Network and Security
Networking is a fundemental in the modern computer age. The best known example, of course, is the Internet. However, how do you
implement security on a network as small as a 2-computer ad-hoc or as big as a University campus? This article will briefly go over the
fundementals of basic network security.
Before anything is bought, you must be able to describe what the network is and who will use it. In a personal network, who will use it is probably
a bit of a waste because you already know who is going to use it but in a commerical envionment, such as a IT production company, this is vital. I would
define a user as the following:
User: An entity which will have a specfic use of any network resource
This, of course, is not a iron-cast defintion and should be taken with a pinch of salt. However, it is sufficicent for the purposes of this article.
In the example, the following would be considered entities. These are Network Administrator, MySQL DB developers, C Programmers and Receptionists. It would
be good to point out this is not a finished example and so not every user will be listed. The four listed above, however, is sufficent for this.
Every network should have a network administrator due to the constant changes in how a network may operate. It is generally good policy to have a code of conduct
in place for the users for which they should abide by. Also, have some kind of network monitoring program in place so that if the company is sued, say under the
Computer Misuse Act, then that could be used as evidence. However, I would also recommend a whistlist of ports the specified users can use.
Instead of using one router to manage the entire network, use n + 1 routers in your network (n being the number of specified users in your network). This way, every set of users
would have their own router specified with the whitelist of ports that they can or cannot use (for example, in this situation, port 3306 would be open for the MySQL devs, but not for the Receptionists).
It would also be damage limitation since if a router went down, only that set of users would be affected and not the entire system. I also specified that there would be a + 1 to the network. This is
so becuase it would provide a single connection to the Internet and also provides a further secuirty measure.
I know this looks rushed and please feel free to comment if this doesn't look right or I missed something out but it does help illustrate how careful planning leads to
a good, secured network.
Comments
