Before starting i would like to share one of my personal experience with one of my client.
I got a call in late evening and my client was almost lasted all his hope. According to him, one of his competitor actually managed to access his network and successfully stolen all of his confidential data stored on that server. Not only this he also deleted all the files from the network so that my client should rework on everything. This was bad on his part, but that late evening made him realize that why so much of security awareness is happening these days.
However, after doing so much of hard work and forensics we found the traces to reach the intruder and finally we were up with our side of job, one of the company employee was involved in that activity. But during this course of event this client really had a hard time and faced huge losses. But there is always a say “Every next day is a new morning“.
What i want to explain is the fact that just hardening the operating system or securing the network infrastructure doesn’t makes you complete secure. Also, it is just not about the bug-free code, a good network security rests on the ability and ethics of people who run your networks and on the people who are having access to it.
But unwillingly we know that all humans can’t be priests, and everyone out there ain’t having same beliefs as we do. However, we just don’t need to insist everyone to take our role of job. What we need is a trust worthy team to develop solutions that can help us overriding the captioned matter.
Corporate security is one of the major concerns these days.
There are multiple systems like application servers, web servers and database servers with holy lot firewalls, routers and intrusion detection systems to configure and maintain. So many people access these networks, starting from telecommuters, remote systems to corporate business partners.
As these data’s are very confidential and are very important for the business sustainability any breach could incur millions and billions of dollar loss for the company. The data’s are multiplying constantly and are widespread all across different systems which makes it very hard to manage and secure properly. Data’s are scattered within different paradigm ragging through personal computers, servers, mobile systems, mobiles, PDAs, flash drives and storage devices.
In such kind of situation taking network security lightly would result to a great mess. There are lot many illegal stuffs available like, password cracking tools, virus programs, sniffing tools and others. Which help unethical people to do illegal activities to gain personal benefits or maybe to ruin the corporate identity. In such scenario appropriate measures are really a great topic of concern.
Some start moves to begin you play
- Keep watching communication ports. Maybe through logs.
- Change default passwords and other account settings on regular basis.
- Remove unnecessary services and tasks.
- Use administrators acount just for administration tasks only.
- Always take backups of your data. You may can automatize it through “RAID“
- Remove unwanted connection settings and authentication informations from system
- Check log files on regular basis
These steps will not help you to completely secure your system, but can give you a start. Although i will be getting you all step-by-step instructions lesson wise every week from now on How to secure a network