Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Network Security Layering
Most companies are prepared for threats to their networks from the outside world. However, security breaches from within the corporation often pose the biggest concern. In this post-Enron world of increased corporate governance, IT managers must deal with both technical and human challenges to meet their companies’ security requirements. New legislative mandates, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Graham-Leach-Bliley Act, also exist.
When considering securing a network, it’s essential to take a holistic approach, from the physical layer to the application layer. Thorough security policies, appropriate authentication mechanisms, and effective user education must complement the technologies implemented within the network.
The security-layering concept allows for variable-depth security. Variable-depth security occurs when each security level builds upon the capabilities of the layer below, resulting in more stringent security moving up through the layers. This can help protect organizations from security breaches that may come from within, as layering provides multiple measures of security controls.
The first security layer: VLANs
At the first layer, essential network compartmentalization and segmentation can be provided by virtual LANs. This allows various business functions to be contained and segmented into private LANs. Traffic from other VLAN segments is strictly controlled or prohibited. Several benefits may be derived from deploying VLANs for small to midsize businesses across the company’s multiple sites. These include the use of VLAN “tags.” VLAN tags allow traffic segregation into specific groups, such as finance, human resources, and engineering. It also prevents the separation of data without “leakage” between VLANs as a required element for security.
The second layer: Firewalls
The second layer of security can be achieved with perimeter defense and distributed firewall-filtering capabilities at strategic points within the network. The firewall layer allows the network to be further segmented into smaller areas, monitors it, and protects against harmful traffic from the public network. In addition, an authentication capability for incoming or outgoing users can be provided. The use of firewalls provides an extra layer of protection that’s useful for access control. The application of policy-based access allows the customization of access based on business needs. Using a distributed firewall approach affords the added benefit of scalability as enterprise needs evolve.
The third security layer: VPNs
Virtual private networks, which offer a finer detail of user access control and personalization, can be added as a third layer of security. VPNs offer fine-grain security down to the personal user level and enable secure access for remote sites and business partners. With VPNs, dedicated pipes aren’t required since the use of dynamic routing over secure tunnels over the Internet provides a highly secure, reliable, and scalable solution. VPNs with VLANs and firewalls allow the network administrator to limit access by a user or user group based on policy criteria and business needs. VPNs give more robust assurance of data integrity and confidentiality, and strong data encryption can be enacted at this layer to provide more security.
The fourth layer: Solid security practices
Best practices by the IT security team are yet another level in a layered network security strategy. This can be achieved by ensuring that operating systems are protected against known threats. (This can be accomplished by consulting with the operating system manufacturer to get the latest systems-hardening patches and procedures.) In addition, steps must be followed to ensure all installed software is virus-free.
Securing network management traffic is essential to ensuring the network. To protect HTTP traffic, it’s preferable to encrypt all management traffic at all times using the IPsec or Secure Sockets Layer protocol. Encryption is a must even if traffic travels on the local-area network.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Vulnerabilities
Network edge devices: border routers with their admin interfaces open, so people can manage them from home, but so can anyone else
Networked printers/copiers: have IP addresses without VLANs, making them a convenient and undefended jumping-off point to the whole network.
Web servers and Web applications: With Web servers sitting off the firewall in a demilitarized zone (DMZ), they can often be the ideal gateways to internal company processes. Web servers without patches and passwords are common. Three-quarters of hacker attacks are on Web servers since that’s what’s out there. This is particularly dangerous with the proliferation of Web applications. Attacks have typically moved up into the application layer, and that’s one of the hardest things to protect against because there are no one-size-fits-all solutions. The danger, of course, is that Web applications typically connect attackers into your databases, and that can be a huge problem.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Vendor Speak
According to CIO Magazine article (CIOInsight, May, 2005, p. 20) by David Weindenfled, counsel for McDonald’s.
|
They say |
They mean |
|
“usual and customary” |
“Whatever the vendor has been getting away with” |
|
“commercially reasonable” |
“Whatever the vendor considers reasonable” |
|
“for internal business use only” |
“software may not necessarily be used by your business partners or companies that you merge with or acquire” |
|
“the current or then in effect” |
“vendor can change the fees and service levels whenever it wants” |
|
“will perform in accordance with the published specifications” |
“product performs according to the vendor’s technical specifications, but not your company’s business needs” |
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
802.16 vs. 802.11
The Institute of Electrical and Electronics Engineers (IEEE) 802.16 protocol is currently the dominant protocol suite for broadband wireless networking equipment used in public deployments. 802.16 is IP, not Ethernet, allowing longer distances than the more widely known 802.11 wireless LAN.
802.16 has a range of up to several kilometers. 802.16 allows for the strict reservation of bandwidth and QoS. 802.16 uses polling and not the contention access method found in 802.11. 802.16 allows for automatic adaption of radio operating parameters to meet changing traffic loads and interference levels.
The 802.16 protocol suite includes several millimeter microwave frequency secondary standards.
- 10GHz to 66GHz – 802.16
- 2GHz to 11GHz – 802.16a
A mobility standard is in the works – 802.16e
8
02.16 equipment is certified for interoperability by WiMax (Worldwide Interoperability for Microwave Access). So far only a handful of pre-standard products are available and WiMax has not certified any 802.16 products.
Related articles
- Network Development (siskomb.wordpress.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
eWaste Update
220 million tons of eWaste, old computers are discarded in the U.S. each year (US EPA).
- 3 years is the average computer lifespan (National Safety Council).
- 632,000 pounds of mercury is expected to be generated by e-waste by 2007 (Basal Action Network/Silicon Valley Toxic Coalition).
- 500 million computers that will be obsolete by 2007 (Basal Action Network/Silicon Valley Toxic Coalition).
(The Numbers, CIOInsight, April 2005)