Protecting Distributed Networks

Many corporate intranets are deployed to connect branch office networks, where security can often be perceived as less effective than at corporate headquarters. For example, postal service headquarters will have strong network security policies, but local post offices might not have as stringent procedures due to lack of IT personnel expertise. This kind of situation requires a remotely managed and operated security solution. The system should enforce the same kind of security rules in effect at headquarters to ensure there are no weak links in security and all locations are equally protected.In another example, a multi-national company that has remote offices all over the globe has a comprehensive security policy that dictates what must be done to protect its assets. Unfortunately, many remote offices do not always follow the company’s security policy, especially if it is not strictly enforced. The only way to make sure a company’s security policy is followed everywhere is to centralize the enforcement of the approach.

Any comprehensive security solution makes use of centralized management that allows all branch offices to use identical access and intrusion prevention rules employed by headquarters. Centralized management will collate all security logs in a local log server, presenting a dynamically-integrated view of all log information that sources each log server to provide a fast and accurate report. This helps companies adhere to regulatory requirements like Sarbanes-Oxley or the Payment Card Industry security policy from Visa and MasterCard.

Security is a continuously living and evolving process. It has the ability to adapt to different threats that present risks for business. This requires agile protection mechanisms that are able to enforce and manage ever-changing security needs. A combination of IPS sensors and firewalls offer a protection strategy for small and medium businesses while providing an easy and fast way to maintain the security of internal networks.

The following ways you can defy the threats associated with network intrusions.

1. Firewall. A firewall is the foundation of for any remote site security solution. It protects against unauthorized access to the local network and closes the back door to the corporate network. A firewall should also protect the distributed network from DoS attacks. The main firewall requirements for these smaller installations are enterprise-level protection, transparency to the user, and easy administration. Stateful packet inspection is the most trusted firewall technology for these sites over packet filter or proxy server firewalls.

2. VPN. A virtual private network is an essential part of any distributed enterprise�s security system for providing secure, encrypted paths over the Internet between sites. Internet Protocol Security (IPSec) is the robust, standards-based VPN solution that enables secure data communications across the Internet and interoperability between different vendor products. Public Key Infrastructure (PKI) and VeriSign digital certificates add even more security to VPN connections by allowing strong authentication of users wanting access to confidential company resources.

3. Anti-Virus. Anti-virus scanners are the front line of preventing virus attacks. Single-user desktop anti-virus software installed and maintained on each computer lacks centralized management to ensure uniform and consistent anti-virus protection across the network. Using desktop anti-virus software also means no network-wide enforcement of anti-virus updates. Policy enforced virus protection offers the best defense by combining desktop anti-virus with network management at the Internet gateway to ensure anti-virus software is always running at the remote site.

4. Content Filtering. Content filtering allows organizations to set and enforce Acceptable Use Policies (AUPs) governing what materials can and cannot be accessed on the organization�s computers. URL blocking, based upon a frequently updated filter list from a reputable organization is the preferred method of content filtering because it blocks objectionable content while preserving access to valuable Internet resources.

5. Global Management. Remote offices and workers must operate within the context of the enterprise network�s security requirements. Any security solution widely deployed in the distributed enterprise needs to include support for global management of security policies and services. Centralized configuration, monitoring and distribution of security policies and services allow network administrators to maintain security throughout the distributed enterprise.

Related posts

• Conducting a risk analysis in networking (0)
• Heartbeat method to detect networking failure (0)
• Sharebot stops P2P information leaks (0)
• Securing your p2p network (0)
• P2p programs are dangerous for your system (0)