Phone: 630-495-2282 Fax: 630-495-2260 Map/Directions
 

On the road to a business’s secure computer network

November 17, 2010

There are many aspects to consider when creating a business’s secure computer network. What many dealers fail to realize is that threats from within the organization are much greater than from a source outside. It therefore is important to attend to the company’s network interior as well as the perimeter.

 

Important focus areas include but are not limited to the following:  

PC Anti-Virus and Anti-Spyware agents (Norton Enterprise or McAfee Enterprise)

 

One-Time Setups

  • Select software vendor and appropriate server hardware to do enforcement
  • Identify and install agent on machines within the network which would qualify for installation (PCs, Servers, Linux boxes, Macintosh)

 

Ongoing Tasks

  • Monitor client update status. Make sure that all of the monitoring machines have the latest virus and spyware definitions
  • Perform routine "full scans" of all drives on each machine’s setup through the server and/or client settings
  • Review logs to monitor the quarantine lists, identifying who are the biggest offenders and taking corrective actions

 

"Strong" firewall appliances (PIX or SOHO at a minimum) monitoring incoming and outgoing traffic

 

One-Time Setups

  • Depending on the size of the organization and network, the type of Firewall will depend on budgets and what is deemed appropriate. A Cisco PIX 515 firewall with VPN, Voice, etc. will exceed $5,000 after consulting and setup fees are factored in. A SOHO (Small Office Home Office) appliance (under 150 users) such as a Sonicwall will cost less than $2,000 with Anti-Virus and Anti-Spyware Enforcement.

 

Ongoing Tasks

  • Monitor traffic and logs to identify potential problems, intrusions, etc.

 

Acceptable Use Policies signed by all employees

 

One-Time Setups

  • Create a policy to serve as an addendum to the Employee Handbook. Policy should be specific enough to provide examples to anyone who may have access to a computer, but general enough for loose interpretation. Policy should be signed by employees.

 

Ongoing Tasks

  • Review and document with employees yearly or in annual reviews

Web and Email Content Filtering Engines (i.e. Surf Control or Websense)

 

One-Time Setups

  • Appliances and software such as Surf Control (www.surfcontrol.com) or Websense (www.websense.com) would sit on the network and monitor all e-mail (content, recipients, attachments) and Web traffic
  • Applicable Black Lists and White Lists to support the company’s usage policies for Internet and Email usage

 

Ongoing Tasks

  • Monitor logs and individual use as it relates to productivity
  • Ensure a non-hostile work environment by prohibiting different forms of content (i.e. receiving, forwarding, and printing of off-color jokes from e-mail, inappropriate Web content that could offend other employees)

 

Safeguarding Non-Public Information (GLB Compliance) and being able to document such actions (regular Network Vulnerability Assessments and Intrusion Detection monitoring with reporting)

 

One-Time Setups

  • Appliances similar to those above which would report on traffic, incoming and outgoing of any kind of data. Ensuring that NPI (Non Public Information) is being protected
  • Hire a third party to perform a Network Vulnerability Audit and report on findings so that corrective steps can be taken

Ongoing Tasks

  • Document and correct those actions regularly monitored (at least quarterly) and filed with all compliance and safeguard information
 

Back