remote-it-support

Network Security

Security is a very difficult topic. Everyone has a different idea of what "security" is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization. Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices.

It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what's been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them.

Firewalls

There are three basic types of firewalls, and everyone home, organization, and enterprise should deploy one.

Application Gateways - The first firewalls were application gateways, and are sometimes known as proxy gateways. These are made up of bastion hosts that run special software to act as a proxy server. Clients behind the firewall must be proxitized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Traditionally, these have been the most secure, because they don't allow anything to pass by default, but need to have the programs written and turned on in order to begin passing traffic. These are also typically the slowest, because more processes need to be started in order to have a request serviced.  We deploy Microsoft ISA Server for clients requiring this type of security.
Packet Filtering - Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on.  Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa.  There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins.  We deploy Sonicwall devices for clients requiring this type of security.
  Hybrid Systems - In some of these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer, where packet filters watch the connection to ensure that only packets that are part of an ongoing (already authenticated and approved) conversation are being passed.  We deploy Checkpoint devices for clients requiring this type of security.

Virtual Private Network

VPNs provide the ability for two or more offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted), and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.  Usefulness of VPN solutions depend on their ability to deliver truly secure virtual private network access over a public network like the Internet.  We deploy Sonicwall devices for clients requiring this type of security.

Remote Access

 

Your first step in providing for secure remote access is to carefully evaluate employees' need to connect remotely, and grant access on a per-user basis only to those who have a bona fide need to access the network remotely.  We deploy Microsoft and Citrix services for clients requiring this type of security.

Wireless

 
There are basically two primary security issues with wireless:  Access - making sure that only authorized people can use the wireless network.  Privacy - making sure that no one can watch your communications. Without this, anyone any the vicinity of the building can watch everything you do on a wireless network. This will let them steal your passwords and look at everything you are doing. We deploy 3COM, Cisco and Sonicwall wireless devices for clients requiring this type of security.