I know I don’t often talk about network security (that’s really more id’s domain than mine anyway), but I got sent this link this morning that I thought I’d share. It’s the small business primer on network security threats. It’s a pretty good brief overview on what you want to do as a small company to make sure you are secure from the more common security threats out there. It’s a pretty good high level read. There are a few things I’d probably have added if I had written it.
Anti-Spyware: spyware is really really nasty, I don’t care what people say, it’s one of the nastiest things out there today. Not just because it can read what you are doing, but because with minor changes they can force your system to download viruses, keyloggers or whatever else they want. It’s nearly impossible to stop without a good anti-spyware program. People may confuse this with a Trojan, but a trojan is something with an implicit back door. With spyware or adware the administrators can inadvertently land you on a site that will make them a few bucks but the other server in question gives you something malicious. It’s not a Trojan by design, but it can act as one.
Network segregation: id could probably go off on this one bullet alone, but by separating your networks (wireless is separate from corporate, etc…) you hugely reduce the liability of having one machine compromised.
Local admin genie: Don’t let the local admin genie out of the bottle. If you give your users local admin rights, they will do way more with the computer than you would want them to. The second you give them higher privileges to install anything, you have opened yourself up to attack. It makes it hugely inconvenient for your users who want to install their favorite MMORPG on your work computers, but it’ll save you tons of hassles.
SSL/SSH/VPN: Encrypt your traffic, even if someone can ARP spoof a switch, they’ll be reading garbage. Don’t let them see your traffic. This is in response to their WiFi honeypot (I think they meant MITM bridge, but you get the idea).
Turn off all unneeded services: It’s a simple one, but this is one of the most important to corporate security. There’s no reason to keep FTP open, if you have SSH - you can SCP things over SSH, so shut down that exploitable outdated WuFTP service.
Email separation: Keep your work and your personal email separate, that way if they get an email from their bank at their work address they’ll be more likely to know it’s fraud. Further, don’t click on links in emails - ever! That’s what we call, bad. If you really want to cause a revolt ban all access to all freemail services, because really, what are you paying them for?
Backups: If you aren’t backing your data up, something as simple as a misplaced cup of coffee can bring your business to a halt. Network security involves good application security as well, and disaster recovery is a key component of that.
Anyway, I’m sure there are dozens of other simple things you can do, but that stuff definitely will help. Interesting read for the IT novices.