Building a Security Policy

Having security tools in place is very important in today’s world, unless of course your business isn’t averse to winding up on prime time news to discuss being a part of the latest security breach. Since there aren’t many companies that can fit that description, it is that important to have policies and plans in effect to defend company infrastructure, as well as tools and software to make the defense possible. This means that IT management needs to be aware not only of the tools they possess, but also how to use them in the most effective ways to protect employees and clients alike.

Knowing the infrastructure that is in place for the company might sound obvious, but there are many companies that, over time, have built new infrastructure without taking older equipment offline or updating them. This results in not only additional power expenses, but also clear and present dangers to the network as more likely than not these appliances will be weak points in your defenses. To prevent that (and to reduce power costs), built a network map showcasing what connects what and what servers, routers, and other network appliances do what. If no one knows what it does, audit the machine. The machine could be completely abandoned or might have applications that can be virtualized, reducing power costs and consolidating hardware. It's also a good idea to implement colocation services for your hardware, so that mission-critical applications are powered and connected in facilities designed to stay up and running no matter what.

Now that you know what everything in your network is and what it does you can apply the appropriate security measures. This is best managed by utilizing the whitelisting features found in most firewalls. The reason why whitelists work better than blacklists is because new applications (and malware) are created every day, so managing a blacklist is much harder than managing a whitelist. Employees may express concerns that they can’t use certain applications, which will be a lot of work once the whitelist is launched, but this helps to curb shadow IT and many other potential sources of breaches so the headache is worth the effort.

Speaking of end users it is important to protect them at the desktop level with some type of anti-virus (AV) solution as well. Using an AV solution alone is asking for trouble since anti-virus won’t do much against attacks to break into the network, but used in combination with a firewall it will help to defend against that many more types of attacks. In combination with application control and intrusion prevention services (designed to stop attacks on said network) that most business grade firewalls have, you will have the basis for a secured network at both the end point and the network edge.

Of course, keeping that network secured requires maintenance. Running network penetration tests on a regular basis are good because they help you to find problems before the bad guys do, and updating applications goes without saying. This is a common weak point as it is difficult to stay on top of every server to make sure it is updated, but most attacks tend to come in from application exploits, such as Heartbleed and Shellshock did when they were found earlier this year. By being diligent about keeping applications updated, you are able to preemptively solve most of these problems without having to hear on the news about the newest big, bad exploit. Also be sure to make extra sure that you are protected against said big, bad exploit - it never hurts to be sure!