Too often when we are worried about the security of our network both at home and at work we tend to look at it from the perspective of a victim. We are worried about what the bad guys are thinking about and how are they going to attack us. When you have a wait and see mentality like that you are setting yourself up to be a victim sooner or later. If you really want to be able to stop the bad guys you must think of it as a battle that you must win. Your network is the battlefield and you are the general that must command the troops.
When you are the general you must remember that the key to victory is proper planning. You do not just want to put the basic security inside of your network and then wait to see what the bad guys are going to do. No, you want to take a look at your network, find the weaknesses beforehand and strategize how you can fix the problem. In the following article we will take a look at how you can take the steps that are necessary to play the role of the general when it comes to guarding your network.
Step One: Assess the area
So the first thing that you want to do to make sure that your network is secured is making a proper assessment of it. This means that you must know both the tools that are being used and the weaknesses of those tools. When a general takes a look at his troops he makes sure that he knows what guns they are using and how far they can shoot. This is what you must know about your systems as well. If the computer nodes on your network are running Windows then you must make sure that you know what versions of Windows they are. There are different strengths and weaknesses in each one and knowing that beforehand will help you out a lot. You also are going to want to know what software the servers are running as well. Are they running Linux with the Apache server stack or are the again running Windows with the IIS stack?
Not only is it enough to know what operating system is running on the systems, you also need to know the other software that is installed as well. A lot of today’s vulnerabilities come not through the operating system but through third party software that is installed on the machine. If you need to limit the software that is installed on the machine then you must do that. It might make some of the users of the computers upset but again a strong general does what is right and not what makes him or her popular.
Step Two: Test the defenses
Now that you know what you are dealing with you must take the next steps that any good general would take. You must test your defenses. You need to know if the tools that you have are going to hold up against a skilled cyber attack. To do this you bring in experts that will help you. There are professional white hat hackers that you can hire who will come in and try to break into your systems. If they are successful they will make a report and show you where the weaknesses are. You can then take that report and start to fix the problems.
Step Three: Prepare the troops
Now that you know where the weaknesses are at and where you can fix them, you can now start to prepare the people that you have working for you. A big hole when it comes to network safety is the people that work for you. A lot of the cyber hacks that you see come from the result of social engineering and not from technical proficiency. It is much easier to trick a person than to attack and compromise a machine. So to prevent that from happening it is best to have the people who work for you prepared. Tell them what information can and cannot be revealed when they are talking to someone outside of the company. Teach them which web sites they should avoid when they are on the computer at work. Make sure that they know the proper type of password to use on the machines at work. Going the extra miles and doing all of this will assure you that your people are ready for most of the attacks that they will see.
Step Four: Prepare for battle
Now that you, your network, and the people that work for you are ready you can wait patiently for someone to try and test your boundaries. This time you are not a victim. You are now someone who is prepared for war. If they try to attack they will most likely be surprised that it is hard for them to find a weakness. Most black hat hackers like to look for low hanging fruit when they are trying to find a victim. Now that you are prepared that is not you any longer.