Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Network Security

Network security starts with physical security. Network components such as servers, hubs, and routers should be located in a secure equipment room. Part of physical security is protecting your cable plant from damage and electronic eavesdropping. Cable should be run inside walls or ceilings not laying around on the floor. It is difficult to protect workstations because there are usually many of them spread across a building. The only way to protect this equipment is to limit access to the building and post a security guard or receptionist at all open entrances.

Security Models

There are two basic security models: share-level security and user-level security. Share-level security requires a password to access a network resource. You can assign two separate passwords. One password provides full read/write access and the other provides read-only access.

User-level security permits access based on a specific users security account and the groups to which the user belongs. Some groups may have full access to a resource. Other groups may have read-only access to the same resource. A user may belong to multiple groups.

By logging security events you can create an audit trail. You can then study the logged security events to determine if your system is under attack by an unauthorized source.

Passwords

Security can be increased by using good password procedures. The first component of a password procedure is to require users to create secure passwords. Require passwords to contain a minimum number of characters. The more characters used in a password, the more secure it is. Using numbers along with letters in a password also ads to the security. The user should not have a password that is easy to guess or is a word that can be found in the dictionary. Enforce a company policy that does not permit the sharing of passwords.

Security is increased when passwords are changed frequently. Configure your system so that passwords expire periodically. The user should be warned to change the password before it expires. If the user has not changed the password before the expiration time, they are locked out of the system.

You should configure your system so that an account is locked out after a certain number of failed attempts. This discourages hackers. You should also rename your Administrator account, in Unix, your Root account, to discourage hackers.

Encryption

Encryption uses a secret algorithm called a key to encipher data so that it is unreadable. The encrypted data can then be safely sent over public communication lines without the worry of eavesdropping. At the receiving end a secret decryption key is used to decipher the data so that it is readable again.

Public-key encryption uses two keys, a private key and a public key. To send data you use a copy of the public key of the person you want to send the data to. The encrypted data can only be decrypted by use of the recipients private key.

Firewalls

A firewall is hardware and/or software that places a security barrier between your network and outside networks. Firewalls are usually used between an organization and the Internet. A packet filtering firewall examines each packet to determine if it should be permitted to pass through to the network.

A server can be configured as a proxy to create a firewall. When a workstation wants to communicate with the Internet it must make a request to the proxy server. All communication between the internal network and the Internet must pass through the proxy server.

More Network Security Articles:
• What is Network AAA (Authentication, Authorization, and Accounting)?
• NMAP (Network Mapper) Port Scanner
• Network Security Across the Enterprise
• Public Key Infrastructure
• Firewall Rules
• Network Security
• Denial of Service Attack (DoS) Detection and Mitigation
• Difference Between Rule and Role Based Access Control
• What is a Password Hash and Salt?
• Implementing a Secure Password Policy

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2018 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268