Keeping Your Data to Yourself
By: Carl West III
November 30, 2009
If your data is not secure it’s really not your data, is it? Every IT administrator’s nightmare is to have their systems breached, data stolen, and see their company end up as the leading story on the evening news. It seems that every few months, a new data breach is discovered and reported.
One of the most basic (and easiest) prevention methods that an administrator can take is to make sure they keep software up to date. This applies to the operating system, and anti-virus applications, as well as installed applications. If you have automated systems in place to take care of these updates, remember to pay attention to your remote users to ensure they are getting the updates as well.
Another easy thing to do is protect physical access to your network and server farm. Make sure you turn off unused ports on your switches. For extra security you should also configure MAC address filtering on your access switches. Keep doors to your computer room locked to prevent unauthorized access. If you can’t lock the doors, try to place the devices in racks or cages that can be locked.
One common misconception in IT security is the vulnerability of wireless access. A few years ago, WLANs were definitely a security risk. The available methods of encryption were weak and easily broken. Presently, advanced methods of encryption are available, and they have proven to be far more secure.
One more misconception in IT security is the impenetrability of firewalls. Numerous administrators believe if they have a firewall in place, then they must be secure. While simply having a firewall in place is a big step forward in protecting your environment, there are many other parts that go along with it. You need to monitor your firewall logs, keep the firewall firmware updated, protect logical access as well as physical access, test your firewall rules extensively.
In addition to a firewall, make sure that sensitive data is encrypted. Keep clear text passwords off of the network. Use FTPS to transfer data instead of FTP, make sure to encrypt Active Directory passwords (even while logging into webmail). Also, if you have remote users, make sure they are using a VPN to securely tunnel back to the main office.
In conclusion, there are many small tasks that you should perform to keep your environment secure, but you can see that you don’t have to spend thousands of dollars to make that happen. Some of these tasks are common sense, some are tedious, but most are pretty simple. All of them when performed together will help ensure that your data continues to be your data.