Most of these are what we consider common sense, yet very little of how a really savvy geek thinks is common to the average business owner or even a sophisticated computer user. We will continue to try adding over time a listing here of Computer Best Practices that should be done on every computer network especially in any business that is serious about Computer Security.
Alot of this will cover some of the basic HIPAA regulations that are out, for now check back every once in a while and we try to grow this list over time.
| < Prev | Next > |
|---|
The safest computer network in the world is one that is air gapped. This means it isn't connected to any other network or the Internet. Doesn't work well with todays computer users needs but it is the most secure. Wireless Networks are the opposite of this they are basically radio stations broadcasting internet connectivity and packets of data instead of music. 802.11 also known as WiFi is virtually impossible to 100% truly secure and should probably be banned for HIPPA compliance or any network having anything to do with Credit Card Processing taking place over it.
Until 802.11i comes out it should be too. 802.11i will add security extensions to the protocol but its not here yet.
Even if your using WEP: Wireless Equiliency Protocol, LEAP: Lightweight Encrypted Authentication Protocol, WPA: Wi-Fi Protected Access or WPA2 over an encrypted connection with HTTPS: encrypted http, SSH: encrypted remote shells, and encrypted mail procotols POP3S: encrypted pop3, IMAPS: encrypted imap and ESMTP W/SSL: extended simple mail transport protocol over secure sockets layer you are doing so it open view of everyone and in the least it can all be recorded just like a radio station broadcast and have serious processing power played out against it as they attempt to crack your keys later.
While wireless may be appropriate for home use, its use in business's should really need business justification. If it is used, it should be on its own subnet of a network and firewalled off as hostile to the rest of the internal network to further minimize exposure. Accessing business networks through applications such as pcAnywhere via a wireless home network is again risky behavior. Remember, users are usually the weakest link in computer networks.
Wifi is everywhere and its handy but care should be exercised to make sure the network communication is all encrypted with the highest level of encryption possible for your setting.
Have a Stateful Firewall installed on your network. Firewalls basically come in two flavors, stateful and non-stateful also known as port-filtered. Portfiltering only blocks traffic based on the port it comes in, this is not as secure as a stateful firewall.
A stateful firewall not only looks to see what port traffic is coming in on, it is also looking inside the packet to inspect what is coming through and why. This is much more secure. If a firewall doesnt say it does stateful packet level inspection it means its port filtered only. And routers that have firewalling generally are all port-filtering firewalls at best.
Have a Computer security professional scan your network and computers from time to time to know what ports you have opened up to the internet.
Justify why they are open, if there is no business justification for it close them down.
Applications frequently open ports you will not know about and since most windows software wont document some of this you will not know if you do not actively scanning these system. Worms can exploit this like SQL Slammer did. Most of the systems that were infected were exposed not because of SQL Server 2000 but because of applications using Microsofts Embedded database software.
Scan yourself, the hackers are and if your not they know more about your systems than you do.
Use Encryption Everywhere it makes sense, if the data that is being transmitted ishealthcare information, PMI or usernames and passwords dont use non-encrypted protocols.
the following are plain text protocol and should be avoided when sending sensitive information.
1 - HTTP. this is any web page connection handled by a web browser this happens over port 80
2 - Telnet - this is a non encrypted remote shell connection. this happens over port 23
3 - POP3 - when your mail client gets mail every 15 minutes, your yelling out your password out in the open
every 15 minutes too. this is over port 110
Instead use encrypted equivilent protocols
1 - HTTPS, same as HTTP but encrypted and rememeber the more bits the better this happens over port 443
2 - SSH, encrypted remote shell connections, this happens over port 22
3 - POP3S, same as POP3 but again its encrypted this happens over port 995
Always backup your sytem or at least set a restore point before adding any new software or doing any Windows Updates.If you have a large network or a system that everything depends on you should be trying out updates, patches and new software on a separate sytem first to make sure everyone does what its supposed to both before and after the updates.