Network Security
Network security
Since the file server is the heart of the network, its failure can severely affect network users, so it is usually treated like royalty. Servers are usually kept firmly under lock and key in air conditioned rooms with an uninterruptible power supply (UPS) to protect against power problems such as blackouts, brownouts and voltage spikes.
Passwords, logins
Networks usually contain large amounts of sensitive or secret information used by many people. It would be foolish to allow any user to have unrestricted access to all data.
User authentication is used by the NOS to identify users and only allow them access to data and network resources they are authorised to use. The most common form of user authentication is the use of login names and passwords.
The problem with passwords
If a user knows the password to a login name, it does not prove the identity of the person - it only proves the person knows the password.
Passwords can be weak network protection. Users often choose ridiculously predictable passwords (their name, the word "password", their football team); they write passwords down and stick them on their monitor; they never change their passwords.
Network administrators need to educate network users to choose unpredictable passwords (e.g. words not in a dictionary, a combination of letters and numbers, the use of uppercase and lowercase), and networks can be set to force users to change passwords at regular intervals. All users should sign an Acceptable Use Policy that makes their network rights and responsibilities very clear.
It is important that users only be given access to data and resources they need to do their job: assigning network rights in a sloppy manner is an invitation to accidental or deliberate disaster.
A more reliable form of user authentication, which actually establishes the identity of a user, is the use of biometric identification which can be trained to recognise unique physical characteristics of users, such as fingerprints, iris or retinal patterns. Biometric identification is commonly used in high-security environments. While passwords can be forgotten or stolen, it is harder to forget or lose a finger. There are now computer mice with built-in fingerprint scanners: no network login is necessary because as soon as users touch a mouse, the mouse's scanner authenticates them to the network.
Physical security
It is important that valuable computers on a network be protected against theft or unauthorised use, but it is vital that servers be protected.
Servers should be kept in a locked room using a restricted key. If the room has windows, they should be barred. The room should have a reliable alarm system and accessible firefighting equipment. Floppy disk drives should be protected with disk drive locks to prevent the use of hacking software. The room should be air conditioned to protect equipment from excessive heat and humidity. Motion-based video surveillance, while expensive, is a good security investment.
Backups
It is vital that servers have their contents backed up regularly, usually daily. It can cost thousands of dollars and many hours of downtime to recover or retype a single megabyte of lost data.
Full backups are where every byte on a server is copied to tape.
Incremental or partial backups only copy data that has been changed or added since the last backup. These are much smaller than full backups.
A backup scheme should be created, documented and followed. It sets down how the backups are done, when they are done and who does them. A common backup scheme is the Grandfather-Father-Son scheme where several tapes are in cyclical use; some for daily backups, some for weekly backups, some monthly, some annually. This allows for any data to be recovered from any distant time, and as tapes grow older they are used less frequently.
While data protection and backups will keep organisations safe most of the time, organisations should develop a data disaster recovery plan so they know what to do to recover from catastrophic data loss, should it ever happen.
Protecting against deliberate attack
Encryption
Some details on encryption Firewalls
A firewall is a software or hardware device to protect your computer against hackers. It watches the thousands of communication ports your Internet connection has, and alerts you if unauthorised traffic is detected. Good firewalls watch not only for dangerous incoming messages, but also watch for unauthorised outgoing messages, such as those from Trojan Horses that have found their way onto your system.
"Trojans" are hacking programs installed by stealth onto your computer: they allow remote access to hackers who can access anything on your computer or control your computer remotely. Distributed denial-of-service (DDOS) attacks on Internet sites often use infected "slave" computers to carry out the DDOS bombardment on the target sites and bring their servers to a halt. The users of the enslaved computers would not even know their computer was being hijacked - until ASIO secret service agents came knocking at their door - unless they had a firewall that would detect and block the unauthorised Internet activity.
Firewalls also prevent hackers "port scanning" your computer to see if they could get in and plant or activate a Trojan. Firewalls would also prevent viruses sending your passwords or documents to a remote hacker.
Cartoon by Stephan Pastis (http://www.unitedmedia.com/comics/pearls/archive)
Antivirus software
Computer viruses pose significant threats to the security and efficient running of both stand-alone computers and networks. They can disclose user passwords, steal information, destroy data, install "back doors" to let hackers in, clog print queues, disrupt Internet traffic, overload email servers - and new threats appear daily.
It is crucial that both network servers and workstations are always running reputable virus scanners using up-to-date virus definitions. Using old virus definitions is worse than using no virus scanning at all, since computers are vulnerable while their users work under the misapprehension that they are safely protected.