Meta: If you are looking for Some network security solutions, this article is for you.
Currently, most organizations, businesses and schools have connected the intranet to branches and partners and have inherited many benefits from it. But this advantage also contains many potential dangers such as viruses, hackers, etc.
Multi-level firewall system
A firewall is an access control system between the Internet and an intranet. Firewalls have 2 types: hardware and software. Each type has different advantages. Hardware has stable performance, regardless of the operating system, virus, malicious code, well prevents network-layer protocol in TCP / IP reference model. The software is very flexible in application-layer protocol configurations in the TCP / IP model.
For example, first-class firewalls (usually hardware) have eliminated most types of direct attacks on web server systems, mail servers such as distributed attacks (DDOS), which hackers use. The tool creates requests to access the server from many other computers on the network with high frequency in order to overload the server and lead to downtime.
But hackers do not stop there, they can bypass the first layer firewalls with valid packets to enter the LAN system. Therefore, deploying a software firewall system will support and increase security for the whole network. In case, one firewall system fails, the other is still controlled.
Intrusion prevention system IDS/IPS
Currently, the forms of attacks of hacker are more and more sophisticated. For example: In the unit, you can install tools (Ethereal, Cain & abel …) on your work computer or laptop to conduct eavesdropping or scan directly to the servers, from which it is possible to retrieve email accounts, Web, FTP, SQL server to change test scores, tuition fees, schedules, etc. these types of attacks, the firewall system cannot detect.
An effective solution to this situation is to build an IDS / IPS system (Intrusion Detection System / Intrusion prevention system). IDS / IPS is an extremely important security system, capable of detecting attacks based on pre-set signs or malicious, abnormal code on network traffic; It is also possible to remove them before they can harm the system.
Building an update and error correction system
In fact, the use of software products hardly updates the patches. That is the opportunity for hackers to use tools to exploit security holes. Updating the patch for all clients in the entire system via the Internet is time-consuming and bandwidth-intensive and inconsistent.
With this solution, you need to build an automatic update system from the Internet provider to the server and then from this server, deploy to all other servers throughout the network.
Microsoft’s WSUS (Windows Server Update Services) system not only updates the patches for the Windows operating system but also updates the patches for all its other products including Internet Explorer, SQL Server, Office, Mail, Web server, etc.
In order to improve the processing speed of the firewall, network administrators typically do not configure the advanced filtering feature of the firewall. Then the virus scanners are installed to detect and prevent malicious code, spyware, emails with virus files attached, etc. But in fact, to invest a large amount of virus programs for all computers across the office, the investment cost is quite high.
To reduce licensing costs, the solution is to implement a host – anti-virus model. Currently, there are many famous brands such as Norton, Kaspersky, Trend Micro, etc. that can be deployed in this model. Benefits of implementing the system are:
– Costs are much lower than installing on each client
– Updating the new versions of clients is easy, fast and highly efficient.
According to CERT (Computer Emergency Response Team) cybersecurity statistics, about 70% of the information loss related to human factors inside the systems and 30% are from outside organizations’ intranet through acts of unauthorized access to hacker systems.
According to the Information Security Management Standard ISO 17799 / BS-7799, which has the criteria of “Personnel Security” describing the responsibilities of employees, the roles of individuals. in information security, in order to minimize errors caused by human error, theft or abuse of public property.
Therefore, training users to protect resources for their computers and the whole organization is an extremely important task.
Educate users on how to prevent hacker tricks such as email fraud. For example, hackers often take advantage of users’ curiosity when joining the Internet to get information when asking users to enter.