CST CST 02076219740 Information & System Security
 
Security Management
Network Security
Managed Security Services
Remote & Mobile
Network Administration
METHODOLOGY

CST
Education & Training
Consultancy Services
Penetration Testing
Testimonials
CST Corporate Brochure
ABOUT CST

Security Solutions
Network Security
Managed Security Services
Remote & Mobile
Network Administration
SOLUTIONS

Alerts & Bulletins
FREE Security Bulletin
CST Security Newsletter
SECURITY ALERTS
Network Security Foundations & Essentials

Securing the network is normally the first step in an organisations security strategy.

This first stage however has many steps and the best intentions can result in a security posture that lacks robustness. Network Security is more than just security solutions, pragmatic policies and processes are equally as important. This coupled with ever changing business needs and resource pressures compromise the risk values. In our experience most organisation have a desire to have a strong security posture but lack the resources and expertise to have a dedicated IT security dept or function, it's here at CST that we can fill such a gap.

   

Virus & Malicious Code
At a simple level desktop and servers should have the ability detect and thwart infections. At an advanced level additional but different scanners should be used for email/ web traffic at the network level and for a fully protected environment the use of gateway/internet level scanning. Consideration should also be given to:

  • Remote and Mobile users who can un-admittedly infect internal users bypassing gateway and network defences.
  • New threats like adware/spyware (non viral malicious code) that may not be detected by AV products.
  • Preventing worm proliferation and zero day (first strike) attacks by denying the threat of its opportunity to spawn/infect others.

Perimeter Access Control
This normally takes the form of a “Firewall” and in general is the first step towards securing unauthorised external access to the internal network. Consideration should be given to:

  • Authorised protocols used for malicious purposes such as the new breed of viral
    worms and hacking attacks that in general pass through a firewall

User/Staff Awareness AND Senior Management Guidelines
Technology will bring a certain defence to the network, but a greater defence is staff understanding the threats and how they can reduce the level of risk. Below is an idea of the guidance should include:

  • Information and data that should be never removed or transferred to external party’s.
  • The ability to retrieve information from failed systems and continue working – backups for instance.
  • The use of non company equipment and the risks it may have: Virus infection from CD, USB keys, emails attachments that are executables.
  • Standard password practise of not sharing, disclosing passwords and, regularly changing them to avoid guessing and unauthorised usage.
 
Information & System Security