Computer networks has resulted in the lowering of IT infrastructure costs. With such convenience however come new threats and vulnerabilities. Hackers can use rogue access points, mis-configured access points, honey pot access points, client mis-associations and other ways to gain entry into networks, to steal data and perform other actions that can spell doom for the business. Even without hackers, improper network architecture can cause corruptions, leading to the eventual collapse of the network.
Preparing a Network Security Policy
The basic step in ensuring computer network security is having computer network security policies in place. A network security policy makes explicit the architecture of the security apparatus in force to counter the threats, lays down rules for computer network access by users, and specifies the best practices in network usage that would minimize security risks.
The first step in preparing security policies is to undertake a risk analysis. The risk analysis makes a thorough evaluation of core network devices, distribution network devices, access network devices, monitoring and security devices, e-mail systems, various servers, desktop computers, and all other devices in the network, to check for vulnerabilities that could result in unauthorized intrusions, and corruptions that could cause network collapse. The security policy then covers the risks that such devices pose.
Security Policy: Network Administrators
• The components of a security policy are several. Some important responsibilities of system administrators in any common policy include:
• Detailing the deployment of security devices such as anti-virus, firewalls, network scanners, Intrusion Prevention Systems, server authentication methods, passwords, and encryption
• Detailing hierarchy of access permission, to ensure users have access to only what they require
• Specifying guidelines and rules for users, to ensure usage in a way that does not compromise network security
• Establishing protocols for wireless network access, including unsecured Wi-Fi to control rogue access point vulnerabilities
• Stipulating policy on updating drivers and security patches
The security policy should also detail the recommended actions for various contingencies, and have guidelines on taking backups and recovery from network crashes.
Security Policy: Users
A usage policy statement that outlines users’ roles and responsibilities with regard to security is an integral part of network security policy. Such a user policy includes do’s and don’ts when using the internet, such as policy on opening email attachments, safeguards to follow when downloading files from internet, clearing cache on exit, and so on.
Another inclusion in the network security policy is a security team structure, specifying the role and responsibility of each user in implementing the network security policy.
A good computer network security policy keeps malicious intruders out, exerts control over potential risky users within the organization, and ensures that the computer network performs at its optimal best.
