Ten steps to secure networking
Computerworld - Secure networking ensures that the network is available to perform its appointed task by protecting it from attacks originating inside and outside the organization.
Traditional thinking equates this to a handful of specific requirements, including user authentication, user device protection and point solutions. However, the move to convergence, together with greater workforce mobility, exposes networks to new vulnerabilities, as any connected user can potentially attack the network.
Application traffic must be securely delivered across the network, avoiding threats such as theft of intellectual property or private data. In addition, the underlying infrastructure must be protected against service disruption (in which the network is not available for its intended use) and service theft (in which an unauthorized user accesses network bandwidth, or an authorized user accesses unauthorized services).
While most organizations focus on securing the application traffic, few put sufficient infrastructure focus beyond point solutions such as firewalls. To protect the total network, security must be incorporated in all layers and the complete networking life cycle.
Secure networking layers
Secure networking involves securing the application traffic as it traverses the network. It should encompass these areas:
- Perimeter security protects the network applications from outside attack, through technologies such as firewall and intrusion detection.
- Communications security provides data confidentiality, integrity and nonrepudiation, typically through the use of Secure Sockets Layer or IPsec virtual private networks (VPN).
Secure networking extends this by protecting the underlying infrastructure from attack.
- Platform security ensures that each device is available to perform its intended function and doesn't become the network's single point of failure. The network security plan should include antivirus checking and host-based intrusion detection, along with endpoint compliance, to ensure that security policies check user devices for required security software.
- Access security ensures that each user has access to only those network elements and applications required to perform his job.
- Physical security protects the network from physical harm or modification, and underlies all security practices. The most obvious forms of physical security include locked doors and alarm systems.
Secure networking life cycle
Providing a secure network is not a one-time event, but rather a life cycle that must be continually reviewed, updated and communicated. There are three distinct stages to be considered:
- How can security breaches be prevented? Along with hardening of operating systems and antivirus software, prevention includes processes to regularly review the network's security posture, which is particularly important as new convergence and mobility solutions or new technologies and platforms are added to the network.
- How can security breaches be detected? Although some breaches are obvious, others are much more subtle. Detection techniques include product-level and networkwide intrusion-detection systems, system checks and logs for misconfigurations or other suspicious activity.
- What is the appropriate response to a security breach? A range of preparations must be made to respond to a successful breach, some of which may include the removal of infected devices or large-scale disaster recovery.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
- Identity Governance: The Business Imperatives
- This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts