How to Enhance Computer Network Security
What Administrators can do to Minimize Risks and Protect Servers
There are a number of measures a Network Administrator can take to enhance network security within the company.
Proxy Server Security
A proxy server connects to the Internet on behalf of the users and serves the web pages to them as they request. A proxy server will also keep pages in cache and serves these pages to other users without connecting to the Internet to save on bandwidth.
Another advantage of implementing a Proxy server is that the Administrator has more control over who accesses the Internet and when. The Administrator can also block objectionable web sites if he wishes. Users often pick up computer viruses by visiting non-work related websites, networking security will limit this risk.
The Network Administrator should also take care to close the ports that are used for Internet browsing (in particular port 80) on the firewall, except for use by the Proxy server itself. For example, if port 80 were left open for all traffic through the firewall, a user might be able to circumvent the proxy server without anyone knowing about it. On the other hand, closing port 80 forces users to use the proxy server.
Typically a proxy server will give the Network Administrator reports which will allow him to see dangerous trends developing amongst Internet users, whether it be the time spent on the Internet or the type of sites visited.
Protect Servers From Internal Hackers
Since most hacking comes from within the company where security is laxer, it is imperative that a Network Administrator take steps to limit this risk. Here are a few things a Network Administrator can do to enhance computer network security within the company.
- Physically secure the company servers behind locked doors. Limit the access to these servers to a few authorized personnel.
- View server log files for evidence of suspicious activity like multiple login failures. This could be a sign that someone is trying to hack in. Often it is not “what you see” but “what you don’t see”, so check log files to see if there are chunks missing. Hackers will attempt to cover their tracks by deleting out evidence in log files. Missing entries could indicate the presence of a hacker.
- Install hacker detection software. The package “Tripwire” is a well-known utility that will alert the Network Administrator is someone tries to hack into the server.
- Keep all Servers up to date with the latest security updates.
- Change the administrator “username” on Microsoft Servers so that a hacker will have to guess the “username” and the “password”. Keep a user called “administrator” but give that user no rights to the server.
- Unfortunately, on Linux servers, the “root” username can’t be changed. The user “root” is the Linux equivalent of “administrator”. In view of this, disable remote login for the “root” user. Rather log in remotely like a normal user, then switch to the root user once connected. Never leave a remote session open when unattended.
- Ban the use of so-called ethical hacking tools within the organization. If anyone is caught using these tools without permission, their motive can then be questioned. The Linux tool “map” is an example of this. Nmap is a port scanner, allowing the user to see which ports are open on a server and thus highlighting possible vulnerabilities.
- Always log off once finished with an administrative session. Use a superuser account where possible to perform administrative tasks.
- Linux server administrators should check the “/etc/passwd” file on a regular basis for any user other than root that has a user ID or group ID of “0”. Some administrators give other users root’s user ID of “0” as a way of giving ordinary users root privileges. Be aware that this practice is not advised. There are other, more secure ways of giving users access to perform certain administrative tasks.
- As an extreme precaution take away CDROMS, floppy drives, keyboards, mouses and monitors from servers that don’t require physical access.
Many companies overlook the security risks coming from within their organization since the perception is that the greater risk comes from outside. The biggest risk, however, comes from disgruntled or unethical staff members seeking to do damage to the company or steal data for the opposition. The Network Administrator should analyze these potential risks on a regular basis.