How to Secure a Data Network

Provide physical security: Lock the server room. This is the first and most obvious way to secure a data server. This keeps both accidental and intentional intruders from causing a loss or theft of data, respectively. While keyed locks provide a level of security, badge access or biometric systems provide security to a much greater degree. Obviously, with a badge access system, you must have a badge with access to get into the room. However, badges can be lost or stolen, and the risk of misuse in such a case is high. Employees who lose their badges should report the loss immediately to security so that the badge can be disabled. Biometrics can also be fooled, but the difficulty of doing so makes this a much more secure access system. Many companies that have high security requirements are using fingerprint or retinal scanners for access.

Also lock the closets that house networking equipment such as switches and routers. It is possible for an intruder to get past a level of physical security, get access to a network cabinet, and install a wireless access point that plugs into a switch. With the access point in place, he can park outside the building and hop right onto the corporate network undetected.

Implement Internet security with a firewall and other devices. Almost everyone is aware that the Internet brings security challenges along with its powerful information access capabilities. Hackers use their tools across the Internet to find vulnerabilities in a company's security infrastructure. Once they find an opening, they begin to exploit it, typically for some valuable data, whether strategic plans, financial information or even personal information.

To prevent the hacker from gaining access it is imperative that an organization install a firewall on its Internet connection. This will prevent most hackers, who are basically criminals, from gaining entry to the network. To enhance this perimeter security, many companies install intrusion detection systems (IDS) or intrusion prevention systems (IPS). The former analyzes traffic and reports anomalies in real time, while the latter adds the ability to take some action against the intruder, such as shutting down the Internet connection, or the server under attack.

Implement and enforce a security policy. Many attacks on a company's information system come from inside the company. Whether from a disgruntled employee or someone driven by greed, much valuable information is stolen each year by insiders. This may be the most difficult person to stop, as he is already on the inside, and network access is inherent to his status as an employee. However, good security policies, along with monitoring and enforcement of those policies, can go a long way toward preventing insider theft. A well-crafted policy outlining acceptable use of computers, the network and the Internet are necessary before you can bring meaningful penalties to bear. And when the security policy is enforced, it must be swift and sure in order to send the message that you are serious about information security.

Stop the social engineers with alert employees. The social engineer plays on two characteristics of humans: the desire to help, and fear of losing a job. He may call the help desk, pretend to be the CEO giving a presentation, with an expired password. If he is intense enough, he can pressure the help desk person to reset and reveal the CEO's password. Or, he may just invoke an executive's name in order to gain access to resources that are otherwise out of reach. Security awareness training is one of the best ways to prevent successful social engineering attacks. There is no match for watchful and alert employees when it comes to stopping such people.

Train your employees. It is important that a company develop an effective security awareness training program that informs employees about hackers, insiders and social engineers. When a network operations employee understands that there are people out there that would like to steal information from her company, which could get her fired, she is more alert at the switch. When the security officer at the front door realizes that a social engineer may try to walk past him with a group of people, he will want to check everyone's badge. And when employees understand that their activities are being monitored to protect their interests by protecting the company, they will be more careful about what they do.