Home | Business | Residential | News | About | Contact

News

Current

Archive

Welcome

Telarus News

Products

Feature

Case Study

Team Profile

Comment
Special Feature

What do you need to be secure?

Ensuring that your infrastructure is totally secure can be an arduous and challenging task. In fact, 70 percent of Australian organisations surveyed in October by researcher IDC said they were not confident of their company’s IT security stance.

Ultimately, you need to have an understanding of what you are trying to achieve when securing your network, applying appropriate policies and, in turn, technologies in order to reach your objectives regarding security.

One of the most critical elements is having basic “perimeter security” or a decent firewall that is filtering access to and from the user’s network and inspecting traffic, ensuring that it is not malicious in nature.

Once a decent firewall is in place, a good way to enhance your security is to employ what’s known as a “demilitarised zone” (DMZ). This is a perimeter network that exists between your internal network and the Internet, where you place publicly accessible servers such as your mail gateway and (if applicable) your proxy server.

By way of an example, let’s consider a mail gateway that is placed in a DMZ:

You would set up your firewall such that servers on the Internet can deliver (push) email to your mail gateway but cannot access any other ports/services. Once the mail is there, you allow your internal mail server (e.g. Microsoft Exchange) to pick up (pull) these messages from the mail gateway in the DMZ. As such, there is never any direct connectivity between a mail server on the Internet and your internal network.

You also need to have a sound email security policy in place. In the early days it was SPAM, viruses and worms clogging inboxes on your network. These days, more sophisticated malicious code or malware intended to make money for criminals are threatening corporate networks.

Ultimately, it’s not getting any easier to protect your mail server, particularly with remote users in your fleet accessing the mail server from outside your office. Putting in place the appropriate measures can be costly, in terms of both time and money.

Desktop security is also a big issue. Not all viral threats enter through the perimeter of your network. PC and laptop users can inadvertently introduce viral threats to your network through the use of flash memory and removable storage devices. Additionally, whilst remote access users may have a secure VPN client are they protected by a firewall? Having the right security in place at the desktop level is crucial.

And of course, there are always new threats on the horizon. Two fairly recent technologies offer significant benefits to businesses whilst simultaneously opening up a whole new set of threats – namely wireless networks and VoIP (Voice over IP).

If you are setting up a wireless network, there are a number of critical factors that you should be considering (e.g. encryption and strong authentication). For more information, please see the feature in the November edition of “Switched On”, which offered five steps to wireless security.

As businesses set up VoIP capabilities they often find that their existing firewall causes problems with the operation or quality of VoIP calls. Don’t simply turn off your firewall or place your VoIP equipment in front of it – buy an appropriate firewall (e.g. the Fortigate firewalls that Telarus recommends). See the article below (Securing VoIP) for more information.

Still uncertain about how to secure your infrastructure? You might want to talk to us about our managed security services, guaranteed to take the pain out of securing your network. If this is of interest, please talk to your Telarus Solutions Engineer or Account Executive.

 



  © Telarus Pty Ltd 2006