Being a father of 3 boys, I watch a lot of cartoons. As a result, I have become a fan of Shrek over the years. He says, “Ogres are like onions. Ogres have layers, and onions have layers.” Well, security on a network is much the same way. Security is made up of layers, and sometimes even the layers have layers! I want to break down some of these layers so that you can understand how your network should be secured.
Let’s start at the outside layer — your router. This is one of those layers that has layers of its own. First off, a router is not sufficient to protect your network today. At a minimum, the device that connects you to the internet should include a feature called a stateful inspection firewall. If it does then you are on the right track. Today’s firewalls include an array of security features that previously required several devices to be installed in line with your firewall. In addition to the stateful inspection of data going through it, a firewall should include a way to write security rules like a gate keeper. These rules might for example say no information from facebook.com servers is allowed in to the network. Or only VPN connections from Jim’s home IP address are allowed to connect. If the data going through the firewall gets past the rules, it is subject to a virtual TSA style search. The data is checked for viruses using gateway antivirus software, then it is compared to a list of attach methods to see if the data is conspiring to be up to no good using a technology called intrusion detection. Then if everything checks out, you’re crazy cat video is allowed through the firewall destined for your computer.
So we move on to your computer, which is not really a layer of security but should be wrapped in at least a few layers of security, even when it is hiding behind your firewall. Like the firewall, your computer should have at a very minimum an antivirus application installed on it. In addition to antivirus, your computer should have a firewall of its own. Microsoft built a firewall into its operating system about the second or third service pack of Windows XP. This built in firewall is ok, but you can also replace it with more powerful firewalls. Many antivirus vendors include their own firewalls to replace the Microsoft firewall when you install their software. In any event, the firewall on your computer can be configured like the one that connects the network to the internet, with rules about what kind of data is allowed in and where it is allowed to come from. Finally, everyone’s favorite layer of security…the password. When you login to your computer you should be using a password– no ifs, ands, or buts about it.
Almost identical to the computer, your server should be secured under a few layers of security of its own. Antivirus and firewall are a given, as are strong passwords. Servers should also be secured even further by turning off services and uninstalling software and features that are not being used. You can also require that all communications between the server and your computers on the network are encrypted so that if somehow a rogue device found its way onto the network it could not pull information off the network as it traveled between the server and your computer.
This is a pretty basic description of the layers of security you should find on most any network today. I hope you can see how the layers of the security onion stack up and that the more layers there are the more difficult it is for an attacker to get to the heart of your network. To quote a cartoon from my child- hood, “Now you know, and knowing is half the battle.