The very first step in preventing network security incidents is to identify the threats and put controls in place to prevent them from happening. Some of the important factors you should consider are:
- At a very basic level, scan your network for potential entry points. Remove or disable any unneeded devices.
- Check for any newly added network devices and verify configuration.
- Check your router/firewall configurations, most importantly the routing information. Check to see if any modifications have been made since your last good configuration.
- Make sure your firewall/router is blocking ICMP pings originating externally. It's a known fact that most of the attacks tunnel through in the protocol's echo reply. Also, block outgoing ICMP pings, lest your network be an accessory in a distributed denial-of-service attack.
- Logs are your best friends. Turn on logging on potential network points. They provide a good amount of information in detecting problems.
- Use tools like port scanners and network monitors to monitor network traffic and ports. Make sure only required ports are open and listening to trusted addresses.
- Search for activities that are hallmarks of attacks. For example: a malicious script can scan the network logs on machine and then block any randomly chosen network addresses.
- Intrusion detection system: Make sure it conforms to expected parameters and aren't hiding distributed denial-of-service attacks.
- Watch for evidence of port scanning in your logs.
- Web servers are one of the areas of concern. Studies have shown that many a times it's the web server that acts as door for hacker's entry inside the network. I would advise you to visit the W3C site for updated information on securing a web server.
- The rising numbers of virtual private networks, extra-nets and intranets have created more access points for hackers. The concept of a single point of entry into your network is long gone. An exposed vulnerability in any of these can wreck havoc.
- Make sure that the application code is reviewed before its put on the website. Eliminate any vulnerability that hacker can exploit.
- I would also advise you to get network penetration and auditing done by some professional security group.
Hope the above helps you in finding some answers to your problem. If you can send me some more information on your current network setup, I might be able to help you better.
Dig Deeper on Network Security Monitoring and Analysis
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading