A firewall is a system
designed to prevent unauthorized access from one point to another within a
network and can be implemented as hardware or software components. Firewalls
are considered gate-keepers and if setup and configured correctly can be vital
in stopping a lot of potential threats. A good example would be setting up Geo-blocks for next generation firewalls if a business does not conduct any
business transactions with foreign entities. Having the firewall in place
instantly blocks traffic from outside the United States.
 |
| Patch Tuesday: Courtesy of Windows10update.com |
Patches and Updates
If you are in IT, you should
know about the infamous ‘Patch Tuesday’. This is when (second Tuesday of the month) Microsoft releases patches. As much as
this is a known date, most organizations still don’t push out the patches and
updates as they are released to the public. Patching and ensuring that systems
are up to date is crucial in covering known vulnerabilities and having security
updates current. Patching however is not always smooth sailing. Microsoft’s
regular “Patch Tuesdays” have led to “Recall Thursdays,” with various patches
breaking Office, affecting the functionality of Windows and even resulting in
complete system crashes and the dreaded Blue Screen of Death (Shinder, 2015).
To ensure that patches and
updates don’t break systems, we need to establish change control polices which
should include testing the patches in non-production environments before deploying.
Despite the issues that can come about from system patches and updates, the
pros far outnumber the cons and systems should always be kept current. In cases
where the systems cannot be updated due to some business reason, isolating
those systems is advisable to prevent exposing the business to risks.
Protection
against threats
Simply propping up a firewall
and ensuring systems are patched and up to date is not the end of securing
networks. Security needs to be approached from a multi-tiered layer. Some
attacks tend to focus on the weakest link in the system; humans. A well-known avenue
of this exploit is via email scams such the Nigerian (419) scams which many
people fall for and lose fortunes chasing more fortunes. Phishing emails are
used to compromise personal information from unsuspecting users. Counterfeit
software gets installed on our systems and tracks our every move.
The Web is full of booby traps
everywhere we turn or click. Malware, adware, Trojans, viruses, the list is
endless. Seems like the only way to stay safe is to operate in a vacuum but for
the many businesses and individuals who don’t have this luxury, steps need to
be taken to at least stay safe while connected to the world wide web.
Anti-malware, anti-viruses and verifying software and hidden add-ons before
installing is one way of protecting ourselves from these threats.
References:
Whitman, M., & Mattord, H. (2014). Introduction to the
Management of Information Security. In Management Of Information Security
(Fourth ed.). Cengage Learning.
Finley, K. (2014, June 6). Online
Security Is a Total Pain, But That May Soon Change. Retrieved December 6, 2015,
from http://www.wired.com/2014/06/usable-security/
Shinder, D. (2015, January 14).
Patch or Not? Weighing the Risks of Immediate Updating. Retrieved December 6,
2015, from
http://www.windowsecurity.com/articles-tutorials/misc_network_security/patch-or-not-weighing-risks-immediate-updating.html
No comments:
Post a Comment