Information Services Security, which includes Network Security, is increasingly being given great attention in the networks deployed in modern facilities. A network manager, in order to ensure the security of all the users and resources connected to the network has to take several measures. Apart from installing firewalls and anti-intrusion and intrusion detection software on all the nodes, particularly the server machines, there are many other steps that a network manager has to take.
Many businesses today employ either completely wireless networks or a combination of Ethernet and wireless LANs. In the cabled Ethernet LAN, the security of a given network can be compromised by a number of methods. An attacker can plug his/her computer into any of the network’s wall jacks and gain access to the network. To deal with this kind of security threat, a network manager has to implement the 802.1 X standard for port control. As this protocol requires a device to send authentication credentials before it’s able to transmit or receive data, 802.1X ensures the first level of security on the network.
The next level of security on an Ethernet LAN that a network manager has to take measures for is concerned with the MAC layer. The security of the management protocols employed at this layer can easily be breached by an attacker. Such attacks can lead to short delays or lost frames or even sniffing of a great deal of data by the attacker. The network manager, therefore, has to ensure that a MAC Security protocol, such as 802.1AE is implemented. If there is a WLAN, then the network administrator has to ensure that the 802.11i protocol is properly being followed as this protocol offers sufficient wireless network security.
Apart from all the technical measures like ensuring protocols and installing protection software, the network manager should have an Information Security Policy document and ensure that it is circulated to all users within the organization and is being followed by them. The importance of having such a policy in place can be perceived from the findings of the 2008 Global Information Security Workforce Study, conducted by Frost and Sullivan. They surveyed 7,548 information security pros worldwide. Fifty-one percent of the respondents said internal employees pose the biggest threat to their organizations….Along with the focus on internal threats, respondents in the survey view security awareness as critical for effective security management. Forty-eight percent said that users following information security policy were the top factor in their ability to protect an organization.” (Savage, 2008.)
In this modern world, mobility is becoming a necessity. Hence a major part of the workforce is going mobile, posing greater security threats to internal business information and network security. Network managers have to be more focused on data protection.
According to the same study quoted above, wireless security, cryptography, storage security, and biometrics are the top five technologies that organizations are planning to deploy.
Savage, Marcia. Security Pros Focused on Internal Threat, Training. 2008. Web.