Log in

ISM Article

Firewalls and Phishing - Will Your Network Security Stand Up?

11 Aug, 2008 By: Carla Nasse imageSource

Firewalls and Phishing - Will Your Network Security Stand Up?

Life was easier  when  Spam  was something that you hoped wasn’t served for
supper.  Phishing was something done with your friends  on  weekends.  Spyware
was what  Agent  007 wore in a James Bond movie. Trojans, well, it  wasn’t  a
type  of  malicious software.  Network Security – Identity Theft – Corporate
Data Loss – Does this keep you awake at night? You hear about hacking & data
theft all the time. 

Hannaford, a large grocery corp. had their computers hacked and sensitive
customer data was stolen.  Bank of New York Mellon Corp. had 4.5  million
customer files lost. Those files contained customers’ social security numbers &
credit card numbers. So  far, none of the lost information has resulted in fraud
but the damage to their reputation is immeasurable. What would happen to your
business if your customer-base files were lost or stolen?

There are no perfect, flawless  security measures that can be taken.  The
only computer that is totally secure is a computer that  has  never   been used,
never    plugged in and is still in the box.  It’s not very useful but it’s
secure.  As soon as it’s  out of the box it’s  vulnerable.  Picture the little
boy with his finger in a hole in the dike.  He plugs up the little hole and
another one will pop up.  Computers get hacked and passwords get cracked. 
That’s the bad news.  The good news is that there are measures that can help
mitigate the risk.  Like everything else, hope for the best & prepare for the
worst. A company  IT security  policy is a good place to start. 

Employee awareness is paramount. Today  80%of the security problems on a
corporate network are caused by non-IT employees inadvertently introducing a
virus, worm or Trojan to the  network.  They don’t mean any harm, they just
don’t know any better.  A security policy will help relay what’s expected of
each employee when it comes to going outside the company’s network. The policy
needs to be specific to your company. Start with one that you can download, but
customize it to your needs & expectations.  Help your employees understand what
can happen if they open that email when they’re not  sure of the sender.  Have
it become part of the paperwork that every new hire has to sign. EC-Council
(International Council of Electronic Commerce Consultants- a vendor neutral
Internet security association) has a certification specifically for the non-IT
person that validates they understand how to work safely when going outside a
company’s network. This Security 5 is becoming a mainstay now for new hire

The Great Wall

Firewalls and anti-virus software are components that work together to
provide the security for the network.  Think of them as a modern day Great Wall
of China.  The Great Wall was built, rebuilt and changed over hundreds  of years
to keep all their enemies out.  The Great Wall was actually a number of walls
built with a variety of materials over a long period of time.  Firewalls and
anti-virus software have the same characteristics.  They must be built, rebuilt
and changed as the threats to the network change.  Firewalls are the guards at
the gates.  They check each packet of information as it tries to enter the
network.  There are several kinds of firewalls: hardware and/or software. 
Anti-virus software is a moving target.  The software used yesterday may not
protect the network today.  Hackers are a sub-culture of programmers that some
have even credited with creating the World Wide Web.  It can be a challenge or a
way to make a living for the hackers that break into a system and steal
information.  There is a lot of money to be made (illegally) from stealing
credit card information and sensitive company information, and it’s not just the
big companies that get hit.  An ongoing subscription for anti-virus software is
necessary to keep up with malware, phishing, worms and Trojans.   Intrusion
software is another level of defense.  With names like Snort, Sguil and BASE,
intrusion software provides traffic analysis and packet logging on IP networks. 

Website hijacking has hit many small companies as well as large.  Sites for
Amazon.com, ebay, Oracle and Sun Microsystems are just a few that have been
hijacked.  Try Googling “hijacked websites.”  There are vast amounts of pages on
this topic. Keep a vigilant eye on your website.  Check it often.  There are
some simple steps that can be taken to combat this.  The trick is to know it’s
happening.  Checking your site on a regular basis is a good practice.  Software
is available to test your pages.  Being aware that it can happen is the biggest

Private Network

Using a VPN (Virtual Private Network) is a solution for transmitting data
securely between company offices.  Branch offices are established to bring
service closer to the customers.  Telecommuting is on the rise.  Everyone wants
his or her information now!  A VPN is the fastest and safest way to get that
information transmitted over the Internet and not be vulnerable.  It used to be
that a VPN meant leasing lines, which created a WAN (Wide Area Network) and
Intranets.  A remote access VPN relies on a third-party service provider that
supplies the service that allows secure, encrypted connections between a
company's private network and remote users, through their systems.  Another type
is a site-to-site VPN.  This requires dedicated equipment and large-scale
encryption.  There are Intranet and Extranet based styles.  Intranet VPNs are
LANs (Local Area Networks) of the same company that are joined.  Extranet VPNs
are joining the LANs of cooperating companies, like vendors or suppliers and
their customers. 

There is so much to cover when it comes to securing a network.  There are two
ways to look at this.  Secure your own network is the first.  Secondly, think
about your customer base. 

What percentage doesn’t have an IT department to look out after their
system?  Could this possibly be an additional revenue source? 

We’ll continue next time with how to create a good, strong password.  It
sounds easy enough.  Yet, if that were true, Spyware could actually become what
007 wears in a Bond movie.  Until next time, stay secure.

Carla Nasse is Director of Corporate Sales for Specialized Solutions, an IT
training company, and a member of CompTIA who helped develop the PDI+
certification for the document technology channel. At 800.942.1660 or


WebinarCase Studies and White PapersSand Exchange Blog

imageSource Magazine Quick Links
Upcoming Events
ITEX Expo & Conference
©2015 Questex, LLC. All rights reserved
Reproduction in whole or part is prohibited
Please send any technical comments or questions to our webmaster