Monday, 2 April 2007

Network Control

Here is a good rule to remember if it’s made it to the server it’s got too far.

let’s look at what that means, the easy its way is to imagine your dangerous data packet if you come from the internet we want to know you’re not going to get to the server where you might do some harm, so the first and last point you should reach is the firewall, but what if you make it past that? Is there anything else to stop you? 9 times out of 10 the answers is no but lets imagine you don’t come from the internet for a second lets imagine you come from that local LAN… has this just filled you with a feeling of doom and dread? Well if it has you’re not alone this is often over looked.

Here is a quick check list for you.

1. How many protocols are you running? IPX, Apple Talk, NetBIOS, TCP/IP first see if you and reduce the number to one where possible as it will make your life easier, most hardware uses TCP/IP so this isn’t a question that comes up much these days.

2. What are the ports you really need open for your services to run try to make a list and then what servers and service they relate to, ICMP, SMTP, TFTP, FTP, POP, HTTP, HTTPS, SMB, RPC, RDP, TELNET, SNMP these are the most widespread.

3. Are you running two or more network adapters, can you allow one type of permitted traffic on the LAN and another type for the Internet

4. Can you move the servers to a safe zone like a DMZ (De-military Zones) so even LAN traffic is checked by the firewall? This might sound a bit extreme never the less it’s a good way to protect them from all kinds of DOS (Denial of service) attacks

Now you’re thinking this as all very extreme and only for the big boys in the blue chip companies and PLC’s well believe it or not I’m talking about a small 20 user company with ADSL and windows 2003 one maybe two servers, Shock horror I’m talking about your size business!!!!!!!!! Well if your reading this then yes I most likely am talking about your business and if you’re from a big blue chip or PLC’s don’t be shy if you need help just drop me a line I never tell anyone who I’ve worked for.

No comments: