Computer network and security management

>


Most Viewed Networking Devices:

  1. Small business firewalls
  2. Computer networking hardware
  3. High speed gigabit PCI adapter
  4. USB 3.0 PCI Card for Super Speed Data Transfer Rate
  5. Small Business Computer Network with Apple Mac Mini Server
  6. NSA 240 Sonicwall Small Business Network Security
  7. Cisco WRVS4400N Wireless Security Router
  8. Cisco RV 120W Wireless-N VPN Firewall and VLAN Router
  9. Cisco RV016 Multi WAN Router For Small Business
  10. Cisco RV220W Small Business Router
  11. Cisco RV082 Dual WAN VPN Router
  12. Edimax EnduraLINK ER-1088 Multi WAN Routers
  13. TL-R4299G Dual WAN Router for Internet Café
  14. New WNDR4500 N900 Vs Tew-692GR N900 Routers
  15. Netgear WNDR4000 and WNDR3800 Dual Band Routers
  16. Linksys E2500 Advanced Dual Band Router Vs E2000
  17. Linksys E-4200 Dual Band Gigabit Router

Most viewed Security Management:

  1. Information security management
  2. Firewalls Security Guidelines
  3. Business Continuity and Disaster Recovery Planning
  4. An Example of LAN Network Risk Assessment
  5. Information security policy guidelines
  6. Network Security Best Practices
  7. IT Security Risk Assessment

Most Viewed Networking Concepts:

  1. Local area network topology
  2. LAN Cable - standard deployment
  3. Easy way to calculate subnet mask
  4. VLAN tutorial
  5. WAN technologies
  6. Route summarization
  7. Understanding firewall with DMZ

 
«  
  »

Computer Network Internet Security

One of the major concerns in connecting computer networks via the Internet is the security risks. In enterprise class networks which consist of multiple sites or business units which are spread across the geography, connecting inter-sites into a single corporate network typically established via the public network – the internet.

Internet connectivity is normally provided via a perimeter router (and a secured firewall) connecting via an Internet Service Provider (ISP). Some Internet connections may be provided via broadband solution using xDSL or cable by establishing a VPN encrypted tunnel.

Due to the high security risks associated with the Internet a number of basic security procedures must be developed and should be followed by all the corporate sites. Any site communications over the Internet must be securely encrypted (VPN), and any Internet connection must be fire-walled with a suitable security policy to protect internal corporate assets. See also guidelines in securing the firewalls.

The following lists the minimum requirements with regards to Internet Security when connecting multiple sites into a single corporate network:

  • All sites data communications over the Internet must be encrypted using VPN.
  • Any entry point of the Internet connection must be fire-walled with a secured policy
  • If using a perimeter screening router then it must have a suitable security policy to function to block non-authorized Internet originated traffic.
  • All the routers must also be secure from common Internet hacking techniques.
  • A suitable firewall must also be used to restrict inbound (from the Internet) Internet connections but allow authorized return (established) connections. See also basic guidelines in Cisco access list.

All sites or business units’ data traversing a public network such as the Internet must be encrypted. A strong encryption policy (VPN) must be used to protect network traffic from data manipulation and eves-dropping attacks. See also internet security threats.

The internal network must be protected with a firewall and if using a perimeter router (dual defenses) then it must also be configured to protect the internal network (and itself). This can be achieved by the use of a correctly configured extended access-list to block inbound (from the Internet) non-authorized traffic. Care must be taken not to block legitimate VPN traffic or valid established sessions.

The router should have SNMP disabled on the external Internet connection. It should be using strong SNMP and password security, with all TCP and UDP small-services (including http) disabled. Telnet restrictions should be enforced such that IP management is only allowed from authorized (internal) addresses.

Internet security diagram - secured tunneling

Have a look at the above diagram; the two sites are connected via public network (the internet) by establishing a secured tunneling (VPN). The firewalls are hardened by configuring firewall policy. All the perimeter routers are configured with strong extended access-list security policy.

By not adhering to this standard, the internal network is capable of being readily compromised from the Internet. This includes such security threats as information espionage, data manipulation, device tampering and message masquerading.

See also:

Share
June 1st, 2010 | Tags: | Category: Network Security

1 comment to Computer Network Internet Security

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>