in place  and everything is running the latest security patch which is automated by a system that patches servers + desktops on a regular basis.

Taking out the human element and keeping connecting to the outside world an option what can we do too fortify the network even more?
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
Comment Utility
So long as standard ports are blocked, firewall rules prevent intrusions, firmware is updated and servers are patched, you have done about all you can do.

Further, I keep myself and my clients behind VPN firewalls, so the only way in from outside is via secure IPsec VPN. I have had such structures in place now for nearly a decade and no on has broken into our systems.

Our clients are trained and we have very few viruses.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
The only absolute way is as Jan pointed out.
Though note prior to the existence of the Internet's availability, people were dumpster diving to get information from discarded documents. The social engineering to get access ..........
Francisco, as you and John pointed out, one can only secure it through assumptions/reliance on others to follow through.
One has to weight the complexity I.e. Firewalls/proxies/vlans that deal with both incoming and outgoing traffic.  I.e. You have a defined rule on outgoing new traffic.  Proxy servers/reverse proxy server through which requests go to internal servers or to external fields.
If you have VPNs connecting remote offices, users, have to be tightly controlled as those old be th weakest link.
Data encryption.
The question such as this always deals with the weaknesses exposed with this latest event.  

One has to navigated the exposure risk/versus the counter measures one has to employ.
I.e. There was a time where a server was directly exposed to the Internet, then it was shielded behind a firewall, then it was secured by a firewall and a reverse proxy,  etc.
0
 
LVL 5

Accepted Solution

by:
Sean Jackson earned 125 total points
Comment Utility
A truly secure network is as easy to find as a unicorn.

And it's always a moving target.

That being said, a secure network needs to have sufficient defenses in place (good firewalls (good usually means nextgen, or adaptive -- can respond to behavior of humans), load balancers (for incoming traffic), a web proxy (to filter outgoing traffic -- watch for the malicious insider), etc), and it must have sensors that can detect an attack (it's not a question of 'if you're going to be hacked' but 'when you're hacked'), so the staff can take action. A good network will also be able to tell what was stolen/altered.

And on top of all that, you MUST have well-trained, current-skills staff on hand to mitigate and deal with vulnerabilities and attacks.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@Francisco C  - Thank you and I was happy to help.
0
 
LVL 5

Expert Comment

by:Sean Jackson
Comment Utility
@Francisco C, thanks for the points, and I am always available should you have any more questions.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now